Coverage Report

Coverage Report - org.owasp.dependencycheck.dependency.Vulnerability

Classes in this File

Line Coverage

Branch Coverage

Complexity

Vulnerability

56%

50/89

22%

5/22

1.324

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.dependency;
 
 import java.io.Serializable;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
 
 /**
  * Contains the information about a vulnerability.
  *
  * @author Jeremy Long
  */
 public class Vulnerability implements Serializable, Comparable<Vulnerability> {
 
     /**
      * The serial version uid.
      */
     private static final long serialVersionUID = 307319490326651052L;
 
     /**
      * The name of the vulnerability.
      */
     private String name;
 
     /**
      * Get the value of name.
      *
      * @return the value of name
      */
     public String getName() {
         return name;
     }
 
     /**
      * Set the value of name.
      *
      * @param name new value of name
      */
     public void setName(String name) {
         this.name = name;
     }
     /**
      * the description of the vulnerability.
      */
     private String description;
 
     /**
      * Get the value of description.
      *
      * @return the value of description
      */
     public String getDescription() {
         return description;
     }
 
     /**
      * Set the value of description.
      *
      * @param description new value of description
      */
     public void setDescription(String description) {
         this.description = description;
     }
     /**
      * References for this vulnerability.
      */
     private SortedSet<Reference> references = new TreeSet<Reference>();
 
     /**
      * Get the value of references.
      *
      * @return the value of references
      */
     public Set<Reference> getReferences() {
         return references;
     }
 
     /**
      * Set the value of references.
      *
      * @param references new value of references
      */
     public void setReferences(SortedSet<Reference> references) {
         this.references = references;
     }
 
     /**
      * Adds a reference to the references collection.
      *
      * @param ref a reference for the vulnerability
      */
     public void addReference(Reference ref) {
         this.references.add(ref);
     }
 
     /**
      * Adds a reference.
      *
      * @param referenceSource the source of the reference
      * @param referenceName the referenceName of the reference
      * @param referenceUrl the url of the reference
      */
     public void addReference(String referenceSource, String referenceName, String referenceUrl) {
         final Reference ref = new Reference();
         ref.setSource(referenceSource);
         ref.setName(referenceName);
         ref.setUrl(referenceUrl);
         this.references.add(ref);
     }
     /**
      * A set of vulnerable software.
      */
     private SortedSet<VulnerableSoftware> vulnerableSoftware = new TreeSet<VulnerableSoftware>();
 
     /**
      * Get the value of vulnerableSoftware.
      *
      * @return the value of vulnerableSoftware
      */
     public Set<VulnerableSoftware> getVulnerableSoftware() {
         return vulnerableSoftware;
     }
 
     /**
      * Set the value of vulnerableSoftware.
      *
      * @param vulnerableSoftware new value of vulnerableSoftware
      */
     public void setVulnerableSoftware(SortedSet<VulnerableSoftware> vulnerableSoftware) {
         this.vulnerableSoftware = vulnerableSoftware;
     }
 
     /**
      * Adds an entry for vulnerable software.
      *
      * @param cpe string representation of a CPE entry
      * @return if the add succeeded
      */
     public boolean addVulnerableSoftware(String cpe) {
         return addVulnerableSoftware(cpe, null);
     }
 
     /**
      * Adds an entry for vulnerable software.
      *
      * @param cpe string representation of a cpe
      * @param previousVersion the previous version (previousVersion - cpe would be considered vulnerable)
      * @return if the add succeeded
      */
     public boolean addVulnerableSoftware(String cpe, String previousVersion) {
         final VulnerableSoftware vs = new VulnerableSoftware();
         vs.setCpe(cpe);
         if (previousVersion != null) {
             vs.setPreviousVersion(previousVersion);
         }
         return updateVulnerableSoftware(vs);
     }
 
     /**
      * Adds or updates a vulnerable software entry.
      *
      * @param vulnSoftware the vulnerable software
      * @return if the update succeeded
      */
     public boolean updateVulnerableSoftware(VulnerableSoftware vulnSoftware) {
         if (vulnerableSoftware.contains(vulnSoftware)) {
             vulnerableSoftware.remove(vulnSoftware);
         }
         return vulnerableSoftware.add(vulnSoftware);
     }
     /**
      * The CWE for the vulnerability.
      */
     private String cwe;
 
     /**
      * Get the value of cwe.
      *
      * @return the value of cwe
      */
     public String getCwe() {
         return cwe;
     }
 
     /**
      * Set the value of cwe.
      *
      * @param cwe new value of cwe
      */
     public void setCwe(String cwe) {
         this.cwe = cwe;
     }
     /**
      * CVSS Score.
      */
     private float cvssScore;
 
     /**
      * Get the value of cvssScore.
      *
      * @return the value of cvssScore
      */
     public float getCvssScore() {
         return cvssScore;
     }
 
     /**
      * Set the value of cvssScore.
      *
      * @param cvssScore new value of cvssScore
      */
     public void setCvssScore(float cvssScore) {
         this.cvssScore = cvssScore;
     }
     /**
      * CVSS Access Vector.
      */
     private String cvssAccessVector;
 
     /**
      * Get the value of cvssAccessVector.
      *
      * @return the value of cvssAccessVector
      */
     public String getCvssAccessVector() {
         return cvssAccessVector;
     }
 
     /**
      * Set the value of cvssAccessVector.
      *
      * @param cvssAccessVector new value of cvssAccessVector
      */
     public void setCvssAccessVector(String cvssAccessVector) {
         this.cvssAccessVector = cvssAccessVector;
     }
     /**
      * CVSS Access Complexity.
      */
     private String cvssAccessComplexity;
 
     /**
      * Get the value of cvssAccessComplexity.
      *
      * @return the value of cvssAccessComplexity
      */
     public String getCvssAccessComplexity() {
         return cvssAccessComplexity;
     }
 
     /**
      * Set the value of cvssAccessComplexity.
      *
      * @param cvssAccessComplexity new value of cvssAccessComplexity
      */
     public void setCvssAccessComplexity(String cvssAccessComplexity) {
         this.cvssAccessComplexity = cvssAccessComplexity;
     }
     /**
      * CVSS Authentication.
      */
     private String cvssAuthentication;
 
     /**
      * Get the value of cvssAuthentication.
      *
      * @return the value of cvssAuthentication
      */
     public String getCvssAuthentication() {
         return cvssAuthentication;
     }
 
     /**
      * Set the value of cvssAuthentication.
      *
      * @param cvssAuthentication new value of cvssAuthentication
      */
     public void setCvssAuthentication(String cvssAuthentication) {
         this.cvssAuthentication = cvssAuthentication;
     }
     /**
      * CVSS Confidentiality Impact.
      */
     private String cvssConfidentialityImpact;
 
     /**
      * Get the value of cvssConfidentialityImpact.
      *
      * @return the value of cvssConfidentialityImpact
      */
     public String getCvssConfidentialityImpact() {
         return cvssConfidentialityImpact;
     }
 
     /**
      * Set the value of cvssConfidentialityImpact.
      *
      * @param cvssConfidentialityImpact new value of cvssConfidentialityImpact
      */
     public void setCvssConfidentialityImpact(String cvssConfidentialityImpact) {
         this.cvssConfidentialityImpact = cvssConfidentialityImpact;
     }
     /**
      * CVSS Integrity Impact.
      */
     private String cvssIntegrityImpact;
 
     /**
      * Get the value of cvssIntegrityImpact.
      *
      * @return the value of cvssIntegrityImpact
      */
     public String getCvssIntegrityImpact() {
         return cvssIntegrityImpact;
     }
 
     /**
      * Set the value of cvssIntegrityImpact.
      *
      * @param cvssIntegrityImpact new value of cvssIntegrityImpact
      */
     public void setCvssIntegrityImpact(String cvssIntegrityImpact) {
         this.cvssIntegrityImpact = cvssIntegrityImpact;
     }
     /**
      * CVSS Availability Impact.
      */
     private String cvssAvailabilityImpact;
 
     /**
      * Get the value of cvssAvailabilityImpact.
      *
      * @return the value of cvssAvailabilityImpact
      */
     public String getCvssAvailabilityImpact() {
         return cvssAvailabilityImpact;
     }
 
     /**
      * Set the value of cvssAvailabilityImpact.
      *
      * @param cvssAvailabilityImpact new value of cvssAvailabilityImpact
      */
     public void setCvssAvailabilityImpact(String cvssAvailabilityImpact) {
         this.cvssAvailabilityImpact = cvssAvailabilityImpact;
     }
 
     @Override
     public boolean equals(Object obj) {
         if (obj == null) {
             return false;
         }
         if (getClass() != obj.getClass()) {
             return false;
         }
         final Vulnerability other = (Vulnerability) obj;
         if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) {
             return false;
         }
         return true;
     }
 
     @Override
     public int hashCode() {
         int hash = 5;
         hash = 41 * hash + (this.name != null ? this.name.hashCode() : 0);
         return hash;
     }
 
     @Override
     public String toString() {
         final StringBuilder sb = new StringBuilder("Vulnerability ");
         sb.append(this.name);
         sb.append("\nReferences:\n");
         for (Reference reference : this.references) {
           sb.append("=> ");
           sb.append(reference);
           sb.append("\n");
         }
         sb.append("\nSoftware:\n");
         for (VulnerableSoftware software : this.vulnerableSoftware) {
           sb.append("=> ");
           sb.append(software);
           sb.append("\n");
         }
         return sb.toString();
     }
     /**
      * Compares two vulnerabilities.
      *
      * @param v a vulnerability to be compared
      * @return a negative integer, zero, or a positive integer as this object is less than, equal to, or greater than
      * the specified vulnerability
      */
     @Override
     public int compareTo(Vulnerability v) {
         return v.getName().compareTo(this.getName());
     }
 
     /**
      * The CPE id that caused this vulnerability to be flagged.
      */
     private String matchedCPE;
     /**
      * Whether or not all previous versions were affected.
      */
     private String matchedAllPreviousCPE;
 
     /**
      * Sets the CPE that caused this vulnerability to be flagged.
      *
      * @param cpeId a CPE identifier
      * @param previous a flag indicating whether or not all previous versions were affected (any non-null value is
      * considered true)
      */
     public void setMatchedCPE(String cpeId, String previous) {
         matchedCPE = cpeId;
         matchedAllPreviousCPE = previous;
     }
 
     /**
      * Get the value of matchedCPE.
      *
      * @return the value of matchedCPE
      */
     public String getMatchedCPE() {
         return matchedCPE;
     }
 
     /**
      * Get the value of matchedAllPreviousCPE.
      *
      * @return the value of matchedAllPreviousCPE
      */
     public String getMatchedAllPreviousCPE() {
         return matchedAllPreviousCPE;
     }
 
     /**
      * Determines whether or not matchedAllPreviousCPE has been set.
      *
      * @return true if matchedAllPreviousCPE is not null; otherwise false
      */
     public boolean hasMatchedAllPreviousCPE() {
         return matchedAllPreviousCPE != null;
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.dependency;
19
20		import java.io.Serializable;
21		import java.util.Set;
22		import java.util.SortedSet;
23		import java.util.TreeSet;
24
25		/**
26		* Contains the information about a vulnerability.
27		*
28		* @author Jeremy Long
29		*/
30	40	public class Vulnerability implements Serializable, Comparable<Vulnerability> {
31
32		/**
33		* The serial version uid.
34		*/
35		private static final long serialVersionUID = 307319490326651052L;
36
37		/**
38		* The name of the vulnerability.
39		*/
40		private String name;
41
42		/**
43		* Get the value of name.
44		*
45		* @return the value of name
46		*/
47		public String getName() {
48	73	return name;
49		}
50
51		/**
52		* Set the value of name.
53		*
54		* @param name new value of name
55		*/
56		public void setName(String name) {
57	37	this.name = name;
58	37	}
59		/**
60		* the description of the vulnerability.
61		*/
62		private String description;
63
64		/**
65		* Get the value of description.
66		*
67		* @return the value of description
68		*/
69		public String getDescription() {
70	0	return description;
71		}
72
73		/**
74		* Set the value of description.
75		*
76		* @param description new value of description
77		*/
78		public void setDescription(String description) {
79	36	this.description = description;
80	36	}
81		/**
82		* References for this vulnerability.
83		*/
84	40	private SortedSet<Reference> references = new TreeSet<Reference>();
85
86		/**
87		* Get the value of references.
88		*
89		* @return the value of references
90		*/
91		public Set<Reference> getReferences() {
92	0	return references;
93		}
94
95		/**
96		* Set the value of references.
97		*
98		* @param references new value of references
99		*/
100		public void setReferences(SortedSet<Reference> references) {
101	0	this.references = references;
102	0	}
103
104		/**
105		* Adds a reference to the references collection.
106		*
107		* @param ref a reference for the vulnerability
108		*/
109		public void addReference(Reference ref) {
110	95	this.references.add(ref);
111	95	}
112
113		/**
114		* Adds a reference.
115		*
116		* @param referenceSource the source of the reference
117		* @param referenceName the referenceName of the reference
118		* @param referenceUrl the url of the reference
119		*/
120		public void addReference(String referenceSource, String referenceName, String referenceUrl) {
121	68	final Reference ref = new Reference();
122	68	ref.setSource(referenceSource);
123	68	ref.setName(referenceName);
124	68	ref.setUrl(referenceUrl);
125	68	this.references.add(ref);
126	68	}
127		/**
128		* A set of vulnerable software.
129		*/
130	40	private SortedSet<VulnerableSoftware> vulnerableSoftware = new TreeSet<VulnerableSoftware>();
131
132		/**
133		* Get the value of vulnerableSoftware.
134		*
135		* @return the value of vulnerableSoftware
136		*/
137		public Set<VulnerableSoftware> getVulnerableSoftware() {
138	3	return vulnerableSoftware;
139		}
140
141		/**
142		* Set the value of vulnerableSoftware.
143		*
144		* @param vulnerableSoftware new value of vulnerableSoftware
145		*/
146		public void setVulnerableSoftware(SortedSet<VulnerableSoftware> vulnerableSoftware) {
147	0	this.vulnerableSoftware = vulnerableSoftware;
148	0	}
149
150		/**
151		* Adds an entry for vulnerable software.
152		*
153		* @param cpe string representation of a CPE entry
154		* @return if the add succeeded
155		*/
156		public boolean addVulnerableSoftware(String cpe) {
157	876	return addVulnerableSoftware(cpe, null);
158		}
159
160		/**
161		* Adds an entry for vulnerable software.
162		*
163		* @param cpe string representation of a cpe
164		* @param previousVersion the previous version (previousVersion - cpe would be considered vulnerable)
165		* @return if the add succeeded
166		*/
167		public boolean addVulnerableSoftware(String cpe, String previousVersion) {
168	947	final VulnerableSoftware vs = new VulnerableSoftware();
169	947	vs.setCpe(cpe);
170	947	if (previousVersion != null) {
171	9	vs.setPreviousVersion(previousVersion);
172		}
173	947	return updateVulnerableSoftware(vs);
174		}
175
176		/**
177		* Adds or updates a vulnerable software entry.
178		*
179		* @param vulnSoftware the vulnerable software
180		* @return if the update succeeded
181		*/
182		public boolean updateVulnerableSoftware(VulnerableSoftware vulnSoftware) {
183	948	if (vulnerableSoftware.contains(vulnSoftware)) {
184	3	vulnerableSoftware.remove(vulnSoftware);
185		}
186	948	return vulnerableSoftware.add(vulnSoftware);
187		}
188		/**
189		* The CWE for the vulnerability.
190		*/
191		private String cwe;
192
193		/**
194		* Get the value of cwe.
195		*
196		* @return the value of cwe
197		*/
198		public String getCwe() {
199	2	return cwe;
200		}
201
202		/**
203		* Set the value of cwe.
204		*
205		* @param cwe new value of cwe
206		*/
207		public void setCwe(String cwe) {
208	29	this.cwe = cwe;
209	29	}
210		/**
211		* CVSS Score.
212		*/
213		private float cvssScore;
214
215		/**
216		* Get the value of cvssScore.
217		*
218		* @return the value of cvssScore
219		*/
220		public float getCvssScore() {
221	3	return cvssScore;
222		}
223
224		/**
225		* Set the value of cvssScore.
226		*
227		* @param cvssScore new value of cvssScore
228		*/
229		public void setCvssScore(float cvssScore) {
230	36	this.cvssScore = cvssScore;
231	36	}
232		/**
233		* CVSS Access Vector.
234		*/
235		private String cvssAccessVector;
236
237		/**
238		* Get the value of cvssAccessVector.
239		*
240		* @return the value of cvssAccessVector
241		*/
242		public String getCvssAccessVector() {
243	0	return cvssAccessVector;
244		}
245
246		/**
247		* Set the value of cvssAccessVector.
248		*
249		* @param cvssAccessVector new value of cvssAccessVector
250		*/
251		public void setCvssAccessVector(String cvssAccessVector) {
252	35	this.cvssAccessVector = cvssAccessVector;
253	35	}
254		/**
255		* CVSS Access Complexity.
256		*/
257		private String cvssAccessComplexity;
258
259		/**
260		* Get the value of cvssAccessComplexity.
261		*
262		* @return the value of cvssAccessComplexity
263		*/
264		public String getCvssAccessComplexity() {
265	0	return cvssAccessComplexity;
266		}
267
268		/**
269		* Set the value of cvssAccessComplexity.
270		*
271		* @param cvssAccessComplexity new value of cvssAccessComplexity
272		*/
273		public void setCvssAccessComplexity(String cvssAccessComplexity) {
274	35	this.cvssAccessComplexity = cvssAccessComplexity;
275	35	}
276		/**
277		* CVSS Authentication.
278		*/
279		private String cvssAuthentication;
280
281		/**
282		* Get the value of cvssAuthentication.
283		*
284		* @return the value of cvssAuthentication
285		*/
286		public String getCvssAuthentication() {
287	0	return cvssAuthentication;
288		}
289
290		/**
291		* Set the value of cvssAuthentication.
292		*
293		* @param cvssAuthentication new value of cvssAuthentication
294		*/
295		public void setCvssAuthentication(String cvssAuthentication) {
296	35	this.cvssAuthentication = cvssAuthentication;
297	35	}
298		/**
299		* CVSS Confidentiality Impact.
300		*/
301		private String cvssConfidentialityImpact;
302
303		/**
304		* Get the value of cvssConfidentialityImpact.
305		*
306		* @return the value of cvssConfidentialityImpact
307		*/
308		public String getCvssConfidentialityImpact() {
309	0	return cvssConfidentialityImpact;
310		}
311
312		/**
313		* Set the value of cvssConfidentialityImpact.
314		*
315		* @param cvssConfidentialityImpact new value of cvssConfidentialityImpact
316		*/
317		public void setCvssConfidentialityImpact(String cvssConfidentialityImpact) {
318	35	this.cvssConfidentialityImpact = cvssConfidentialityImpact;
319	35	}
320		/**
321		* CVSS Integrity Impact.
322		*/
323		private String cvssIntegrityImpact;
324
325		/**
326		* Get the value of cvssIntegrityImpact.
327		*
328		* @return the value of cvssIntegrityImpact
329		*/
330		public String getCvssIntegrityImpact() {
331	0	return cvssIntegrityImpact;
332		}
333
334		/**
335		* Set the value of cvssIntegrityImpact.
336		*
337		* @param cvssIntegrityImpact new value of cvssIntegrityImpact
338		*/
339		public void setCvssIntegrityImpact(String cvssIntegrityImpact) {
340	35	this.cvssIntegrityImpact = cvssIntegrityImpact;
341	35	}
342		/**
343		* CVSS Availability Impact.
344		*/
345		private String cvssAvailabilityImpact;
346
347		/**
348		* Get the value of cvssAvailabilityImpact.
349		*
350		* @return the value of cvssAvailabilityImpact
351		*/
352		public String getCvssAvailabilityImpact() {
353	0	return cvssAvailabilityImpact;
354		}
355
356		/**
357		* Set the value of cvssAvailabilityImpact.
358		*
359		* @param cvssAvailabilityImpact new value of cvssAvailabilityImpact
360		*/
361		public void setCvssAvailabilityImpact(String cvssAvailabilityImpact) {
362	35	this.cvssAvailabilityImpact = cvssAvailabilityImpact;
363	35	}
364
365		@Override
366		public boolean equals(Object obj) {
367	0	if (obj == null) {
368	0	return false;
369		}
370	0	if (getClass() != obj.getClass()) {
371	0	return false;
372		}
373	0	final Vulnerability other = (Vulnerability) obj;
374	0	if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) {
375	0	return false;
376		}
377	0	return true;
378		}
379
380		@Override
381		public int hashCode() {
382	8	int hash = 5;
383	8	hash = 41 * hash + (this.name != null ? this.name.hashCode() : 0);
384	8	return hash;
385		}
386
387		@Override
388		public String toString() {
389	0	final StringBuilder sb = new StringBuilder("Vulnerability ");
390	0	sb.append(this.name);
391	0	sb.append("\nReferences:\n");
392	0	for (Reference reference : this.references) {
393	0	sb.append("=> ");
394	0	sb.append(reference);
395	0	sb.append("\n");
396	0	}
397	0	sb.append("\nSoftware:\n");
398	0	for (VulnerableSoftware software : this.vulnerableSoftware) {
399	0	sb.append("=> ");
400	0	sb.append(software);
401	0	sb.append("\n");
402	0	}
403	0	return sb.toString();
404		}
405		/**
406		* Compares two vulnerabilities.
407		*
408		* @param v a vulnerability to be compared
409		* @return a negative integer, zero, or a positive integer as this object is less than, equal to, or greater than
410		* the specified vulnerability
411		*/
412		@Override
413		public int compareTo(Vulnerability v) {
414	0	return v.getName().compareTo(this.getName());
415		}
416
417		/**
418		* The CPE id that caused this vulnerability to be flagged.
419		*/
420		private String matchedCPE;
421		/**
422		* Whether or not all previous versions were affected.
423		*/
424		private String matchedAllPreviousCPE;
425
426		/**
427		* Sets the CPE that caused this vulnerability to be flagged.
428		*
429		* @param cpeId a CPE identifier
430		* @param previous a flag indicating whether or not all previous versions were affected (any non-null value is
431		* considered true)
432		*/
433		public void setMatchedCPE(String cpeId, String previous) {
434	8	matchedCPE = cpeId;
435	8	matchedAllPreviousCPE = previous;
436	8	}
437
438		/**
439		* Get the value of matchedCPE.
440		*
441		* @return the value of matchedCPE
442		*/
443		public String getMatchedCPE() {
444	0	return matchedCPE;
445		}
446
447		/**
448		* Get the value of matchedAllPreviousCPE.
449		*
450		* @return the value of matchedAllPreviousCPE
451		*/
452		public String getMatchedAllPreviousCPE() {
453	0	return matchedAllPreviousCPE;
454		}
455
456		/**
457		* Determines whether or not matchedAllPreviousCPE has been set.
458		*
459		* @return true if matchedAllPreviousCPE is not null; otherwise false
460		*/
461		public boolean hasMatchedAllPreviousCPE() {
462	0	return matchedAllPreviousCPE != null;
463		}
464		}