Coverage Report

Coverage Report - org.owasp.dependencycheck.dependency.Vulnerability

Classes in this File

Line Coverage

Branch Coverage

Complexity

Vulnerability

64%

48/74

22%

4/18

1.278

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.dependency;
 
 import java.io.Serializable;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
 
 /**
  * Contains the information about a vulnerability.
  *
  * @author Jeremy Long
  */
 public class Vulnerability implements Serializable, Comparable<Vulnerability> {
 
     /**
      * The serial version uid.
      */
     private static final long serialVersionUID = 307319490326651052L;
     /**
      * The name of the vulnerability.
      */
     private String name;
 
     /**
      * Get the value of name.
      *
      * @return the value of name
      */
     public String getName() {
         return name;
     }
 
     /**
      * Set the value of name.
      *
      * @param name new value of name
      */
     public void setName(String name) {
         this.name = name;
     }
     /**
      * the description of the vulnerability.
      */
     private String description;
 
     /**
      * Get the value of description.
      *
      * @return the value of description
      */
     public String getDescription() {
         return description;
     }
 
     /**
      * Set the value of description.
      *
      * @param description new value of description
      */
     public void setDescription(String description) {
         this.description = description;
     }
     /**
      * References for this vulnerability.
      */
     private SortedSet<Reference> references = new TreeSet<Reference>();
 
     /**
      * Get the value of references.
      *
      * @return the value of references
      */
     public Set<Reference> getReferences() {
         return references;
     }
 
     /**
      * Set the value of references.
      *
      * @param references new value of references
      */
     public void setReferences(SortedSet<Reference> references) {
         this.references = references;
     }
 
     /**
      * Adds a reference to the references collection.
      *
      * @param ref a reference for the vulnerability
      */
     public void addReference(Reference ref) {
         this.references.add(ref);
     }
 
     /**
      * Adds a reference.
      *
      * @param referenceSource the source of the reference
      * @param referenceName the referenceName of the reference
      * @param referenceUrl the url of the reference
      */
     public void addReference(String referenceSource, String referenceName, String referenceUrl) {
         final Reference ref = new Reference();
         ref.setSource(referenceSource);
         ref.setName(referenceName);
         ref.setUrl(referenceUrl);
         this.references.add(ref);
     }
     /**
      * A set of vulnerable software.
      */
     private SortedSet<VulnerableSoftware> vulnerableSoftware = new TreeSet<VulnerableSoftware>();
 
     /**
      * Get the value of vulnerableSoftware.
      *
      * @return the value of vulnerableSoftware
      */
     public Set<VulnerableSoftware> getVulnerableSoftware() {
         return vulnerableSoftware;
     }
 
     /**
      * Set the value of vulnerableSoftware.
      *
      * @param vulnerableSoftware new value of vulnerableSoftware
      */
     public void setVulnerableSoftware(SortedSet<VulnerableSoftware> vulnerableSoftware) {
         this.vulnerableSoftware = vulnerableSoftware;
     }
 
     /**
      * Adds an entry for vulnerable software.
      *
      * @param cpe string representation of a CPE entry
      * @return if the add succeeded
      */
     public boolean addVulnerableSoftware(String cpe) {
         return addVulnerableSoftware(cpe, null);
     }
 
     /**
      * Adds an entry for vulnerable software.
      *
      * @param cpe string representation of a cpe
      * @param previousVersion the previous version (previousVersion - cpe would be considered vulnerable)
      * @return if the add succeeded
      */
     public boolean addVulnerableSoftware(String cpe, String previousVersion) {
         final VulnerableSoftware vs = new VulnerableSoftware();
         vs.setCpe(cpe);
         if (previousVersion != null) {
             vs.setPreviousVersion(previousVersion);
         }
         return updateVulnerableSoftware(vs);
     }
 
     /**
      * Adds or updates a vulnerable software entry.
      *
      * @param vulnSoftware the vulnerable software
      * @return if the update succeeded
      */
     public boolean updateVulnerableSoftware(VulnerableSoftware vulnSoftware) {
         if (vulnerableSoftware.contains(vulnSoftware)) {
             vulnerableSoftware.remove(vulnSoftware);
         }
         return vulnerableSoftware.add(vulnSoftware);
     }
     /**
      * The CWE for the vulnerability.
      */
     private String cwe;
 
     /**
      * Get the value of cwe.
      *
      * @return the value of cwe
      */
     public String getCwe() {
         return cwe;
     }
 
     /**
      * Set the value of cwe.
      *
      * @param cwe new value of cwe
      */
     public void setCwe(String cwe) {
         this.cwe = cwe;
     }
     /**
      * CVSS Score.
      */
     private float cvssScore;
 
     /**
      * Get the value of cvssScore.
      *
      * @return the value of cvssScore
      */
     public float getCvssScore() {
         return cvssScore;
     }
 
     /**
      * Set the value of cvssScore.
      *
      * @param cvssScore new value of cvssScore
      */
     public void setCvssScore(float cvssScore) {
         this.cvssScore = cvssScore;
     }
     /**
      * CVSS Access Vector.
      */
     private String cvssAccessVector;
 
     /**
      * Get the value of cvssAccessVector.
      *
      * @return the value of cvssAccessVector
      */
     public String getCvssAccessVector() {
         return cvssAccessVector;
     }
 
     /**
      * Set the value of cvssAccessVector.
      *
      * @param cvssAccessVector new value of cvssAccessVector
      */
     public void setCvssAccessVector(String cvssAccessVector) {
         this.cvssAccessVector = cvssAccessVector;
     }
     /**
      * CVSS Access Complexity.
      */
     private String cvssAccessComplexity;
 
     /**
      * Get the value of cvssAccessComplexity.
      *
      * @return the value of cvssAccessComplexity
      */
     public String getCvssAccessComplexity() {
         return cvssAccessComplexity;
     }
 
     /**
      * Set the value of cvssAccessComplexity.
      *
      * @param cvssAccessComplexity new value of cvssAccessComplexity
      */
     public void setCvssAccessComplexity(String cvssAccessComplexity) {
         this.cvssAccessComplexity = cvssAccessComplexity;
     }
     /**
      * CVSS Authentication.
      */
     private String cvssAuthentication;
 
     /**
      * Get the value of cvssAuthentication.
      *
      * @return the value of cvssAuthentication
      */
     public String getCvssAuthentication() {
         return cvssAuthentication;
     }
 
     /**
      * Set the value of cvssAuthentication.
      *
      * @param cvssAuthentication new value of cvssAuthentication
      */
     public void setCvssAuthentication(String cvssAuthentication) {
         this.cvssAuthentication = cvssAuthentication;
     }
     /**
      * CVSS Confidentiality Impact.
      */
     private String cvssConfidentialityImpact;
 
     /**
      * Get the value of cvssConfidentialityImpact.
      *
      * @return the value of cvssConfidentialityImpact
      */
     public String getCvssConfidentialityImpact() {
         return cvssConfidentialityImpact;
     }
 
     /**
      * Set the value of cvssConfidentialityImpact.
      *
      * @param cvssConfidentialityImpact new value of cvssConfidentialityImpact
      */
     public void setCvssConfidentialityImpact(String cvssConfidentialityImpact) {
         this.cvssConfidentialityImpact = cvssConfidentialityImpact;
     }
     /**
      * CVSS Integrity Impact.
      */
     private String cvssIntegrityImpact;
 
     /**
      * Get the value of cvssIntegrityImpact.
      *
      * @return the value of cvssIntegrityImpact
      */
     public String getCvssIntegrityImpact() {
         return cvssIntegrityImpact;
     }
 
     /**
      * Set the value of cvssIntegrityImpact.
      *
      * @param cvssIntegrityImpact new value of cvssIntegrityImpact
      */
     public void setCvssIntegrityImpact(String cvssIntegrityImpact) {
         this.cvssIntegrityImpact = cvssIntegrityImpact;
     }
     /**
      * CVSS Availability Impact.
      */
     private String cvssAvailabilityImpact;
 
     /**
      * Get the value of cvssAvailabilityImpact.
      *
      * @return the value of cvssAvailabilityImpact
      */
     public String getCvssAvailabilityImpact() {
         return cvssAvailabilityImpact;
     }
 
     /**
      * Set the value of cvssAvailabilityImpact.
      *
      * @param cvssAvailabilityImpact new value of cvssAvailabilityImpact
      */
     public void setCvssAvailabilityImpact(String cvssAvailabilityImpact) {
         this.cvssAvailabilityImpact = cvssAvailabilityImpact;
     }
 
     @Override
     public boolean equals(Object obj) {
         if (obj == null) {
             return false;
         }
         if (getClass() != obj.getClass()) {
             return false;
         }
         final Vulnerability other = (Vulnerability) obj;
         if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) {
             return false;
         }
         return true;
     }
 
     @Override
     public int hashCode() {
         int hash = 5;
         hash = 41 * hash + (this.name != null ? this.name.hashCode() : 0);
         return hash;
     }
 
     /**
      * Compares two vulnerabilities.
      *
      * @param v a vulnerability to be compared
      * @return a negative integer, zero, or a positive integer as this object is less than, equal to, or greater than
      * the specified vulnerability
      */
     @Override
     public int compareTo(Vulnerability v) {
         return v.getName().compareTo(this.getName());
     }
 
     /**
      * The CPE id that caused this vulnerability to be flagged.
      */
     private String matchedCPE;
     /**
      * Whether or not all previous versions were affected.
      */
     private String matchedAllPreviousCPE;
 
     /**
      * Sets the CPE that caused this vulnerability to be flagged.
      *
      * @param cpeId a CPE identifier
      * @param previous a flag indicating whether or not all previous versions were affected (any non-null value is
      * considered true)
      */
     public void setMatchedCPE(String cpeId, String previous) {
         matchedCPE = cpeId;
         matchedAllPreviousCPE = previous;
     }
 
     /**
      * Get the value of matchedCPE.
      *
      * @return the value of matchedCPE
      */
     public String getMatchedCPE() {
         return matchedCPE;
     }
 
     /**
      * Get the value of matchedAllPreviousCPE.
      *
      * @return the value of matchedAllPreviousCPE
      */
     public String getMatchedAllPreviousCPE() {
         return matchedAllPreviousCPE;
     }
 
     /**
      * Determines whether or not matchedAllPreviousCPE has been set.
      *
      * @return true if matchedAllPreviousCPE is not null; otherwise false
      */
     public boolean hasMatchedAllPreviousCPE() {
         return matchedAllPreviousCPE != null;
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.dependency;
19
20		import java.io.Serializable;
21		import java.util.Set;
22		import java.util.SortedSet;
23		import java.util.TreeSet;
24
25		/**
26		* Contains the information about a vulnerability.
27		*
28		* @author Jeremy Long
29		*/
30	36	public class Vulnerability implements Serializable, Comparable<Vulnerability> {
31
32		/**
33		* The serial version uid.
34		*/
35		private static final long serialVersionUID = 307319490326651052L;
36		/**
37		* The name of the vulnerability.
38		*/
39		private String name;
40
41		/**
42		* Get the value of name.
43		*
44		* @return the value of name
45		*/
46		public String getName() {
47	53	return name;
48		}
49
50		/**
51		* Set the value of name.
52		*
53		* @param name new value of name
54		*/
55		public void setName(String name) {
56	36	this.name = name;
57	36	}
58		/**
59		* the description of the vulnerability.
60		*/
61		private String description;
62
63		/**
64		* Get the value of description.
65		*
66		* @return the value of description
67		*/
68		public String getDescription() {
69	0	return description;
70		}
71
72		/**
73		* Set the value of description.
74		*
75		* @param description new value of description
76		*/
77		public void setDescription(String description) {
78	35	this.description = description;
79	35	}
80		/**
81		* References for this vulnerability.
82		*/
83	36	private SortedSet<Reference> references = new TreeSet<Reference>();
84
85		/**
86		* Get the value of references.
87		*
88		* @return the value of references
89		*/
90		public Set<Reference> getReferences() {
91	0	return references;
92		}
93
94		/**
95		* Set the value of references.
96		*
97		* @param references new value of references
98		*/
99		public void setReferences(SortedSet<Reference> references) {
100	0	this.references = references;
101	0	}
102
103		/**
104		* Adds a reference to the references collection.
105		*
106		* @param ref a reference for the vulnerability
107		*/
108		public void addReference(Reference ref) {
109	90	this.references.add(ref);
110	90	}
111
112		/**
113		* Adds a reference.
114		*
115		* @param referenceSource the source of the reference
116		* @param referenceName the referenceName of the reference
117		* @param referenceUrl the url of the reference
118		*/
119		public void addReference(String referenceSource, String referenceName, String referenceUrl) {
120	68	final Reference ref = new Reference();
121	68	ref.setSource(referenceSource);
122	68	ref.setName(referenceName);
123	68	ref.setUrl(referenceUrl);
124	68	this.references.add(ref);
125	68	}
126		/**
127		* A set of vulnerable software.
128		*/
129	36	private SortedSet<VulnerableSoftware> vulnerableSoftware = new TreeSet<VulnerableSoftware>();
130
131		/**
132		* Get the value of vulnerableSoftware.
133		*
134		* @return the value of vulnerableSoftware
135		*/
136		public Set<VulnerableSoftware> getVulnerableSoftware() {
137	0	return vulnerableSoftware;
138		}
139
140		/**
141		* Set the value of vulnerableSoftware.
142		*
143		* @param vulnerableSoftware new value of vulnerableSoftware
144		*/
145		public void setVulnerableSoftware(SortedSet<VulnerableSoftware> vulnerableSoftware) {
146	0	this.vulnerableSoftware = vulnerableSoftware;
147	0	}
148
149		/**
150		* Adds an entry for vulnerable software.
151		*
152		* @param cpe string representation of a CPE entry
153		* @return if the add succeeded
154		*/
155		public boolean addVulnerableSoftware(String cpe) {
156	842	return addVulnerableSoftware(cpe, null);
157		}
158
159		/**
160		* Adds an entry for vulnerable software.
161		*
162		* @param cpe string representation of a cpe
163		* @param previousVersion the previous version (previousVersion - cpe would be considered vulnerable)
164		* @return if the add succeeded
165		*/
166		public boolean addVulnerableSoftware(String cpe, String previousVersion) {
167	850	final VulnerableSoftware vs = new VulnerableSoftware();
168	850	vs.setCpe(cpe);
169	850	if (previousVersion != null) {
170	8	vs.setPreviousVersion(previousVersion);
171		}
172	850	return updateVulnerableSoftware(vs);
173		}
174
175		/**
176		* Adds or updates a vulnerable software entry.
177		*
178		* @param vulnSoftware the vulnerable software
179		* @return if the update succeeded
180		*/
181		public boolean updateVulnerableSoftware(VulnerableSoftware vulnSoftware) {
182	850	if (vulnerableSoftware.contains(vulnSoftware)) {
183	0	vulnerableSoftware.remove(vulnSoftware);
184		}
185	850	return vulnerableSoftware.add(vulnSoftware);
186		}
187		/**
188		* The CWE for the vulnerability.
189		*/
190		private String cwe;
191
192		/**
193		* Get the value of cwe.
194		*
195		* @return the value of cwe
196		*/
197		public String getCwe() {
198	2	return cwe;
199		}
200
201		/**
202		* Set the value of cwe.
203		*
204		* @param cwe new value of cwe
205		*/
206		public void setCwe(String cwe) {
207	28	this.cwe = cwe;
208	28	}
209		/**
210		* CVSS Score.
211		*/
212		private float cvssScore;
213
214		/**
215		* Get the value of cvssScore.
216		*
217		* @return the value of cvssScore
218		*/
219		public float getCvssScore() {
220	3	return cvssScore;
221		}
222
223		/**
224		* Set the value of cvssScore.
225		*
226		* @param cvssScore new value of cvssScore
227		*/
228		public void setCvssScore(float cvssScore) {
229	35	this.cvssScore = cvssScore;
230	35	}
231		/**
232		* CVSS Access Vector.
233		*/
234		private String cvssAccessVector;
235
236		/**
237		* Get the value of cvssAccessVector.
238		*
239		* @return the value of cvssAccessVector
240		*/
241		public String getCvssAccessVector() {
242	0	return cvssAccessVector;
243		}
244
245		/**
246		* Set the value of cvssAccessVector.
247		*
248		* @param cvssAccessVector new value of cvssAccessVector
249		*/
250		public void setCvssAccessVector(String cvssAccessVector) {
251	34	this.cvssAccessVector = cvssAccessVector;
252	34	}
253		/**
254		* CVSS Access Complexity.
255		*/
256		private String cvssAccessComplexity;
257
258		/**
259		* Get the value of cvssAccessComplexity.
260		*
261		* @return the value of cvssAccessComplexity
262		*/
263		public String getCvssAccessComplexity() {
264	0	return cvssAccessComplexity;
265		}
266
267		/**
268		* Set the value of cvssAccessComplexity.
269		*
270		* @param cvssAccessComplexity new value of cvssAccessComplexity
271		*/
272		public void setCvssAccessComplexity(String cvssAccessComplexity) {
273	34	this.cvssAccessComplexity = cvssAccessComplexity;
274	34	}
275		/**
276		* CVSS Authentication.
277		*/
278		private String cvssAuthentication;
279
280		/**
281		* Get the value of cvssAuthentication.
282		*
283		* @return the value of cvssAuthentication
284		*/
285		public String getCvssAuthentication() {
286	0	return cvssAuthentication;
287		}
288
289		/**
290		* Set the value of cvssAuthentication.
291		*
292		* @param cvssAuthentication new value of cvssAuthentication
293		*/
294		public void setCvssAuthentication(String cvssAuthentication) {
295	34	this.cvssAuthentication = cvssAuthentication;
296	34	}
297		/**
298		* CVSS Confidentiality Impact.
299		*/
300		private String cvssConfidentialityImpact;
301
302		/**
303		* Get the value of cvssConfidentialityImpact.
304		*
305		* @return the value of cvssConfidentialityImpact
306		*/
307		public String getCvssConfidentialityImpact() {
308	0	return cvssConfidentialityImpact;
309		}
310
311		/**
312		* Set the value of cvssConfidentialityImpact.
313		*
314		* @param cvssConfidentialityImpact new value of cvssConfidentialityImpact
315		*/
316		public void setCvssConfidentialityImpact(String cvssConfidentialityImpact) {
317	34	this.cvssConfidentialityImpact = cvssConfidentialityImpact;
318	34	}
319		/**
320		* CVSS Integrity Impact.
321		*/
322		private String cvssIntegrityImpact;
323
324		/**
325		* Get the value of cvssIntegrityImpact.
326		*
327		* @return the value of cvssIntegrityImpact
328		*/
329		public String getCvssIntegrityImpact() {
330	0	return cvssIntegrityImpact;
331		}
332
333		/**
334		* Set the value of cvssIntegrityImpact.
335		*
336		* @param cvssIntegrityImpact new value of cvssIntegrityImpact
337		*/
338		public void setCvssIntegrityImpact(String cvssIntegrityImpact) {
339	34	this.cvssIntegrityImpact = cvssIntegrityImpact;
340	34	}
341		/**
342		* CVSS Availability Impact.
343		*/
344		private String cvssAvailabilityImpact;
345
346		/**
347		* Get the value of cvssAvailabilityImpact.
348		*
349		* @return the value of cvssAvailabilityImpact
350		*/
351		public String getCvssAvailabilityImpact() {
352	0	return cvssAvailabilityImpact;
353		}
354
355		/**
356		* Set the value of cvssAvailabilityImpact.
357		*
358		* @param cvssAvailabilityImpact new value of cvssAvailabilityImpact
359		*/
360		public void setCvssAvailabilityImpact(String cvssAvailabilityImpact) {
361	34	this.cvssAvailabilityImpact = cvssAvailabilityImpact;
362	34	}
363
364		@Override
365		public boolean equals(Object obj) {
366	0	if (obj == null) {
367	0	return false;
368		}
369	0	if (getClass() != obj.getClass()) {
370	0	return false;
371		}
372	0	final Vulnerability other = (Vulnerability) obj;
373	0	if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) {
374	0	return false;
375		}
376	0	return true;
377		}
378
379		@Override
380		public int hashCode() {
381	8	int hash = 5;
382	8	hash = 41 * hash + (this.name != null ? this.name.hashCode() : 0);
383	8	return hash;
384		}
385
386		/**
387		* Compares two vulnerabilities.
388		*
389		* @param v a vulnerability to be compared
390		* @return a negative integer, zero, or a positive integer as this object is less than, equal to, or greater than
391		* the specified vulnerability
392		*/
393		@Override
394		public int compareTo(Vulnerability v) {
395	0	return v.getName().compareTo(this.getName());
396		}
397
398		/**
399		* The CPE id that caused this vulnerability to be flagged.
400		*/
401		private String matchedCPE;
402		/**
403		* Whether or not all previous versions were affected.
404		*/
405		private String matchedAllPreviousCPE;
406
407		/**
408		* Sets the CPE that caused this vulnerability to be flagged.
409		*
410		* @param cpeId a CPE identifier
411		* @param previous a flag indicating whether or not all previous versions were affected (any non-null value is
412		* considered true)
413		*/
414		public void setMatchedCPE(String cpeId, String previous) {
415	8	matchedCPE = cpeId;
416	8	matchedAllPreviousCPE = previous;
417	8	}
418
419		/**
420		* Get the value of matchedCPE.
421		*
422		* @return the value of matchedCPE
423		*/
424		public String getMatchedCPE() {
425	0	return matchedCPE;
426		}
427
428		/**
429		* Get the value of matchedAllPreviousCPE.
430		*
431		* @return the value of matchedAllPreviousCPE
432		*/
433		public String getMatchedAllPreviousCPE() {
434	0	return matchedAllPreviousCPE;
435		}
436
437		/**
438		* Determines whether or not matchedAllPreviousCPE has been set.
439		*
440		* @return true if matchedAllPreviousCPE is not null; otherwise false
441		*/
442		public boolean hasMatchedAllPreviousCPE() {
443	0	return matchedAllPreviousCPE != null;
444		}
445		}