Coverage Report

Coverage Report - org.owasp.dependencycheck.dependency.Vulnerability

Classes in this File

Line Coverage

Branch Coverage

Complexity

Vulnerability

70%

48/68

25%

4/16

1.312

 /*
  * This file is part of dependency-check-core.
  *
  * Dependency-check-core is free software: you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the Free
  * Software Foundation, either version 3 of the License, or (at your option) any
  * later version.
  *
  * Dependency-check-core is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
  *
  * You should have received a copy of the GNU General Public License along with
  * dependency-check-core. If not, see http://www.gnu.org/licenses/.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.dependency;
 
 import java.io.Serializable;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
 
 /**
  * Contains the information about a vulnerability.
  *
  * @author Jeremy Long (jeremy.long@owasp.org)
  */
 public class Vulnerability implements Serializable, Comparable<Vulnerability> {
 
     /**
      * The serial version uid.
      */
     private static final long serialVersionUID = 307319490326651052L;
     /**
      * The name of the vulnerability.
      */
     private String name;
 
     /**
      * Get the value of name.
      *
      * @return the value of name
      */
     public String getName() {
         return name;
     }
 
     /**
      * Set the value of name.
      *
      * @param name new value of name
      */
     public void setName(String name) {
         this.name = name;
     }
     /**
      * the description of the vulnerability.
      */
     private String description;
 
     /**
      * Get the value of description.
      *
      * @return the value of description
      */
     public String getDescription() {
         return description;
     }
 
     /**
      * Set the value of description.
      *
      * @param description new value of description
      */
     public void setDescription(String description) {
         this.description = description;
     }
     /**
      * References for this vulnerability.
      */
     private SortedSet<Reference> references = new TreeSet<Reference>();
 
     /**
      * Get the value of references.
      *
      * @return the value of references
      */
     public Set<Reference> getReferences() {
         return references;
     }
 
     /**
      * Set the value of references.
      *
      * @param references new value of references
      */
     public void setReferences(SortedSet<Reference> references) {
         this.references = references;
     }
 
     /**
      * Adds a reference to the references collection.
      *
      * @param ref a reference for the vulnerability
      */
     public void addReference(Reference ref) {
         this.references.add(ref);
     }
 
     /**
      * Adds a reference.
      *
      * @param referenceSource the source of the reference
      * @param referenceName the referenceName of the reference
      * @param referenceUrl the url of the reference
      */
     public void addReference(String referenceSource, String referenceName, String referenceUrl) {
         final Reference ref = new Reference();
         ref.setSource(referenceSource);
         ref.setName(referenceName);
         ref.setUrl(referenceUrl);
         this.references.add(ref);
     }
     /**
      * A set of vulnerable software.
      */
     private SortedSet<VulnerableSoftware> vulnerableSoftware = new TreeSet<VulnerableSoftware>();
 
     /**
      * Get the value of vulnerableSoftware.
      *
      * @return the value of vulnerableSoftware
      */
     public Set<VulnerableSoftware> getVulnerableSoftware() {
         return vulnerableSoftware;
     }
 
     /**
      * Set the value of vulnerableSoftware.
      *
      * @param vulnerableSoftware new value of vulnerableSoftware
      */
     public void setVulnerableSoftware(SortedSet<VulnerableSoftware> vulnerableSoftware) {
         this.vulnerableSoftware = vulnerableSoftware;
     }
 
     /**
      * Adds an entry for vulnerable software.
      *
      * @param cpe string representation of a CPE entry
      * @return if the add succeeded
      */
     public boolean addVulnerableSoftware(String cpe) {
         return addVulnerableSoftware(cpe, null);
     }
 
     /**
      * Adds an entry for vulnerable software.
      *
      * @param cpe string representation of a cpe
      * @param previousVersion the previous version (previousVersion - cpe would
      * be considered vulnerable)
      * @return if the add succeeded
      */
     public boolean addVulnerableSoftware(String cpe, String previousVersion) {
         final VulnerableSoftware vs = new VulnerableSoftware();
         vs.setCpe(cpe);
         if (previousVersion != null) {
             vs.setPreviousVersion(previousVersion);
         }
         return updateVulnerableSoftware(vs);
     }
 
     /**
      * Adds or updates a vulnerable software entry.
      *
      * @param vulnSoftware the vulnerable software
      * @return if the update succeeded
      */
     public boolean updateVulnerableSoftware(VulnerableSoftware vulnSoftware) {
         if (vulnerableSoftware.contains(vulnSoftware)) {
             vulnerableSoftware.remove(vulnSoftware);
         }
         return vulnerableSoftware.add(vulnSoftware);
     }
     /**
      * The CWE for the vulnerability.
      */
     private String cwe;
 
     /**
      * Get the value of cwe.
      *
      * @return the value of cwe
      */
     public String getCwe() {
         return cwe;
     }
 
     /**
      * Set the value of cwe.
      *
      * @param cwe new value of cwe
      */
     public void setCwe(String cwe) {
         this.cwe = cwe;
     }
     /**
      * CVSS Score.
      */
     private float cvssScore;
 
     /**
      * Get the value of cvssScore.
      *
      * @return the value of cvssScore
      */
     public float getCvssScore() {
         return cvssScore;
     }
 
     /**
      * Set the value of cvssScore.
      *
      * @param cvssScore new value of cvssScore
      */
     public void setCvssScore(float cvssScore) {
         this.cvssScore = cvssScore;
     }
     /**
      * CVSS Access Vector.
      */
     private String cvssAccessVector;
 
     /**
      * Get the value of cvssAccessVector.
      *
      * @return the value of cvssAccessVector
      */
     public String getCvssAccessVector() {
         return cvssAccessVector;
     }
 
     /**
      * Set the value of cvssAccessVector.
      *
      * @param cvssAccessVector new value of cvssAccessVector
      */
     public void setCvssAccessVector(String cvssAccessVector) {
         this.cvssAccessVector = cvssAccessVector;
     }
     /**
      * CVSS Access Complexity.
      */
     private String cvssAccessComplexity;
 
     /**
      * Get the value of cvssAccessComplexity.
      *
      * @return the value of cvssAccessComplexity
      */
     public String getCvssAccessComplexity() {
         return cvssAccessComplexity;
     }
 
     /**
      * Set the value of cvssAccessComplexity.
      *
      * @param cvssAccessComplexity new value of cvssAccessComplexity
      */
     public void setCvssAccessComplexity(String cvssAccessComplexity) {
         this.cvssAccessComplexity = cvssAccessComplexity;
     }
     /**
      * CVSS Authentication.
      */
     private String cvssAuthentication;
 
     /**
      * Get the value of cvssAuthentication.
      *
      * @return the value of cvssAuthentication
      */
     public String getCvssAuthentication() {
         return cvssAuthentication;
     }
 
     /**
      * Set the value of cvssAuthentication.
      *
      * @param cvssAuthentication new value of cvssAuthentication
      */
     public void setCvssAuthentication(String cvssAuthentication) {
         this.cvssAuthentication = cvssAuthentication;
     }
     /**
      * CVSS Confidentiality Impact.
      */
     private String cvssConfidentialityImpact;
 
     /**
      * Get the value of cvssConfidentialityImpact.
      *
      * @return the value of cvssConfidentialityImpact
      */
     public String getCvssConfidentialityImpact() {
         return cvssConfidentialityImpact;
     }
 
     /**
      * Set the value of cvssConfidentialityImpact.
      *
      * @param cvssConfidentialityImpact new value of cvssConfidentialityImpact
      */
     public void setCvssConfidentialityImpact(String cvssConfidentialityImpact) {
         this.cvssConfidentialityImpact = cvssConfidentialityImpact;
     }
     /**
      * CVSS Integrity Impact.
      */
     private String cvssIntegrityImpact;
 
     /**
      * Get the value of cvssIntegrityImpact.
      *
      * @return the value of cvssIntegrityImpact
      */
     public String getCvssIntegrityImpact() {
         return cvssIntegrityImpact;
     }
 
     /**
      * Set the value of cvssIntegrityImpact.
      *
      * @param cvssIntegrityImpact new value of cvssIntegrityImpact
      */
     public void setCvssIntegrityImpact(String cvssIntegrityImpact) {
         this.cvssIntegrityImpact = cvssIntegrityImpact;
     }
     /**
      * CVSS Availability Impact.
      */
     private String cvssAvailabilityImpact;
 
     /**
      * Get the value of cvssAvailabilityImpact.
      *
      * @return the value of cvssAvailabilityImpact
      */
     public String getCvssAvailabilityImpact() {
         return cvssAvailabilityImpact;
     }
 
     /**
      * Set the value of cvssAvailabilityImpact.
      *
      * @param cvssAvailabilityImpact new value of cvssAvailabilityImpact
      */
     public void setCvssAvailabilityImpact(String cvssAvailabilityImpact) {
         this.cvssAvailabilityImpact = cvssAvailabilityImpact;
     }
 
     @Override
     public boolean equals(Object obj) {
         if (obj == null) {
             return false;
         }
         if (getClass() != obj.getClass()) {
             return false;
         }
         final Vulnerability other = (Vulnerability) obj;
         if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) {
             return false;
         }
         return true;
     }
 
     @Override
     public int hashCode() {
         int hash = 5;
         hash = 41 * hash + (this.name != null ? this.name.hashCode() : 0);
         return hash;
     }
 
     /**
      * Compares two vulnerabilities.
      *
      * @param v a vulnerability to be compared
      * @return a negative integer, zero, or a positive integer as this object is
      * less than, equal to, or greater than the specified vulnerability
      */
     public int compareTo(Vulnerability v) {
         return v.getName().compareTo(this.getName());
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Dependency-check-core is free software: you can redistribute it and/or modify it
5		* under the terms of the GNU General Public License as published by the Free
6		* Software Foundation, either version 3 of the License, or (at your option) any
7		* later version.
8		*
9		* Dependency-check-core is distributed in the hope that it will be useful, but
10		* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11		* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
12		* details.
13		*
14		* You should have received a copy of the GNU General Public License along with
15		* dependency-check-core. If not, see http://www.gnu.org/licenses/.
16		*
17		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
18		*/
19		package org.owasp.dependencycheck.dependency;
20
21		import java.io.Serializable;
22		import java.util.Set;
23		import java.util.SortedSet;
24		import java.util.TreeSet;
25
26		/**
27		* Contains the information about a vulnerability.
28		*
29		* @author Jeremy Long (jeremy.long@owasp.org)
30		*/
31	89	public class Vulnerability implements Serializable, Comparable<Vulnerability> {
32
33		/**
34		* The serial version uid.
35		*/
36		private static final long serialVersionUID = 307319490326651052L;
37		/**
38		* The name of the vulnerability.
39		*/
40		private String name;
41
42		/**
43		* Get the value of name.
44		*
45		* @return the value of name
46		*/
47		public String getName() {
48	232	return name;
49		}
50
51		/**
52		* Set the value of name.
53		*
54		* @param name new value of name
55		*/
56		public void setName(String name) {
57	89	this.name = name;
58	89	}
59		/**
60		* the description of the vulnerability.
61		*/
62		private String description;
63
64		/**
65		* Get the value of description.
66		*
67		* @return the value of description
68		*/
69		public String getDescription() {
70	31	return description;
71		}
72
73		/**
74		* Set the value of description.
75		*
76		* @param description new value of description
77		*/
78		public void setDescription(String description) {
79	88	this.description = description;
80	88	}
81		/**
82		* References for this vulnerability.
83		*/
84	89	private SortedSet<Reference> references = new TreeSet<Reference>();
85
86		/**
87		* Get the value of references.
88		*
89		* @return the value of references
90		*/
91		public Set<Reference> getReferences() {
92	31	return references;
93		}
94
95		/**
96		* Set the value of references.
97		*
98		* @param references new value of references
99		*/
100		public void setReferences(SortedSet<Reference> references) {
101	0	this.references = references;
102	0	}
103
104		/**
105		* Adds a reference to the references collection.
106		*
107		* @param ref a reference for the vulnerability
108		*/
109		public void addReference(Reference ref) {
110	90	this.references.add(ref);
111	90	}
112
113		/**
114		* Adds a reference.
115		*
116		* @param referenceSource the source of the reference
117		* @param referenceName the referenceName of the reference
118		* @param referenceUrl the url of the reference
119		*/
120		public void addReference(String referenceSource, String referenceName, String referenceUrl) {
121	416	final Reference ref = new Reference();
122	416	ref.setSource(referenceSource);
123	416	ref.setName(referenceName);
124	416	ref.setUrl(referenceUrl);
125	416	this.references.add(ref);
126	416	}
127		/**
128		* A set of vulnerable software.
129		*/
130	89	private SortedSet<VulnerableSoftware> vulnerableSoftware = new TreeSet<VulnerableSoftware>();
131
132		/**
133		* Get the value of vulnerableSoftware.
134		*
135		* @return the value of vulnerableSoftware
136		*/
137		public Set<VulnerableSoftware> getVulnerableSoftware() {
138	31	return vulnerableSoftware;
139		}
140
141		/**
142		* Set the value of vulnerableSoftware.
143		*
144		* @param vulnerableSoftware new value of vulnerableSoftware
145		*/
146		public void setVulnerableSoftware(SortedSet<VulnerableSoftware> vulnerableSoftware) {
147	0	this.vulnerableSoftware = vulnerableSoftware;
148	0	}
149
150		/**
151		* Adds an entry for vulnerable software.
152		*
153		* @param cpe string representation of a CPE entry
154		* @return if the add succeeded
155		*/
156		public boolean addVulnerableSoftware(String cpe) {
157	3276	return addVulnerableSoftware(cpe, null);
158		}
159
160		/**
161		* Adds an entry for vulnerable software.
162		*
163		* @param cpe string representation of a cpe
164		* @param previousVersion the previous version (previousVersion - cpe would
165		* be considered vulnerable)
166		* @return if the add succeeded
167		*/
168		public boolean addVulnerableSoftware(String cpe, String previousVersion) {
169	3318	final VulnerableSoftware vs = new VulnerableSoftware();
170	3318	vs.setCpe(cpe);
171	3318	if (previousVersion != null) {
172	42	vs.setPreviousVersion(previousVersion);
173		}
174	3318	return updateVulnerableSoftware(vs);
175		}
176
177		/**
178		* Adds or updates a vulnerable software entry.
179		*
180		* @param vulnSoftware the vulnerable software
181		* @return if the update succeeded
182		*/
183		public boolean updateVulnerableSoftware(VulnerableSoftware vulnSoftware) {
184	3318	if (vulnerableSoftware.contains(vulnSoftware)) {
185	0	vulnerableSoftware.remove(vulnSoftware);
186		}
187	3318	return vulnerableSoftware.add(vulnSoftware);
188		}
189		/**
190		* The CWE for the vulnerability.
191		*/
192		private String cwe;
193
194		/**
195		* Get the value of cwe.
196		*
197		* @return the value of cwe
198		*/
199		public String getCwe() {
200	62	return cwe;
201		}
202
203		/**
204		* Set the value of cwe.
205		*
206		* @param cwe new value of cwe
207		*/
208		public void setCwe(String cwe) {
209	81	this.cwe = cwe;
210	81	}
211		/**
212		* CVSS Score.
213		*/
214		private float cvssScore;
215
216		/**
217		* Get the value of cvssScore.
218		*
219		* @return the value of cvssScore
220		*/
221		public float getCvssScore() {
222	95	return cvssScore;
223		}
224
225		/**
226		* Set the value of cvssScore.
227		*
228		* @param cvssScore new value of cvssScore
229		*/
230		public void setCvssScore(float cvssScore) {
231	88	this.cvssScore = cvssScore;
232	88	}
233		/**
234		* CVSS Access Vector.
235		*/
236		private String cvssAccessVector;
237
238		/**
239		* Get the value of cvssAccessVector.
240		*
241		* @return the value of cvssAccessVector
242		*/
243		public String getCvssAccessVector() {
244	0	return cvssAccessVector;
245		}
246
247		/**
248		* Set the value of cvssAccessVector.
249		*
250		* @param cvssAccessVector new value of cvssAccessVector
251		*/
252		public void setCvssAccessVector(String cvssAccessVector) {
253	87	this.cvssAccessVector = cvssAccessVector;
254	87	}
255		/**
256		* CVSS Access Complexity.
257		*/
258		private String cvssAccessComplexity;
259
260		/**
261		* Get the value of cvssAccessComplexity.
262		*
263		* @return the value of cvssAccessComplexity
264		*/
265		public String getCvssAccessComplexity() {
266	0	return cvssAccessComplexity;
267		}
268
269		/**
270		* Set the value of cvssAccessComplexity.
271		*
272		* @param cvssAccessComplexity new value of cvssAccessComplexity
273		*/
274		public void setCvssAccessComplexity(String cvssAccessComplexity) {
275	87	this.cvssAccessComplexity = cvssAccessComplexity;
276	87	}
277		/**
278		* CVSS Authentication.
279		*/
280		private String cvssAuthentication;
281
282		/**
283		* Get the value of cvssAuthentication.
284		*
285		* @return the value of cvssAuthentication
286		*/
287		public String getCvssAuthentication() {
288	0	return cvssAuthentication;
289		}
290
291		/**
292		* Set the value of cvssAuthentication.
293		*
294		* @param cvssAuthentication new value of cvssAuthentication
295		*/
296		public void setCvssAuthentication(String cvssAuthentication) {
297	87	this.cvssAuthentication = cvssAuthentication;
298	87	}
299		/**
300		* CVSS Confidentiality Impact.
301		*/
302		private String cvssConfidentialityImpact;
303
304		/**
305		* Get the value of cvssConfidentialityImpact.
306		*
307		* @return the value of cvssConfidentialityImpact
308		*/
309		public String getCvssConfidentialityImpact() {
310	0	return cvssConfidentialityImpact;
311		}
312
313		/**
314		* Set the value of cvssConfidentialityImpact.
315		*
316		* @param cvssConfidentialityImpact new value of cvssConfidentialityImpact
317		*/
318		public void setCvssConfidentialityImpact(String cvssConfidentialityImpact) {
319	87	this.cvssConfidentialityImpact = cvssConfidentialityImpact;
320	87	}
321		/**
322		* CVSS Integrity Impact.
323		*/
324		private String cvssIntegrityImpact;
325
326		/**
327		* Get the value of cvssIntegrityImpact.
328		*
329		* @return the value of cvssIntegrityImpact
330		*/
331		public String getCvssIntegrityImpact() {
332	0	return cvssIntegrityImpact;
333		}
334
335		/**
336		* Set the value of cvssIntegrityImpact.
337		*
338		* @param cvssIntegrityImpact new value of cvssIntegrityImpact
339		*/
340		public void setCvssIntegrityImpact(String cvssIntegrityImpact) {
341	87	this.cvssIntegrityImpact = cvssIntegrityImpact;
342	87	}
343		/**
344		* CVSS Availability Impact.
345		*/
346		private String cvssAvailabilityImpact;
347
348		/**
349		* Get the value of cvssAvailabilityImpact.
350		*
351		* @return the value of cvssAvailabilityImpact
352		*/
353		public String getCvssAvailabilityImpact() {
354	0	return cvssAvailabilityImpact;
355		}
356
357		/**
358		* Set the value of cvssAvailabilityImpact.
359		*
360		* @param cvssAvailabilityImpact new value of cvssAvailabilityImpact
361		*/
362		public void setCvssAvailabilityImpact(String cvssAvailabilityImpact) {
363	87	this.cvssAvailabilityImpact = cvssAvailabilityImpact;
364	87	}
365
366		@Override
367		public boolean equals(Object obj) {
368	0	if (obj == null) {
369	0	return false;
370		}
371	0	if (getClass() != obj.getClass()) {
372	0	return false;
373		}
374	0	final Vulnerability other = (Vulnerability) obj;
375	0	if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) {
376	0	return false;
377		}
378	0	return true;
379		}
380
381		@Override
382		public int hashCode() {
383	41	int hash = 5;
384	41	hash = 41 * hash + (this.name != null ? this.name.hashCode() : 0);
385	41	return hash;
386		}
387
388		/**
389		* Compares two vulnerabilities.
390		*
391		* @param v a vulnerability to be compared
392		* @return a negative integer, zero, or a positive integer as this object is
393		* less than, equal to, or greater than the specified vulnerability
394		*/
395		public int compareTo(Vulnerability v) {
396	0	return v.getName().compareTo(this.getName());
397		}
398		}