mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-02-20 01:17:59 +01:00
160 lines
8.4 KiB
XML
160 lines
8.4 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<hints xmlns="https://jeremylong.github.io/DependencyCheck/dependency-hint.1.2.xsd">
|
|
<hint>
|
|
<given><!-- NOTE: these are OR conditions -->
|
|
<evidence type="product" source="Manifest" name="Implementation-Title" value="Spring Framework" confidence="HIGH"/>
|
|
<evidence type="product" source="Manifest" name="Implementation-Title" value="org.springframework.core" confidence="HIGH"/>
|
|
<evidence type="product" source="Manifest" name="Implementation-Title" value="spring-core" confidence="HIGH"/>
|
|
<evidence type="vendor" source="pom" name="groupid" value="springframework" confidence="HIGHEST"/>
|
|
</given>
|
|
<add>
|
|
<evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGH"/>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGH"/>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGH"/>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGH"/>
|
|
</add>
|
|
</hint>
|
|
<hint>
|
|
<given>
|
|
<evidence type="product" source="jar" name="package name" value="springframework" confidence="LOW"/>
|
|
<fileName contains="spring"/>
|
|
</given>
|
|
<add>
|
|
<evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGH"/>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGH"/>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGH"/>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGH"/>
|
|
</add>
|
|
</hint>
|
|
<hint>
|
|
<given>
|
|
<evidence type="product" source="jar" name="package name" value="springframework" confidence="LOW"/>
|
|
</given>
|
|
<add>
|
|
<evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGH"/>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGH"/>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGH"/>
|
|
</add>
|
|
</hint>
|
|
<hint>
|
|
<given>
|
|
<evidence type="product" source="Manifest" name="Bundle-Name" value="Spring Security Core" confidence="MEDIUM"/>
|
|
<evidence type="product" source="pom" name="artifactid" value="spring-security-core" confidence="HIGH"/>
|
|
</given>
|
|
<add>
|
|
<evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGH"/>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGH"/>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGH"/>
|
|
</add>
|
|
</hint>
|
|
<hint>
|
|
<given>
|
|
<evidence type="vendor" source="composer.lock" name="vendor" value="symfony" confidence="HIGHEST"/>
|
|
</given>
|
|
<add>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="sensiolabs" confidence="HIGHEST"/>
|
|
</add>
|
|
</hint>
|
|
<hint>
|
|
<given>
|
|
<evidence type="vendor" source="composer.lock" name="vendor" value="zendframework" confidence="HIGHEST"/>
|
|
</given>
|
|
<add>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="zend" confidence="HIGHEST"/>
|
|
</add>
|
|
</hint>
|
|
<hint>
|
|
<given>
|
|
<evidence type="product" source="composer.lock" name="product" value="zendframework" confidence="HIGHEST"/>
|
|
</given>
|
|
<add>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="zend_framework" confidence="HIGHEST"/>
|
|
</add>
|
|
</hint>
|
|
|
|
<!-- begin hack for temporary patch of issue #534-->
|
|
<hint>
|
|
<given>
|
|
<fileName regex="true" contains=".*hibernate-validator-5\.0\..*"/>
|
|
</given>
|
|
<add>
|
|
<evidence type="version" source="hint" name="version" value="5.0" confidence="HIGHEST"/>
|
|
</add>
|
|
</hint>
|
|
<hint>
|
|
<given>
|
|
<fileName regex="true" contains=".*hibernate-validator-5\.1\.[01].*"/>
|
|
</given>
|
|
<add>
|
|
<evidence type="version" source="hint" name="version" value="5.1" confidence="HIGHEST"/>
|
|
</add>
|
|
</hint>
|
|
<hint>
|
|
<given>
|
|
<fileName regex="true" contains=".*hibernate-validator-4\.1\..*"/>
|
|
</given>
|
|
<add>
|
|
<evidence type="version" source="hint" name="version" value="4.1.0" confidence="HIGHEST"/>
|
|
</add>
|
|
</hint>
|
|
<hint>
|
|
<given>
|
|
<fileName regex="true" contains=".*hibernate-validator-4\.2\.0.*"/>
|
|
</given>
|
|
<add>
|
|
<evidence type="version" source="hint" name="version" value="4.2.0" confidence="HIGHEST"/>
|
|
</add>
|
|
</hint>
|
|
<hint>
|
|
<given>
|
|
<fileName regex="true" contains=".*hibernate-validator-4\.3\.[01]\..*"/>
|
|
</given>
|
|
<add>
|
|
<evidence type="version" source="hint" name="version" value="4.3.0" confidence="HIGHEST"/>
|
|
</add>
|
|
</hint>
|
|
<!-- end hack for temporary patch of issue #534-->
|
|
<!-- creating a spring boot starter project can cause your app to incorrectly be flagged as spring-->
|
|
<hint>
|
|
<given>
|
|
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGHEST"/>
|
|
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGH"/>
|
|
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="MEDIUM"/>
|
|
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="LOW"/>
|
|
</given>
|
|
<remove>
|
|
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGHEST"/>
|
|
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGH"/>
|
|
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="MEDIUM"/>
|
|
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="LOW"/>
|
|
</remove>
|
|
</hint>
|
|
<hint>
|
|
<given>
|
|
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGHEST"/>
|
|
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGH"/>
|
|
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="MEDIUM"/>
|
|
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="LOW"/>
|
|
</given>
|
|
<remove>
|
|
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGHEST"/>
|
|
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGH"/>
|
|
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="MEDIUM"/>
|
|
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="LOW"/>
|
|
</remove>
|
|
</hint>
|
|
<!--
|
|
The following hint is from the google group discussion found here: https://mail.google.com/mail/u/0/?zx=trb89qxxa4e5#inbox/15defe7b224506a2
|
|
-->
|
|
<hint>
|
|
<given>
|
|
<fileName contains="mysql-connector.*" regex="true"/>
|
|
</given>
|
|
<add>
|
|
<evidence type="product" source="hint analyzer" name="product" value="mysql_connectors" confidence="HIGHEST"/>
|
|
<evidence type="vendor" source="hint analyzer" name="vendor" value="oracle" confidence="HIGHEST"/>
|
|
</add>
|
|
</hint>
|
|
<vendorDuplicatingHint value="sun" duplicate="oracle"/>
|
|
<vendorDuplicatingHint value="oracle" duplicate="sun"/>
|
|
</hints> |