mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-18 17:47:05 +01:00
652 lines
83 KiB
HTML
652 lines
83 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
|
|
<title>Coverage Report</title>
|
|
<link title="Style" type="text/css" rel="stylesheet" href="css/main.css"/>
|
|
<script type="text/javascript" src="js/popup.js"></script>
|
|
</head>
|
|
<body>
|
|
<h5>Coverage Report - org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer</h5>
|
|
<div class="separator"> </div>
|
|
<table class="report">
|
|
<thead><tr> <td class="heading">Classes in this File</td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Line Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Branch Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Complexity</a></td></tr></thead>
|
|
<tr><td><a href="org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer.html">FalsePositiveAnalyzer</a></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">69%</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:69px"><span class="text">80/115</span></div></div></td></tr></table></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">46%</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:46px"><span class="text">52/112</span></div></div></td></tr></table></td><td class="value"><span class="hidden">6.454545454545454;</span>6.455</td></tr>
|
|
|
|
</table>
|
|
<div class="separator"> </div>
|
|
<table cellspacing="0" cellpadding="0" class="src">
|
|
<tr> <td class="numLine"> 1</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/*</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 2</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * This file is part of dependency-check-core.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 3</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 4</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Dependency-check-core is free software: you can redistribute it and/or modify it</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 5</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * under the terms of the GNU General Public License as published by the Free</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 6</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Software Foundation, either version 3 of the License, or (at your option) any</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 7</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * later version.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 8</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 9</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Dependency-check-core is distributed in the hope that it will be useful, but</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 10</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 11</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 12</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * details.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 13</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 14</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * You should have received a copy of the GNU General Public License along with</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 15</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * dependency-check-core. If not, see http://www.gnu.org/licenses/.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 16</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 17</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Copyright (c) 2012 Jeremy Long. All Rights Reserved.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 18</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 19</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">package</span> org.owasp.dependencycheck.analyzer;</pre></td></tr>
|
|
<tr> <td class="numLine"> 20</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 21</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> java.io.UnsupportedEncodingException;</pre></td></tr>
|
|
<tr> <td class="numLine"> 22</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> java.net.URLEncoder;</pre></td></tr>
|
|
<tr> <td class="numLine"> 23</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> java.util.ArrayList;</pre></td></tr>
|
|
<tr> <td class="numLine"> 24</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> java.util.Collections;</pre></td></tr>
|
|
<tr> <td class="numLine"> 25</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> java.util.Iterator;</pre></td></tr>
|
|
<tr> <td class="numLine"> 26</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> java.util.List;</pre></td></tr>
|
|
<tr> <td class="numLine"> 27</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> java.util.ListIterator;</pre></td></tr>
|
|
<tr> <td class="numLine"> 28</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> java.util.Set;</pre></td></tr>
|
|
<tr> <td class="numLine"> 29</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> java.util.logging.Level;</pre></td></tr>
|
|
<tr> <td class="numLine"> 30</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> java.util.logging.Logger;</pre></td></tr>
|
|
<tr> <td class="numLine"> 31</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> java.util.regex.Matcher;</pre></td></tr>
|
|
<tr> <td class="numLine"> 32</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> java.util.regex.Pattern;</pre></td></tr>
|
|
<tr> <td class="numLine"> 33</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> org.owasp.dependencycheck.Engine;</pre></td></tr>
|
|
<tr> <td class="numLine"> 34</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> org.owasp.dependencycheck.dependency.Dependency;</pre></td></tr>
|
|
<tr> <td class="numLine"> 35</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> org.owasp.dependencycheck.dependency.Identifier;</pre></td></tr>
|
|
<tr> <td class="numLine"> 36</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">import</span> org.owasp.dependencycheck.dependency.VulnerableSoftware;</pre></td></tr>
|
|
<tr> <td class="numLine"> 37</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 38</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 39</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * This analyzer attempts to remove some well known false positives -</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 40</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * specifically regarding the java runtime.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 41</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 42</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @author Jeremy Long (jeremy.long@owasp.org)</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 43</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 44</td> <td class="nbHitsCovered"> 7</td> <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">class</span> FalsePositiveAnalyzer <span class="keyword">extends</span> AbstractAnalyzer {</pre></td></tr>
|
|
<tr> <td class="numLine"> 45</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 46</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer"></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 47</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 48</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * The set of file extensions supported by this analyzer.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 49</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 50</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> Set<String> EXTENSIONS = <span class="keyword">null</span>;</pre></td></tr>
|
|
<tr> <td class="numLine"> 51</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 52</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * The name of the analyzer.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 53</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 54</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> String ANALYZER_NAME = <span class="string">"False Positive Analyzer"</span>;</pre></td></tr>
|
|
<tr> <td class="numLine"> 55</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 56</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * The phase that this analyzer is intended to run in.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 57</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 58</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.POST_IDENTIFIER_ANALYSIS;</pre></td></tr>
|
|
<tr> <td class="numLine"> 59</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 60</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 61</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Returns a list of file EXTENSIONS supported by this analyzer.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 62</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 63</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @return a list of file EXTENSIONS supported by this analyzer.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 64</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 65</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">public</span> Set<String> getSupportedExtensions() {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 66</td> <td class="nbHitsCovered"> 132</td> <td class="src"><pre class="src"> <span class="keyword">return</span> EXTENSIONS;</pre></td></tr>
|
|
<tr> <td class="numLine"> 67</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 68</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 69</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 70</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Returns the name of the analyzer.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 71</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 72</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @return the name of the analyzer.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 73</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 74</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">public</span> String getName() {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 75</td> <td class="nbHitsCovered"> 9</td> <td class="src"><pre class="src"> <span class="keyword">return</span> ANALYZER_NAME;</pre></td></tr>
|
|
<tr> <td class="numLine"> 76</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 77</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 78</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 79</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Returns whether or not this analyzer can process the given extension.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 80</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 81</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @param extension the file extension to test for support</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 82</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @return whether or not the specified file extension is supported by this</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 83</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * analyzer.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 84</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 85</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">boolean</span> supportsExtension(String extension) {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 86</td> <td class="nbHitsCovered"> 9</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">true</span>;</pre></td></tr>
|
|
<tr> <td class="numLine"> 87</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 88</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 89</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 90</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Returns the phase that the analyzer is intended to run in.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 91</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 92</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @return the phase that the analyzer is intended to run in.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 93</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 94</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">public</span> AnalysisPhase getAnalysisPhase() {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 95</td> <td class="nbHitsCovered"> 6</td> <td class="src"><pre class="src"> <span class="keyword">return</span> ANALYSIS_PHASE;</pre></td></tr>
|
|
<tr> <td class="numLine"> 96</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 97</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">//</editor-fold></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 98</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 99</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 100</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Analyzes the dependencies and removes bad/incorrect CPE associations</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 101</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * based on various heuristics.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 102</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 103</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @param dependency the dependency to analyze.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 104</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @param engine the engine that is scanning the dependencies</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 105</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @throws AnalysisException is thrown if there is an error reading the JAR</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 106</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * file.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 107</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 108</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> @Override</pre></td></tr>
|
|
<tr> <td class="numLine"> 109</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">void</span> analyze(Dependency dependency, Engine engine) <span class="keyword">throws</span> AnalysisException {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 110</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> removeJreEntries(dependency);</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 111</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> removeBadMatches(dependency);</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 112</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> removeWrongVersionMatches(dependency);</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 113</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> removeSpuriousCPE(dependency);</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 114</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> addFalseNegativeCPEs(dependency);</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 115</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 116</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 117</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 118</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * <p>Intended to remove spurious CPE entries. By spurious we mean</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 119</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * duplicate, less specific CPE entries.</p></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 120</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * <p>Example:</p></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 121</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * <code></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 122</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * cpe:/a:some-vendor:some-product</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 123</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * cpe:/a:some-vendor:some-product:1.5</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 124</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * cpe:/a:some-vendor:some-product:1.5.2</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 125</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * </code></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 126</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * <p>Should be trimmed to:</p></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 127</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * <code></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 128</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * cpe:/a:some-vendor:some-product:1.5.2</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 129</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * </code></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 130</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 131</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @param dependency the dependency being analyzed</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 132</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 133</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> @SuppressWarnings(<span class="string">"null"</span>)</pre></td></tr>
|
|
<tr> <td class="numLine"> 134</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">void</span> removeSpuriousCPE(Dependency dependency) {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 135</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> <span class="keyword">final</span> List<Identifier> ids = <span class="keyword">new</span> ArrayList<Identifier>();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 136</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> ids.addAll(dependency.getIdentifiers());</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 137</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> Collections.sort(ids);</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 138</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> <span class="keyword">final</span> ListIterator<Identifier> mainItr = ids.listIterator();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 139</td> <td class="nbHitsCovered"><a title="Line 139: Conditional coverage 100% (2/2)."> 36</a></td> <td class="src"><pre class="src"> <a title="Line 139: Conditional coverage 100% (2/2)."> <span class="keyword">while</span> (mainItr.hasNext()) {</a></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 140</td> <td class="nbHitsCovered"> 21</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Identifier currentId = mainItr.next();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 141</td> <td class="nbHitsCovered"> 21</td> <td class="src"><pre class="src"> <span class="keyword">final</span> VulnerableSoftware currentCpe = parseCpe(currentId.getType(), currentId.getValue());</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 142</td> <td class="nbHitsUncovered"><a title="Line 142: Conditional coverage 50% (1/2)."> 21</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 142: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (currentCpe == <span class="keyword">null</span>) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 143</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">continue</span>;</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 144</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 145</td> <td class="nbHitsCovered"> 21</td> <td class="src"><pre class="src"> <span class="keyword">final</span> ListIterator<Identifier> subItr = ids.listIterator(mainItr.nextIndex());</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 146</td> <td class="nbHitsCovered"><a title="Line 146: Conditional coverage 100% (2/2)."> 32</a></td> <td class="src"><pre class="src"> <a title="Line 146: Conditional coverage 100% (2/2)."> <span class="keyword">while</span> (subItr.hasNext()) {</a></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 147</td> <td class="nbHitsCovered"> 11</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Identifier nextId = subItr.next();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 148</td> <td class="nbHitsCovered"> 11</td> <td class="src"><pre class="src"> <span class="keyword">final</span> VulnerableSoftware nextCpe = parseCpe(nextId.getType(), nextId.getValue());</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 149</td> <td class="nbHitsUncovered"><a title="Line 149: Conditional coverage 50% (1/2)."> 11</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 149: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (nextCpe == <span class="keyword">null</span>) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 150</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">continue</span>;</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 151</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 152</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">//TODO fix the version problem below</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 153</td> <td class="nbHitsCovered"><a title="Line 153: Conditional coverage 100% (2/2)."> 11</a></td> <td class="src"><pre class="src"> <a title="Line 153: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (currentCpe.getVendor().equals(nextCpe.getVendor())) {</a></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 154</td> <td class="nbHitsUncovered"><a title="Line 154: Conditional coverage 50% (1/2)."> 3</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 154: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (currentCpe.getProduct().equals(nextCpe.getProduct())) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 155</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// see if one is contained in the other.. remove the contained one from dependency.getIdentifier</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 156</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> <span class="keyword">final</span> String currentVersion = currentCpe.getVersion();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 157</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> <span class="keyword">final</span> String nextVersion = nextCpe.getVersion();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 158</td> <td class="nbHitsUncovered"><a title="Line 158: Conditional coverage 50% (2/4) [each condition: 50%, 50%]."> 3</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 158: Conditional coverage 50% (2/4) [each condition: 50%, 50%]."> <span class="keyword">if</span> (currentVersion == <span class="keyword">null</span> && nextVersion == <span class="keyword">null</span>) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 159</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">//how did we get here?</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 160</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> Logger.getLogger(FalsePositiveAnalyzer.<span class="keyword">class</span></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 161</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> .getName()).log(Level.FINE, <span class="string">"currentVersion and nextVersion are both null?"</span>);</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 162</td> <td class="nbHitsUncovered"><a title="Line 162: Conditional coverage 50% (2/4) [each condition: 50%, 50%]."> 3</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 162: Conditional coverage 50% (2/4) [each condition: 50%, 50%]."> } <span class="keyword">else</span> <span class="keyword">if</span> (currentVersion == <span class="keyword">null</span> && nextVersion != <span class="keyword">null</span>) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 163</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> dependency.getIdentifiers().remove(currentId);</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 164</td> <td class="nbHitsUncovered"><a title="Line 164: Conditional coverage 0% (0/4) [each condition: 0%, 0%]."> 0</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 164: Conditional coverage 0% (0/4) [each condition: 0%, 0%]."> } <span class="keyword">else</span> <span class="keyword">if</span> (nextVersion == <span class="keyword">null</span> && currentVersion != <span class="keyword">null</span>) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 165</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> dependency.getIdentifiers().remove(nextId);</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 166</td> <td class="nbHitsUncovered"><a title="Line 166: Conditional coverage 0% (0/2)."> 0</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 166: Conditional coverage 0% (0/2)."> } <span class="keyword">else</span> <span class="keyword">if</span> (currentVersion.length() < nextVersion.length()) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 167</td> <td class="nbHitsUncovered"><a title="Line 167: Conditional coverage 0% (0/4) [each condition: 0%, 0%]."> 0</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 167: Conditional coverage 0% (0/4) [each condition: 0%, 0%]."> <span class="keyword">if</span> (nextVersion.startsWith(currentVersion) || <span class="string">"-"</span>.equals(currentVersion)) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 168</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> dependency.getIdentifiers().remove(currentId);</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 169</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 170</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> } <span class="keyword">else</span> {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 171</td> <td class="nbHitsUncovered"><a title="Line 171: Conditional coverage 0% (0/4) [each condition: 0%, 0%]."> 0</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 171: Conditional coverage 0% (0/4) [each condition: 0%, 0%]."> <span class="keyword">if</span> (currentVersion.startsWith(nextVersion) || <span class="string">"-"</span>.equals(nextVersion)) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 172</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> dependency.getIdentifiers().remove(nextId);</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 173</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 174</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 175</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 176</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 177</td> <td class="nbHitsCovered"> 11</td> <td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 178</td> <td class="nbHitsCovered"> 21</td> <td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 179</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 180</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 181</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Regex to identify core java libraries and a few other commonly</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 182</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * misidentified ones.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 183</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 184</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">final</span> Pattern CORE_JAVA = Pattern.compile(<span class="string">"^cpe:/a:(sun|oracle|ibm):(j2[ems]e|"</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 185</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> + <span class="string">"java(_platfrom_micro_edition|_runtime_environment|_se|virtual_machine|se_development_kit|fx)?|"</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 186</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> + <span class="string">"jdk|jre|jsf|jsse)($|:.*)"</span>);</pre></td></tr>
|
|
<tr> <td class="numLine"> 187</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 188</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Regex to identify core java library files. This is currently incomplete.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 189</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 190</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">final</span> Pattern CORE_FILES = Pattern.compile(<span class="string">"^((alt[-])?rt|jsf[-].*|jsse|jfxrt|jfr|jce|javaws|deploy|charsets)\\.jar$"</span>);</pre></td></tr>
|
|
<tr> <td class="numLine"> 191</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 192</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 193</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Removes any CPE entries for the JDK/JRE unless the filename ends with</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 194</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * rt.jar</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 195</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 196</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @param dependency the dependency to remove JRE CPEs from</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 197</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 198</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">void</span> removeJreEntries(Dependency dependency) {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 199</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Set<Identifier> identifiers = dependency.getIdentifiers();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 200</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Iterator<Identifier> itr = identifiers.iterator();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 201</td> <td class="nbHitsCovered"><a title="Line 201: Conditional coverage 100% (2/2)."> 37</a></td> <td class="src"><pre class="src"> <a title="Line 201: Conditional coverage 100% (2/2)."> <span class="keyword">while</span> (itr.hasNext()) {</a></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 202</td> <td class="nbHitsCovered"> 22</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Identifier i = itr.next();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 203</td> <td class="nbHitsCovered"> 22</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Matcher coreCPE = CORE_JAVA.matcher(i.getValue());</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 204</td> <td class="nbHitsCovered"> 22</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Matcher coreFiles = CORE_FILES.matcher(dependency.getFileName());</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 205</td> <td class="nbHitsUncovered"><a title="Line 205: Conditional coverage 25% (1/4) [each condition: 50%, 0%]."> 22</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 205: Conditional coverage 25% (1/4) [each condition: 50%, 0%]."> <span class="keyword">if</span> (coreCPE.matches() && !coreFiles.matches()) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 206</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> itr.remove();</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 207</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 208</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 209</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">//replacecd with the regex above.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 210</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// if (("cpe:/a:sun:java".equals(i.getValue())</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 211</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || "cpe:/a:oracle:java".equals(i.getValue())</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 212</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || "cpe:/a:ibm:java".equals(i.getValue())</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 213</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || "cpe:/a:sun:j2se".equals(i.getValue())</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 214</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || "cpe:/a:oracle:j2se".equals(i.getValue())</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 215</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || i.getValue().startsWith("cpe:/a:sun:java:")</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 216</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || i.getValue().startsWith("cpe:/a:sun:j2se:")</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 217</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || i.getValue().startsWith("cpe:/a:sun:java:jre")</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 218</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || i.getValue().startsWith("cpe:/a:sun:java:jdk")</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 219</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || i.getValue().startsWith("cpe:/a:sun:java_se")</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 220</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || i.getValue().startsWith("cpe:/a:oracle:java_se")</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 221</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || i.getValue().startsWith("cpe:/a:oracle:java:")</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 222</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || i.getValue().startsWith("cpe:/a:oracle:j2se:")</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 223</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || i.getValue().startsWith("cpe:/a:oracle:jre")</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 224</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || i.getValue().startsWith("cpe:/a:oracle:jdk")</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 225</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// || i.getValue().startsWith("cpe:/a:ibm:java:"))</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 226</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// && !dependency.getFileName().toLowerCase().endsWith("rt.jar")) {</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 227</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// itr.remove();</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 228</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">// }</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 229</td> <td class="nbHitsCovered"> 22</td> <td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 230</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 231</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 232</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 233</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Parses a CPE string into an IndexEntry.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 234</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 235</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @param type the type of identifier</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 236</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @param value the cpe identifier to parse</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 237</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @return an VulnerableSoftware object constructed from the identifier</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 238</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 239</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">private</span> VulnerableSoftware parseCpe(String type, String value) {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 240</td> <td class="nbHitsUncovered"><a title="Line 240: Conditional coverage 50% (1/2)."> 32</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 240: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (!<span class="string">"cpe"</span>.equals(type)) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 241</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">return</span> <span class="keyword">null</span>;</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 242</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 243</td> <td class="nbHitsCovered"> 32</td> <td class="src"><pre class="src"> <span class="keyword">final</span> VulnerableSoftware cpe = <span class="keyword">new</span> VulnerableSoftware();</pre></td></tr>
|
|
<tr> <td class="numLine"> 244</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">try</span> {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 245</td> <td class="nbHitsCovered"> 32</td> <td class="src"><pre class="src"> cpe.parseName(value);</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 246</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> } <span class="keyword">catch</span> (UnsupportedEncodingException ex) {</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 247</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> Logger.getLogger(FalsePositiveAnalyzer.<span class="keyword">class</span>.getName()).log(Level.FINEST, <span class="keyword">null</span>, ex);</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 248</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">return</span> <span class="keyword">null</span>;</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 249</td> <td class="nbHitsCovered"> 32</td> <td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 250</td> <td class="nbHitsCovered"> 32</td> <td class="src"><pre class="src"> <span class="keyword">return</span> cpe;</pre></td></tr>
|
|
<tr> <td class="numLine"> 251</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 252</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 253</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 254</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Removes bad CPE matches for a dependency. Unfortunately, right now these</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 255</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * are hard-coded patches for specific problems identified when testing this</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 256</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * on a LARGE volume of jar files.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 257</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 258</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @param dependency the dependency to analyze</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 259</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 260</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">void</span> removeBadMatches(Dependency dependency) {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 261</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Set<Identifier> identifiers = dependency.getIdentifiers();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 262</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Iterator<Identifier> itr = identifiers.iterator();</pre></td></tr>
|
|
<tr> <td class="numLine"> 263</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 264</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/* TODO - can we utilize the pom's groupid and artifactId to filter??? most of</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 265</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * these are due to low quality data. Other idea would be to say any CPE</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 266</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * found based on LOW confidence evidence should have a different CPE type? (this</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 267</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * might be a better solution then just removing the URL for "best-guess" matches).</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 268</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 269</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 270</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">//Set<Evidence> groupId = dependency.getVendorEvidence().getEvidence("pom", "groupid");</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 271</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">//Set<Evidence> artifactId = dependency.getVendorEvidence().getEvidence("pom", "artifactid");</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 272</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLineCover"> 273</td> <td class="nbHitsCovered"><a title="Line 273: Conditional coverage 100% (2/2)."> 37</a></td> <td class="src"><pre class="src"> <a title="Line 273: Conditional coverage 100% (2/2)."> <span class="keyword">while</span> (itr.hasNext()) {</a></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 274</td> <td class="nbHitsCovered"> 22</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Identifier i = itr.next();</pre></td></tr>
|
|
<tr> <td class="numLine"> 275</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">//TODO move this startswith expression to a configuration file?</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 276</td> <td class="nbHitsUncovered"><a title="Line 276: Conditional coverage 50% (1/2)."> 22</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 276: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (<span class="string">"cpe"</span>.equals(i.getType())) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 277</td> <td class="nbHitsUncovered"><a title="Line 277: Conditional coverage 55% (11/20) [each condition: 50%, 50%, 50%, 50%, 100%, 50%, 50%, 50%, 50%, 50%]."> 22</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 277: Conditional coverage 55% (11/20) [each condition: 50%, 50%, 50%, 50%, 100%, 50%, 50%, 50%, 50%, 50%]."> <span class="keyword">if</span> ((i.getValue().matches(<span class="string">".*c\\+\\+.*"</span>)</a></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 278</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> || i.getValue().startsWith(<span class="string">"cpe:/a:jquery:jquery"</span>)</pre></td></tr>
|
|
<tr> <td class="numLine"> 279</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> || i.getValue().startsWith(<span class="string">"cpe:/a:prototypejs:prototype"</span>)</pre></td></tr>
|
|
<tr> <td class="numLine"> 280</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> || i.getValue().startsWith(<span class="string">"cpe:/a:yahoo:yui"</span>)</pre></td></tr>
|
|
<tr> <td class="numLine"> 281</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> || i.getValue().startsWith(<span class="string">"cpe:/a:file:file"</span>)</pre></td></tr>
|
|
<tr> <td class="numLine"> 282</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> || i.getValue().startsWith(<span class="string">"cpe:/a:mozilla:mozilla"</span>)</pre></td></tr>
|
|
<tr> <td class="numLine"> 283</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> || i.getValue().startsWith(<span class="string">"cpe:/a:cvs:cvs"</span>)</pre></td></tr>
|
|
<tr> <td class="numLine"> 284</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> || i.getValue().startsWith(<span class="string">"cpe:/a:ftp:ftp"</span>)</pre></td></tr>
|
|
<tr> <td class="numLine"> 285</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> || i.getValue().startsWith(<span class="string">"cpe:/a:ssh:ssh"</span>))</pre></td></tr>
|
|
<tr> <td class="numLine"> 286</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> && dependency.getFileName().toLowerCase().endsWith(<span class="string">".jar"</span>)) {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 287</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> itr.remove();</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 288</td> <td class="nbHitsUncovered"><a title="Line 288: Conditional coverage 25% (1/4) [each condition: 50%, 0%]."> 22</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 288: Conditional coverage 25% (1/4) [each condition: 50%, 0%]."> } <span class="keyword">else</span> <span class="keyword">if</span> (i.getValue().startsWith(<span class="string">"cpe:/a:apache:maven"</span>)</a></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 289</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> && !dependency.getFileName().toLowerCase().matches(<span class="string">"maven-core-[\\d\\.]+\\.jar"</span>)) {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 290</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> itr.remove();</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 291</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 292</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 293</td> <td class="nbHitsCovered"> 22</td> <td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 294</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 295</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 296</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 297</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * Removes CPE matches for the wrong version of a dependency. Currently,</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 298</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * this only covers Axis 1 & 2.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 299</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 300</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @param dependency the dependency to analyze</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 301</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 302</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">void</span> removeWrongVersionMatches(Dependency dependency) {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 303</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Set<Identifier> identifiers = dependency.getIdentifiers();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 304</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Iterator<Identifier> itr = identifiers.iterator();</pre></td></tr>
|
|
<tr> <td class="numLine"> 305</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLineCover"> 306</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> <span class="keyword">final</span> String fileName = dependency.getFileName();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 307</td> <td class="nbHitsUncovered"><a title="Line 307: Conditional coverage 75% (3/4) [each condition: 50%, 100%]."> 15</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 307: Conditional coverage 75% (3/4) [each condition: 50%, 100%]."> <span class="keyword">if</span> (fileName != <span class="keyword">null</span> && fileName.contains(<span class="string">"axis2"</span>)) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 308</td> <td class="nbHitsCovered"><a title="Line 308: Conditional coverage 100% (2/2)."> 3</a></td> <td class="src"><pre class="src"> <a title="Line 308: Conditional coverage 100% (2/2)."> <span class="keyword">while</span> (itr.hasNext()) {</a></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 309</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Identifier i = itr.next();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 310</td> <td class="nbHitsUncovered"><a title="Line 310: Conditional coverage 50% (1/2)."> 2</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 310: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (<span class="string">"cpe"</span>.equals(i.getType())) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 311</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> <span class="keyword">final</span> String cpe = i.getValue();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 312</td> <td class="nbHitsUncovered"><a title="Line 312: Conditional coverage 66% (4/6) [each condition: 50%, 100%, 50%]."> 2</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 312: Conditional coverage 66% (4/6) [each condition: 50%, 100%, 50%]."> <span class="keyword">if</span> (cpe != <span class="keyword">null</span> && (cpe.startsWith(<span class="string">"cpe:/a:apache:axis:"</span>) || <span class="string">"cpe:/a:apache:axis"</span>.equals(cpe))) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 313</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> itr.remove();</pre></td></tr>
|
|
<tr> <td class="numLine"> 314</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 315</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 316</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 317</td> <td class="nbHitsUncovered"><a title="Line 317: Conditional coverage 50% (2/4) [each condition: 50%, 50%]."> 14</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 317: Conditional coverage 50% (2/4) [each condition: 50%, 50%]."> } <span class="keyword">else</span> <span class="keyword">if</span> (fileName != <span class="keyword">null</span> && fileName.contains(<span class="string">"axis"</span>)) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 318</td> <td class="nbHitsUncovered"><a title="Line 318: Conditional coverage 0% (0/2)."> 0</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 318: Conditional coverage 0% (0/2)."> <span class="keyword">while</span> (itr.hasNext()) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 319</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">final</span> Identifier i = itr.next();</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 320</td> <td class="nbHitsUncovered"><a title="Line 320: Conditional coverage 0% (0/2)."> 0</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 320: Conditional coverage 0% (0/2)."> <span class="keyword">if</span> (<span class="string">"cpe"</span>.equals(i.getType())) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 321</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">final</span> String cpe = i.getValue();</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 322</td> <td class="nbHitsUncovered"><a title="Line 322: Conditional coverage 0% (0/6) [each condition: 0%, 0%, 0%]."> 0</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 322: Conditional coverage 0% (0/6) [each condition: 0%, 0%, 0%]."> <span class="keyword">if</span> (cpe != <span class="keyword">null</span> && (cpe.startsWith(<span class="string">"cpe:/a:apache:axis2:"</span>) || <span class="string">"cpe:/a:apache:axis2"</span>.equals(cpe))) {</a></span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 323</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> itr.remove();</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 324</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 325</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 326</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> }</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 327</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 328</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 329</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> </pre></td></tr>
|
|
<tr> <td class="numLine"> 330</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 331</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * There are some known CPE entries, specifically regarding sun and oracle</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 332</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * products due to the acquisition and changes in product names, that based</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 333</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * on given evidence we can add the related CPE entries to ensure a complete</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 334</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * list of CVE entries.</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 335</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 336</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> * @param dependency the dependency being analyzed</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 337</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 338</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">void</span> addFalseNegativeCPEs(Dependency dependency) {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 339</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Iterator<Identifier> itr = dependency.getIdentifiers().iterator();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 340</td> <td class="nbHitsCovered"><a title="Line 340: Conditional coverage 100% (2/2)."> 33</a></td> <td class="src"><pre class="src"> <a title="Line 340: Conditional coverage 100% (2/2)."> <span class="keyword">while</span> (itr.hasNext()) {</a></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 341</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> <span class="keyword">final</span> Identifier i = itr.next();</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 342</td> <td class="nbHitsUncovered"><a title="Line 342: Conditional coverage 50% (6/12) [each condition: 50%, 50%, 50%, 50%, 50%, 50%]."> 18</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 342: Conditional coverage 50% (6/12) [each condition: 50%, 50%, 50%, 50%, 50%, 50%]."> <span class="keyword">if</span> (<span class="string">"cpe"</span>.equals(i.getType()) && i.getValue() != <span class="keyword">null</span></a></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 343</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> && (i.getValue().startsWith(<span class="string">"cpe:/a:oracle:opensso:"</span>)</pre></td></tr>
|
|
<tr> <td class="numLine"> 344</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> || i.getValue().startsWith(<span class="string">"cpe:/a:oracle:opensso_enterprise:"</span>)</pre></td></tr>
|
|
<tr> <td class="numLine"> 345</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> || i.getValue().startsWith(<span class="string">"cpe:/a:sun:opensso_enterprise:"</span>)</pre></td></tr>
|
|
<tr> <td class="numLine"> 346</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> || i.getValue().startsWith(<span class="string">"cpe:/a:sun:opensso:"</span>))) {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 347</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">final</span> String newCpe = String.format(<span class="string">"cpe:/a:sun:opensso_enterprise:%s"</span>, i.getValue().substring(22));</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 348</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">final</span> String newCpe2 = String.format(<span class="string">"cpe:/a:oracle:opensso_enterprise:%s"</span>, i.getValue().substring(22));</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 349</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">final</span> String newCpe3 = String.format(<span class="string">"cpe:/a:sun:opensso:%s"</span>, i.getValue().substring(22));</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 350</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">final</span> String newCpe4 = String.format(<span class="string">"cpe:/a:oracle:opensso:%s"</span>, i.getValue().substring(22));</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 351</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> <span class="keyword">try</span> {</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 352</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> dependency.addIdentifier(<span class="string">"cpe"</span>,</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 353</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> newCpe,</pre></td></tr>
|
|
<tr> <td class="numLine"> 354</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> String.format(<span class="string">"http://web.nvd.nist.gov/view/vuln/search?cpe=%s"</span>, URLEncoder.encode(newCpe, <span class="string">"UTF-8"</span>)));</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 355</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> dependency.addIdentifier(<span class="string">"cpe"</span>,</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 356</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> newCpe2,</pre></td></tr>
|
|
<tr> <td class="numLine"> 357</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> String.format(<span class="string">"http://web.nvd.nist.gov/view/vuln/search?cpe=%s"</span>, URLEncoder.encode(newCpe2, <span class="string">"UTF-8"</span>)));</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 358</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> dependency.addIdentifier(<span class="string">"cpe"</span>,</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 359</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> newCpe3,</pre></td></tr>
|
|
<tr> <td class="numLine"> 360</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> String.format(<span class="string">"http://web.nvd.nist.gov/view/vuln/search?cpe=%s"</span>, URLEncoder.encode(newCpe3, <span class="string">"UTF-8"</span>)));</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 361</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> dependency.addIdentifier(<span class="string">"cpe"</span>,</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 362</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> newCpe4,</pre></td></tr>
|
|
<tr> <td class="numLine"> 363</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> String.format(<span class="string">"http://web.nvd.nist.gov/view/vuln/search?cpe=%s"</span>, URLEncoder.encode(newCpe4, <span class="string">"UTF-8"</span>)));</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 364</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> } <span class="keyword">catch</span> (UnsupportedEncodingException ex) {</span></pre></td></tr>
|
|
<tr> <td class="numLineCover"> 365</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> Logger.getLogger(FalsePositiveAnalyzer.<span class="keyword">class</span></span></pre></td></tr>
|
|
<tr> <td class="numLine"> 366</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> .getName()).log(Level.FINE, <span class="keyword">null</span>, ex);</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 367</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> }</span></pre></td></tr>
|
|
<tr> <td class="numLine"> 368</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 369</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLineCover"> 370</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> }</pre></td></tr>
|
|
<tr> <td class="numLine"> 371</td> <td class="nbHits"> </td>
|
|
<td class="src"><pre class="src"> }</pre></td></tr>
|
|
</table>
|
|
|
|
<div class="footer">Report generated by <a href="http://cobertura.sourceforge.net/" target="_top">Cobertura</a> 1.9.4.1 on 12/1/13 8:06 AM.</div>
|
|
</body>
|
|
</html>
|