github-mirrors/odc-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-analyzer.git synced 2026-01-16 16:47:13 +01:00
Code Issues 2 Packages Projects Releases Wiki Activity
Files
abceccae5f833767f1415822cd90c5bdba28fc0f
odc-analyzer/app/views/dependencyDetailsInner.scala.html
Šesták Vít 6044947481 Added false positive heuristics.
2017-03-31 09:05:45 +02:00

82 lines
4.1 KiB
HTML
Raw Blame History

@(depPrefix: String, dep: GroupedDependency, selectorOption: Option[String])
@dep.cpeIdentifiers.toSeq match {
case Seq() => {}
case cpeIds => {
<p>
<a href="@routes.Statistics.searchVulnerableSoftware(
cpeIds.map(_.name.split(':').take(4).mkString(":")).toSeq, None
)" title="Search for known vulnerabilities" class="btn btn-default">Look for vulnerabilities in other versions</a>
</p>
}
}
@if(dep.descriptions.size > 1){
<div class="alert alert-warning">Multiple descriptions for this dependency!</div>
}
@for(descriptionParagraphs <- dep.parsedDescriptions){
<div class="description">
@for(descriptionParagraphLines <- descriptionParagraphs){
<p>
@for(line <- descriptionParagraphLines) {
@line<br>
}
</p>
}
</div>
}
<h4 class="expandable" data-toggle="collapse" data-target="#@depPrefix-license">License</h4>
<div class="collapse in" id="@depPrefix-license">@dep.dependencies.map(_._1.license).toSet.toSeq.sorted match {
case Seq("") => {<i>unknown</i>}
case Seq(license) => {@license}
case licenses => {It seems to have multiple licenses detected. Maybe it is a good idea to recheck it manually. Detected licenses: @licenses.mkString(", ")}
}</div>
<h4 class="expandable collapsed" data-toggle="collapse" data-target="#@depPrefix-evidence-details">Evidence</h4>
<div id="@depPrefix-evidence-details" class="collapse">
<p>Dependency Check uses so-called <i>evidence</i> for matching of identifiers. When results don't match your expectations, you might find the reason here.</p>
<table class="table table-bordered table-condensed">
<tr>
<th>confidence</th>
<th>evidence type</th>
<th>name</th>
<th>source</th>
<th>value</th>
</tr>
@for(fileName <- dep.fileNames.toIndexedSeq.sorted){
<tr>
<td></td>
<td><i>filename</i></td>
<td></td>
<td></td>
<td>@fileName</td>
</tr>
}
@for(ev <- dep.dependencies.keySet.map(_.evidenceCollected).flatten){
<tr>
<td>@ev.confidence
<td>@ev.evidenceType
<td>@ev.name
<td>@ev.source
<td>@ev.value
</tr>
}
</table>
</div>
<h4 class="expandable" data-toggle="collapse" data-target="#@depPrefix-projects-details">Affected projects (@dep.projects.size)</h4>
<ul id="@depPrefix-projects-details" class="collapse in">@for(p <- dep.projects.toIndexedSeq.sorted){<li>@friendlyProjectName(p)</li>}</ul>
<h4 class="expandable" data-toggle="collapse" data-target="#@depPrefix-vulnerabilities-details">Vulnerabilities (@dep.vulnerabilities.size)</h4>
<ul id="@depPrefix-vulnerabilities-details" class="collapse in vulnerabilities-details">
@for(vuln <- dep.vulnerabilities.toSeq.sortBy(_.cvssScore.map(-_)); vulnPrefix = s"$depPrefix-vulnerabilities-details-${vuln.name}"){
<li>
<h5 data-toggle="collapse" class="expandable collapsed" data-target="#@vulnPrefix-details">
@vuln.name
<a href="@routes.Statistics.vulnerability(vuln.name, selectorOption)" target="_blank" onclick="event.stopPropagation();"><span class="glyphicon glyphicon-new-window"></span></a>
@if(vuln.likelyMatchesOnlyWithoutVersion(dep.identifiers)){<span class="warning-expandable" title="Heuristics suspect false positive. Double check <b>what version</b> does this vulnerability apply to, please. It seems that the vulnerability database does not provide enough information to check it automatically." onmouseover="$(this).tooltip({placement: 'right', html:true}).tooltip('show');"></span>}
</h5>
<div id="@vulnPrefix-details" class="collapse vulnerability-expandable">
@vulnerability("h6", depPrefix+"-"+vuln.name, vuln)
<p><a class="btn btn-primary more" target="_blank" href="@routes.Statistics.vulnerability(vuln.name, selectorOption)">Full details about this vulnerability</a></p>
</div>
</li>
}
</ul>
Reference in New Issue View Git Blame Copy Permalink