odc-analyzer/app/views/dependencyDetailsInner.scala.html

@(depPrefix: String, dep: GroupedDependency, selectorOption: Option[String], showAffectedProjects: Boolean, expandVulnerabilities: Boolean = false, vulnerabilitySearch: Boolean = true)

@if(vulnerabilitySearch){
    @vulnerableSoftwareSearches(dep) match {
        case Seq() => {}
        case Seq((link, description)) => {
            <p>
                <a href="@link" title="Search for known vulnerabilities" class="btn btn-default">Look for vulnerabilities in other versions</a>
            </p>
        }
        case options => {
            <p>
                <div class="dropdown">
                    <button class="btn btn-default dropdown-toggle" type="button" data-toggle="dropdown">Look for vulnerabilities in other versions <span class="caret"></span></button>
                    <ul class="dropdown-menu">
                        @for((link, description) <- options){
                            <li><a href="@link">@description</a></li>
                        }
                    </ul>
                </div>
            </p>
        }
    }
}

@if(dep.descriptions.size > 1){
    <div class="alert alert-warning">Multiple descriptions for this dependency!</div>
}
@for(descriptionParagraphs <- dep.parsedDescriptions){
    <div class="description">
    @for(descriptionParagraphLines <- descriptionParagraphs){
        <p>
        @for(line <- descriptionParagraphLines) {
            @line<br>
        }
        </p>
    }
    </div>
}
<h4 class="expandable" data-toggle="collapse" data-target="#@depPrefix-license">License</h4>
<div class="collapse in" id="@depPrefix-license">@dep.dependencies.map(_._1.license).toSet.toSeq.sorted match {
    case Seq("") => {<i>unknown</i>}
    case Seq(license) => {@license}
    case licenses => {It seems to have multiple licenses detected. Maybe it is a good idea to recheck it manually. Detected licenses: @licenses.mkString(", ")}
}</div>
<h4 class="expandable collapsed" data-toggle="collapse" data-target="#@depPrefix-evidence-details">Evidence</h4>
<div id="@depPrefix-evidence-details" class="collapse">
    <p>Dependency Check uses so-called <i>evidence</i> for matching of identifiers. When results don't match your expectations, you might find the reason here.</p>
    <table class="table table-bordered table-condensed">
        <tr>
            <th>confidence</th>
            <th>evidence type</th>
            <th>name</th>
            <th>source</th>
            <th>value</th>
        </tr>
        @for(fileName <- dep.fileNames.toIndexedSeq.sorted){
            <tr>
                <td></td>
                <td><i>filename</i></td>
                <td></td>
                <td></td>
                <td>@fileName</td>
            </tr>
        }
        @for(ev <- dep.dependencies.keySet.map(_.evidenceCollected).flatten){
            <tr>
                <td>@ev.confidence
                <td>@ev.evidenceType
                <td>@ev.name
                <td>@ev.source
                <td>@ev.value
            </tr>
        }
    </table>
</div>
@if(showAffectedProjects){
    <h4 class="expandable" data-toggle="collapse" data-target="#@depPrefix-projects-details">Affected projects (@dep.projects.size)</h4>
    <div id="@depPrefix-projects-details" class="collapse in">
        <ul>
            @for(p <- dep.projects.toIndexedSeq.sorted){
                <li>@friendlyProjectName(p)</li>
            }
        </ul>
        @if(selectorOption.isDefined){
            <h5 class="expandable collapsed sublist" data-toggle="collapse" data-target="#@depPrefix-projects-all-details">All affected projects (including those that aren't included by the filter)</h5>
            <div id="@depPrefix-projects-all-details" class="collapse" data-lazyload-url="@routes.Statistics.affectedProjects(
                depId = dep.hashes
            )"></div>
        }
    </div>
}
<h4 class="expandable" data-toggle="collapse" data-target="#@depPrefix-vulnerabilities-details">Vulnerabilities (@dep.vulnerabilities.size)</h4>
<ul id="@depPrefix-vulnerabilities-details" class="collapse in vulnerabilities-details">
    @for(vuln <- dep.vulnerabilities.toSeq.sortBy(_.cvssScore.map(-_)); vulnPrefix = s"$depPrefix-vulnerabilities-details-${vuln.name}"){
        <li>
            <h5 data-toggle="collapse" class="expandable@if(!expandVulnerabilities){ collapsed}" data-target="#@vulnPrefix-details">
                @vuln.name
                <a href="@routes.Statistics.vulnerability(vuln.name, selectorOption)" target="_blank" onclick="event.stopPropagation();"><span class="glyphicon glyphicon-new-window"></span></a>
                @*@if(vuln.likelyMatchesOnlyWithoutVersion(dep.identifiers)){<span class="warning-expandable" title="Heuristics suspect false positive. Double check <b>what version</b> does this vulnerability apply to, please. It seems that the vulnerability database does not provide enough information to check it automatically." onmouseover="$(this).tooltip({placement: 'right', html:true}).tooltip('show');"></span>}*@
            </h5>
            <div id="@vulnPrefix-details" class="collapse vulnerability-expandable@if(expandVulnerabilities){ in}">
                @vulnerability("h6", depPrefix+"-"+vuln.name, vuln)
                <p><a class="btn btn-primary more" target="_blank" href="@routes.Statistics.vulnerability(vuln.name, selectorOption)">Full details about this vulnerability</a></p>
            </div>
        </li>
    }
</ul>