Examples of org.owasp.dependencycheck.dependency.Evidence

Package org.owasp.dependencycheck.dependency

Examples of org.owasp.dependencycheck.dependency.Evidence

org.owasp.dependencycheck.dependency.Evidence
Evidence is a piece of information about a Dependency. @author Jeremy Long

    @Test
    public void testLog4Net() throws Exception {
        File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath());
        Dependency d = new Dependency(f);
        analyzer.analyze(d, null);
        assertTrue(d.getVersionEvidence().getEvidence().contains(new Evidence("grokassembly", "version", "1.2.13.0", Confidence.HIGHEST)));
        assertTrue(d.getVendorEvidence().getEvidence().contains(new Evidence("grokassembly", "vendor", "The Apache Software Foundation", Confidence.HIGH)));
        assertTrue(d.getProductEvidence().getEvidence().contains(new Evidence("grokassembly", "product", "log4net", Confidence.HIGH)));
    }

View Full Code Here

                gdep = d;
            } else if (d.getActualFile().equals(spring)) {
                sdep = d;
            }
        }
        final Evidence springTest1 = new Evidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
        final Evidence springTest2 = new Evidence("hint analyzer", "vendor", "SpringSource", Confidence.HIGH);
        final Evidence springTest3 = new Evidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
        final Evidence springTest4 = new Evidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
        final Evidence springTest5 = new Evidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);


        Set<Evidence> evidence = gdep.getEvidence().getEvidence();
        assertFalse(evidence.contains(springTest1));
        assertFalse(evidence.contains(springTest2));
        assertFalse(evidence.contains(springTest3));

View Full Code Here

                throw new AnalysisException(error);
            }


            final String version = xpath.evaluate("/assembly/version", doc);
            if (version != null) {
                dependency.getVersionEvidence().addEvidence(new Evidence("grokassembly", "version",
                        version, Confidence.HIGHEST));
            }


            final String vendor = xpath.evaluate("/assembly/company", doc);
            if (vendor != null) {
                dependency.getVendorEvidence().addEvidence(new Evidence("grokassembly", "vendor",
                        vendor, Confidence.HIGH));
            }


            final String product = xpath.evaluate("/assembly/product", doc);
            if (product != null) {
                dependency.getProductEvidence().addEvidence(new Evidence("grokassembly", "product",
                        product, Confidence.HIGH));
            }


        } catch (IOException ioe) {
            throw new AnalysisException(ioe);

View Full Code Here

     * @param engine The scanning engine
     * @throws AnalysisException is thrown if there is an exception analyzing the dependency.
     */
    @Override
    public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
        final Evidence springTest1 = new Evidence("Manifest",
                "Implementation-Title",
                "Spring Framework",
                Confidence.HIGH);


        final Evidence springTest2 = new Evidence("Manifest",
                "Implementation-Title",
                "org.springframework.core",
                Confidence.HIGH);


        final Evidence springTest3 = new Evidence("Manifest",
                "Bundle-Vendor",
                "SpringSource",
                Confidence.HIGH);


        Set<Evidence> evidence = dependency.getProductEvidence().getEvidence();
        if (evidence.contains(springTest1) || evidence.contains(springTest2)) {
            dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
            dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "SpringSource", Confidence.HIGH);
            dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
        }


        evidence = dependency.getVendorEvidence().getEvidence();
        if (evidence.contains(springTest3)) {
            dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
            dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
        }
        final Iterator<Evidence> itr = dependency.getVendorEvidence().iterator();
        final ArrayList<Evidence> newEntries = new ArrayList<Evidence>();
        while (itr.hasNext()) {
            final Evidence e = itr.next();
            if ("sun".equalsIgnoreCase(e.getValue(false))) {
                final Evidence newEvidence = new Evidence(e.getSource() + " (hint)", e.getName(), "oracle", e.getConfidence());
                newEntries.add(newEvidence);
            } else if ("oracle".equalsIgnoreCase(e.getValue(false))) {
                final Evidence newEvidence = new Evidence(e.getSource() + " (hint)", e.getName(), "sun", e.getConfidence());
                newEntries.add(newEvidence);
            }
        }
        for (Evidence e : newEntries) {
            dependency.getVendorEvidence().addEvidence(e);

View Full Code Here

TOP

Related Classes of org.owasp.dependencycheck.dependency.Evidence

org.owasp.dependencycheck.analyzer.AssemblyAnalyzer

org.owasp.dependencycheck.analyzer.AssemblyAnalyzerTest

org.owasp.dependencycheck.analyzer.HintAnalyzer

org.owasp.dependencycheck.analyzer.HintAnalyzerTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.