Package org.owasp.dependencycheck.dependency

Examples of org.owasp.dependencycheck.dependency.Identifier

149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
        final List<Identifier> ids = new ArrayList<Identifier>();
        ids.addAll(dependency.getIdentifiers());
        Collections.sort(ids);
        final ListIterator<Identifier> mainItr = ids.listIterator();
        while (mainItr.hasNext()) {
            final Identifier currentId = mainItr.next();
            final VulnerableSoftware currentCpe = parseCpe(currentId.getType(), currentId.getValue());
            if (currentCpe == null) {
                continue;
            }
            final ListIterator<Identifier> subItr = ids.listIterator(mainItr.nextIndex());
            while (subItr.hasNext()) {
                final Identifier nextId = subItr.next();
                final VulnerableSoftware nextCpe = parseCpe(nextId.getType(), nextId.getValue());
                if (nextCpe == null) {
                    continue;
                }
                //TODO fix the version problem below
                if (currentCpe.getVendor().equals(nextCpe.getVendor())) {
View Full Code Here
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
     */
    private void removeJreEntries(Dependency dependency) {
        final Set<Identifier> identifiers = dependency.getIdentifiers();
        final Iterator<Identifier> itr = identifiers.iterator();
        while (itr.hasNext()) {
            final Identifier i = itr.next();
            final Matcher coreCPE = CORE_JAVA.matcher(i.getValue());
            final Matcher coreFiles = CORE_FILES.matcher(dependency.getFileName());
            if (coreCPE.matches() && !coreFiles.matches()) {
                itr.remove();
            }
            final Matcher coreJsfCPE = CORE_JAVA_JSF.matcher(i.getValue());
            final Matcher coreJsfFiles = CORE_JSF_FILES.matcher(dependency.getFileName());
            if (coreJsfCPE.matches() && !coreJsfFiles.matches()) {
                itr.remove();
            }
        }
View Full Code Here
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
         * might be a better solution then just removing the URL for "best-guess" matches).
         */
        //Set<Evidence> groupId = dependency.getVendorEvidence().getEvidence("pom", "groupid");
        //Set<Evidence> artifactId = dependency.getVendorEvidence().getEvidence("pom", "artifactid");
        while (itr.hasNext()) {
            final Identifier i = itr.next();
            //TODO move this startsWith expression to a configuration file?
            if ("cpe".equals(i.getType())) {
                if ((i.getValue().matches(".*c\\+\\+.*")
                        || i.getValue().startsWith("cpe:/a:file:file")
                        || i.getValue().startsWith("cpe:/a:mozilla:mozilla")
                        || i.getValue().startsWith("cpe:/a:cvs:cvs")
                        || i.getValue().startsWith("cpe:/a:ftp:ftp")
                        || i.getValue().startsWith("cpe:/a:tcp:tcp")
                        || i.getValue().startsWith("cpe:/a:ssh:ssh")
                        || i.getValue().startsWith("cpe:/a:lookup:lookup"))
                        && (dependency.getFileName().toLowerCase().endsWith(".jar")
                        || dependency.getFileName().toLowerCase().endsWith("pom.xml")
                        || dependency.getFileName().toLowerCase().endsWith(".dll")
                        || dependency.getFileName().toLowerCase().endsWith(".exe")
                        || dependency.getFileName().toLowerCase().endsWith(".nuspec")
                        || dependency.getFileName().toLowerCase().endsWith(".nupkg"))) {
                    itr.remove();
                } else if ((i.getValue().startsWith("cpe:/a:jquery:jquery")
                        || i.getValue().startsWith("cpe:/a:prototypejs:prototype")
                        || i.getValue().startsWith("cpe:/a:yahoo:yui"))
                        && (dependency.getFileName().toLowerCase().endsWith(".jar")
                        || dependency.getFileName().toLowerCase().endsWith("pom.xml")
                        || dependency.getFileName().toLowerCase().endsWith(".dll")
                        || dependency.getFileName().toLowerCase().endsWith(".exe"))) {
                    itr.remove();
                } else if ((i.getValue().startsWith("cpe:/a:microsoft:excel")
                        || i.getValue().startsWith("cpe:/a:microsoft:word")
                        || i.getValue().startsWith("cpe:/a:microsoft:visio")
                        || i.getValue().startsWith("cpe:/a:microsoft:powerpoint")
                        || i.getValue().startsWith("cpe:/a:microsoft:office"))
                        && (dependency.getFileName().toLowerCase().endsWith(".jar")
                        || dependency.getFileName().toLowerCase().endsWith("pom.xml"))) {
                    itr.remove();
                } else if (i.getValue().startsWith("cpe:/a:apache:maven")
                        && !dependency.getFileName().toLowerCase().matches("maven-core-[\\d\\.]+\\.jar")) {
                    itr.remove();
                } else if (i.getValue().startsWith("cpe:/a:m-core:m-core")
                        && !dependency.getEvidenceUsed().containsUsedString("m-core")) {
                    itr.remove();
                } else if (i.getValue().startsWith("cpe:/a:jboss:jboss")
                        && !dependency.getFileName().toLowerCase().matches("jboss-?[\\d\\.-]+(GA)?\\.jar")) {
                    itr.remove();
                }
            }
        }
View Full Code Here
TOP

Related Classes of org.owasp.dependencycheck.dependency.Identifier

  • org.owasp.dependencycheck.analyzer.CPEAnalyzer
  • org.owasp.dependencycheck.analyzer.CPEAnalyzer$IdentifierMatch
  • org.owasp.dependencycheck.analyzer.CPEAnalyzerIntegrationTest
  • org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer
  • org.owasp.dependencycheck.suppression.SuppressionRule
  • org.owasp.dependencycheck.suppression.SuppressionRuleTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.