Package org.owasp.dependencycheck.dependency

Examples of org.owasp.dependencycheck.dependency.Identifier

572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
        final Confidence bestEvidenceQuality = collected.get(0).getEvidenceConfidence();
        boolean identifierAdded = false;
        for (IdentifierMatch m : collected) {
            if (bestIdentifierQuality.equals(m.getConfidence())
                    && bestEvidenceQuality.equals(m.getEvidenceConfidence())) {
                final Identifier i = m.getIdentifier();
                if (bestIdentifierQuality == IdentifierConfidence.BEST_GUESS) {
                    i.setConfidence(Confidence.LOW);
                } else {
                    i.setConfidence(bestEvidenceQuality);
                }
                dependency.addIdentifier(i);
                identifierAdded = true;
            }
        }
View Full Code Here
620
621
622
623
624
625
626
627
628
         * @param url the URL of the identifier
         * @param identifierConfidence the confidence in the identifier: best guess or exact match
         * @param evidenceConfidence the confidence of the evidence used to find the identifier
         */
        IdentifierMatch(String type, String value, String url, IdentifierConfidence identifierConfidence, Confidence evidenceConfidence) {
            this.identifier = new Identifier(type, value, url);
            this.confidence = identifierConfidence;
            this.evidenceConfidence = evidenceConfidence;
        }
View Full Code Here
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
        }
        if (gav != null) {
            final Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
            boolean gavFound = false;
            while (itr.hasNext()) {
                final Identifier i = itr.next();
                if (identifierMatches("maven", this.gav, i)) {
                    gavFound = true;
                    break;
                }
            }
            if (!gavFound) {
                return;
            }
        }

        if (this.hasCpe()) {
            final Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
            while (itr.hasNext()) {
                final Identifier i = itr.next();
                for (PropertyType c : this.cpe) {
                    if (identifierMatches("cpe", c, i)) {
                        if (!isBase()) {
                            dependency.addSuppressedIdentifier(i);
                        }
View Full Code Here
119
120
121
122
123
124
125
126
127
128
129
        hAnalyzer.analyze(dep, null);
        instance.analyze(dep, null);
        fp.analyze(dep, null);

        if (expResult != null) {
            Identifier expIdentifier = new Identifier("cpe", expResult, expResult);
            Assert.assertTrue("Incorrect match: { dep:'" + dep.getFileName() + "' }", dep.getIdentifiers().contains(expIdentifier));
        } else {
            for (Identifier i : dep.getIdentifiers()) {
                Assert.assertFalse(String.format("%s - found a CPE identifier when should have been none (found '%s')", dep.getFileName(), i.getValue()), "cpe".equals(i.getType()));
            }
View Full Code Here
166
167
168
169
170
171
172
173
174
175
176
        instance.determineCPE(spring);
        instance.determineCPE(spring3);
        instance.close();

        String expResult = "cpe:/a:apache:struts:2.1.2";
        Identifier expIdentifier = new Identifier("cpe", expResult, expResult);
        String expResultSpring = "cpe:/a:springsource:spring_framework:2.5.5";
        String expResultSpring3 = "cpe:/a:vmware:springsource_spring_framework:3.0.0";

        for (Identifier i : commonValidator.getIdentifiers()) {
            Assert.assertFalse("Apache Common Validator - found a CPE identifier?", "cpe".equals(i.getType()));
View Full Code Here
201
202
203
204
205
206
207
208
209
210
        instance.open();
        instance.determineIdentifiers(openssl, "openssl", "openssl", Confidence.HIGHEST);
        instance.close();

        String expResult = "cpe:/a:openssl:openssl:1.0.1c";
        Identifier expIdentifier = new Identifier("cpe", expResult, expResult);

        assertTrue(openssl.getIdentifiers().contains(expIdentifier));

    }
View Full Code Here
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
    /**
     * Test of identifierMatches method, of class SuppressionRule.
     */
    @Test
    public void testCpeMatches() {
        Identifier identifier = new Identifier("cpe", "cpe:/a:microsoft:.net_framework:4.5", "some url not needed for this test");

        PropertyType cpe = new PropertyType();
        cpe.setValue("cpe:/a:microsoft:.net_framework:4.5");

        SuppressionRule instance = new SuppressionRule();
        boolean expResult = true;
        boolean result = instance.identifierMatches("cpe", cpe, identifier);
        assertEquals(expResult, result);

        cpe.setValue("cpe:/a:microsoft:.net_framework:4.0");
        expResult = false;
        result = instance.identifierMatches("cpe", cpe, identifier);
        assertEquals(expResult, result);

        cpe.setValue("CPE:/a:microsoft:.net_framework:4.5");
        cpe.setCaseSensitive(true);
        expResult = false;
        result = instance.identifierMatches("cpe", cpe, identifier);
        assertEquals(expResult, result);

        cpe.setValue("cpe:/a:microsoft:.net_framework");
        cpe.setCaseSensitive(false);
        expResult = true;
        result = instance.identifierMatches("cpe", cpe, identifier);
        assertEquals(expResult, result);

        cpe.setValue("cpe:/a:microsoft:.*");
        cpe.setRegex(true);
        expResult = true;
        result = instance.identifierMatches("cpe", cpe, identifier);
        assertEquals(expResult, result);

        cpe.setValue("CPE:/a:microsoft:.*");
        cpe.setRegex(true);
        cpe.setCaseSensitive(true);
        expResult = false;
        result = instance.identifierMatches("cpe", cpe, identifier);
        assertEquals(expResult, result);

        cpe.setValue("cpe:/a:apache:.*");
        cpe.setRegex(true);
        cpe.setCaseSensitive(false);
        expResult = false;
        result = instance.identifierMatches("cpe", cpe, identifier);
        assertEquals(expResult, result);

        identifier = new Identifier("maven", "org.springframework:spring-core:2.5.5", "https://repository.sonatype.org/service/local/artifact/maven/redirect?r=central-proxy&g=org.springframework&a=spring-core&v=2.5.5&e=jar");
        cpe.setValue("org.springframework:spring-core:2.5.5");
        cpe.setRegex(false);
        cpe.setCaseSensitive(false);
        expResult = true;
        result = instance.identifierMatches("maven", cpe, identifier);
View Full Code Here
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
        final Iterator<Identifier> itr = identifiers.iterator();

        final String fileName = dependency.getFileName();
        if (fileName != null && fileName.contains("axis2")) {
            while (itr.hasNext()) {
                final Identifier i = itr.next();
                if ("cpe".equals(i.getType())) {
                    final String cpe = i.getValue();
                    if (cpe != null && (cpe.startsWith("cpe:/a:apache:axis:") || "cpe:/a:apache:axis".equals(cpe))) {
                        itr.remove();
                    }
                }
            }
        } else if (fileName != null && fileName.contains("axis")) {
            while (itr.hasNext()) {
                final Identifier i = itr.next();
                if ("cpe".equals(i.getType())) {
                    final String cpe = i.getValue();
                    if (cpe != null && (cpe.startsWith("cpe:/a:apache:axis2:") || "cpe:/a:apache:axis2".equals(cpe))) {
                        itr.remove();
                    }
                }
            }
View Full Code Here
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
     */
    private void addFalseNegativeCPEs(Dependency dependency) {
        //TODO move this to the hint analyzer
        final Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
        while (itr.hasNext()) {
            final Identifier i = itr.next();
            if ("cpe".equals(i.getType()) && i.getValue() != null
                    && (i.getValue().startsWith("cpe:/a:oracle:opensso:")
                    || i.getValue().startsWith("cpe:/a:oracle:opensso_enterprise:")
                    || i.getValue().startsWith("cpe:/a:sun:opensso_enterprise:")
                    || i.getValue().startsWith("cpe:/a:sun:opensso:"))) {
                final String newCpe = String.format("cpe:/a:sun:opensso_enterprise:%s", i.getValue().substring(22));
                final String newCpe2 = String.format("cpe:/a:oracle:opensso_enterprise:%s", i.getValue().substring(22));
                final String newCpe3 = String.format("cpe:/a:sun:opensso:%s", i.getValue().substring(22));
                final String newCpe4 = String.format("cpe:/a:oracle:opensso:%s", i.getValue().substring(22));
                try {
                    dependency.addIdentifier("cpe",
                            newCpe,
                            String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe, "UTF-8")));
                    dependency.addIdentifier("cpe",
View Full Code Here
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
            }
        }
        if (mustContain != null) {
            final Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
            while (itr.hasNext()) {
                final Identifier i = itr.next();
                if ("cpe".contains(i.getType())
                        && i.getValue() != null
                        && i.getValue().startsWith("cpe:/a:springsource:")
                        && !i.getValue().toLowerCase().contains(mustContain)) {
                    itr.remove();
                    //dependency.getIdentifiers().remove(i);
                }
            }
        }
View Full Code Here
TOP

Related Classes of org.owasp.dependencycheck.dependency.Identifier

  • org.owasp.dependencycheck.analyzer.CPEAnalyzer
  • org.owasp.dependencycheck.analyzer.CPEAnalyzer$IdentifierMatch
  • org.owasp.dependencycheck.analyzer.CPEAnalyzerIntegrationTest
  • org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer
  • org.owasp.dependencycheck.suppression.SuppressionRule
  • org.owasp.dependencycheck.suppression.SuppressionRuleTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.