Skip to content

Commit

Permalink
code cleanup and revisions per #2064
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeremylong
jeremylong committed Jul 13, 2019
1 parent 7bc1edf commit 94ed518
Show file tree
Hide file tree
Showing 5 changed files with 135 additions and 22 deletions.
17 changes: 16 additions & 1 deletion core/src/main/java/org/owasp/dependencycheck/dependency/CweSet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@
package org.owasp.dependencycheck.dependency;

import java.io.Serializable;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
Expand Down Expand Up @@ -61,7 +63,7 @@ public void addCwe(String cwe) {

@Override
public String toString() {
return cwes.stream().map(cwe -> CweDB.getName(cwe)).collect(Collectors.joining(" "));
return cwes.stream().map(cwe -> CweDB.getFullName(cwe)).collect(Collectors.joining(", "));
}

/**
Expand All @@ -72,4 +74,17 @@ public String toString() {
public Stream<String> stream() {
return cwes.stream();
}

/**
* Returns a map of CWE-ID and title.
*
* @return a map of CWE-ID and title.
*/
public Map<String, String> getFullCwes() {
final Map<String, String> map = new HashMap<>();
cwes.forEach((cwe) -> {
map.put(cwe, CweDB.getName(cwe));
});
return map;
}
}
24 changes: 12 additions & 12 deletions core/src/main/resources/templates/htmlReport.vsl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -888,6 +888,12 @@ Getting Help: <a href="https://github.com/jeremylong/DependencyCheck/issues" tar
<p>#if($vuln.description)
<pre>$enc.html($vuln.description)</pre>
#end
#if ($vuln.cwes)
$vuln.cwes.toString()<br/><br/>
#end
#if ($vuln.notes)
Notes: $enc.html($vuln.notes)<br/><br/>
#end
#if($vuln.getCvssV2())
CVSSv2:
<ul><li>Base Score: $enc.html($vuln.getCvssV2().getSeverity()) ($vuln.getCvssV2().getScore())</li>
Expand All @@ -901,12 +907,6 @@ Getting Help: <a href="https://github.com/jeremylong/DependencyCheck/issues" tar
#if ($vuln.unscoredSeverity)
<ul><li>Severity: $enc.html($vuln.unscoredSeverity)</li></ul>
#end
#if ($vuln.cwe)
<br/>CWE: $vuln.cwe.toString()
#end
#if ($vuln.notes)
<br/>Notes: $enc.html($vuln.notes)
#end
#if ($vuln.getReferences().size()>0)
<br/>References:<ul>
#foreach($ref in $vuln.getReferences(true))
Expand Down Expand Up @@ -1055,6 +1055,12 @@ Getting Help: <a href="https://github.com/jeremylong/DependencyCheck/issues" tar
<p>#if($vuln.description)
<pre>$enc.html($vuln.description)</pre>
#end
#if ($vuln.cwes)
$vuln.cwes.toString()<br/><br/>
#end
#if ($vuln.notes)
Notes: $enc.html($vuln.notes)<br/><br/>
#end
#if($vuln.getCvssV2())
CVSSv2:
<ul><li>Base Score: $enc.html($vuln.getCvssV2().getSeverity()) ($vuln.getCvssV2().getScore())</li>
Expand All @@ -1068,12 +1074,6 @@ Getting Help: <a href="https://github.com/jeremylong/DependencyCheck/issues" tar
#if ($vuln.unscoredSeverity)
<ul><li>Severity: $enc.html($vuln.unscoredSeverity)</li></ul>
#end
#if ($vuln.cwe)
<br/>CWE: $vuln.cwe.toString()
#end
#if ($vuln.notes)
<br/>Notes: $enc.html($vuln.notes)
#end
#if ($vuln.getReferences().size()>0)
<br/>References: <ul>
#foreach($ref in $vuln.getReferences(true))
Expand Down
12 changes: 7 additions & 5 deletions core/src/main/resources/templates/jsonReport.vsl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,9 +207,10 @@
#end
#if (!$vuln.cwe.cwes.isEmpty())
"cwes": [
#set($addComma=0)
#foreach($cweEntry in $vuln.cwes.entries)
#if($foreach.count > 1),#end
"$enc.json($cweEntry)"
#if($cweEntry) #if($addComma==1),#else#set($addComma=1)#end
"$enc.json($cweEntry)"#end
#end
],
#end
Expand Down Expand Up @@ -270,11 +271,12 @@
"baseSeverity": "$enc.json($vuln.cvssV3.baseSeverity)"
},
#end
#if (!$vuln.cwe.cwes.isEmpty())
#if (!$vuln.cwes.isEmpty())
"cwes": [
#set($addComma=0)
#foreach($cweEntry in $vuln.cwes.entries)
#if($foreach.count > 1),#end
"$enc.json($cweEntry)"
#if($cweEntry) #if($addComma==1),#else#set($addComma=1)#end
"$enc.json($cweEntry)"#end
#end
],
#end
Expand Down
8 changes: 4 additions & 4 deletions core/src/main/resources/templates/xmlReport.vsl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -223,10 +223,10 @@ Copyright (c) 2018 Jeremy Long. All Rights Reserved.
<baseSeverity>#if($vuln.cvssV3.baseSeverity)$enc.xml($vuln.cvssV3.baseSeverity)#end</baseSeverity>
</cvssV3>
#end
#if (!$vuln.cwe.cwes.isEmpty())
#if (!$vuln.cwes.isEmpty())
<cwes>
#foreach($cweEntry in $vuln.cwes.entries)
<cwe>$enc.xml($cweEntry)</cwe>
#if($cweEntry)<cwe>$enc.xml($cweEntry)</cwe>#end
#end
</cwes>
#end
Expand Down Expand Up @@ -285,10 +285,10 @@ Copyright (c) 2018 Jeremy Long. All Rights Reserved.
<baseSeverity>#if($vuln.cvssV3.baseSeverity)$enc.xml($vuln.cvssV3.baseSeverity)#end</baseSeverity>
</cvssV3>
#end
#if (!$vuln.cwe.cwes.isEmpty())
#if (!$vuln.cwes.isEmpty())
<cwes>
#foreach($cweEntry in $vuln.cwes.entries)
<cwe>$enc.xml($cweEntry)</cwe>
#if($cweEntry)<cwe>$enc.xml($cweEntry)</cwe>#end
#end
</cwes>
#end
Expand Down
96 changes: 96 additions & 0 deletions core/src/test/java/org/owasp/dependencycheck/dependency/CweSetTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
/*
* This file is part of dependency-check-core.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2019 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.dependency;

import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.junit.Test;
import static org.junit.Assert.*;

/**
*
* @author jeremy
*/
public class CweSetTest {

/**
* Test of getEntries method, of class CweSet.
*/
@Test
public void testGetEntries() {
CweSet instance = new CweSet();
Set<String> result = instance.getEntries();
assertTrue(result.isEmpty());
}

/**
* Test of addCwe method, of class CweSet.
*/
@Test
public void testAddCwe() {
System.out.println("addCwe");
String cwe = "CWE-89";
CweSet instance = new CweSet();
instance.addCwe(cwe);
assertFalse(instance.getEntries().isEmpty());
}

/**
* Test of toString method, of class CweSet.
*/
@Test
public void testToString() {
CweSet instance = new CweSet();
instance.addCwe("CWE-79");
String expResult = "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')";
String result = instance.toString();
assertEquals(expResult, result);
}

/**
* Test of stream method, of class CweSet.
*/
@Test
public void testStream() {
CweSet instance = new CweSet();
instance.addCwe("79");
String expResult = "79";
String result = instance.stream().collect(Collectors.joining(" "));
assertEquals(expResult, result);
}

/**
* Test of getFullCwes method, of class CweSet.
*/
@Test
public void testGetFullCwes() {
CweSet instance = new CweSet();
instance.addCwe("CWE-89");
instance.addCwe("CWE-79");
Map<String, String> expResult = new HashMap<>();
expResult.put("CWE-79", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')");
expResult.put("CWE-89", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')");
Map<String, String> result = instance.getFullCwes();
for (Map.Entry<String,String> entry : expResult.entrySet()) {
assertTrue(result.get(entry.getKey()).equals(entry.getValue()));
}
}

}

0 comments on commit 94ed518

Please sign in to comment.