Parse and utilize version information from CVE Description

[jeremylong]

To make dependency-check more accurate the tool should extract version ranges from the CVE text. As an example see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3558

"Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2"

There are also version ranges that utilize the word "through" instead of before.

SELECT vulnerability.id
FROM vulnerability INNER JOIN software ON vulnerability.id = software.cveid  INNER JOIN cpeEntry ON cpeEntry.id = software.cpeentryid
WHERE DESCRIPTION LIKE '% before 0%'
OR DESCRIPTION LIKE '% before 1%'
OR DESCRIPTION LIKE '% before 2%'
OR DESCRIPTION LIKE '% before 3%'
OR DESCRIPTION LIKE '% before 4%'
OR DESCRIPTION LIKE '% before 5%'
OR DESCRIPTION LIKE '% before 6%'
OR DESCRIPTION LIKE '% before 7%'
OR DESCRIPTION LIKE '% before 8%'
OR DESCRIPTION LIKE '% before 9%'
OR DESCRIPTION LIKE '% through 0%'
OR DESCRIPTION LIKE '% through 1%'
OR DESCRIPTION LIKE '% through 2%'
OR DESCRIPTION LIKE '% through 3%'
OR DESCRIPTION LIKE '% through 4%'
OR DESCRIPTION LIKE '% through 5%'
OR DESCRIPTION LIKE '% through 6%'
OR DESCRIPTION LIKE '% through 7%'
OR DESCRIPTION LIKE '% through 8%'
OR DESCRIPTION LIKE '% through 9%'
GROUP BY vulnerability.id
HAVING COUNT(DISTINCT cpeEntry.vendor)=1
AND COUNT(DISTINCT cpeEntry.product)=1
)

Once implemented consider removing the patch for issue #534.

[jeremylong]

With the JSON data feeds this is no longer needed.