data.dbStatements.properties Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of dependency-check-core Show documentation

dependency-check-core is the engine and reporting tool used to identify and report if there are any known, publicly disclosed vulnerabilities in the scanned project's dependencies. The engine extracts meta-data from the dependencies and uses this to do fuzzy key-word matching against the Common Platfrom Enumeration (CPE), if any CPE identifiers are found the associated Common Vulnerability and Exposure (CVE) entries are added to the generated report.

There is a newer version: 12.0.0

Show newest version

#
# This file is part of dependency-check-core.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Copyright (c) 2015 The OWASP Foundatio. All Rights Reserved.

DELETE_REFERENCE=DELETE FROM reference WHERE cveid = ?
DELETE_SOFTWARE=DELETE FROM software WHERE cveid = ?
DELETE_VULNERABILITY=DELETE FROM vulnerability WHERE id = ?
CLEANUP_ORPHANS=DELETE FROM cpeEntry WHERE id not in (SELECT CPEEntryId FROM software);
INSERT_REFERENCE=INSERT INTO reference (cveid, name, url, source) VALUES (?, ?, ?, ?)
INSERT_SOFTWARE=INSERT INTO software (cveid, cpeEntryId, previousVersion) VALUES (?, ?, ?)
INSERT_CPE=INSERT INTO cpeEntry (cpe, vendor, product) VALUES (?, ?, ?)
SELECT_CPE_ID=SELECT id FROM cpeEntry WHERE cpe = ?
INSERT_VULNERABILITY=INSERT INTO vulnerability (cve, description, cwe, cvssScore, cvssAccessVector, cvssAccessComplexity, cvssAuthentication, cvssConfidentialityImpact, cvssIntegrityImpact, cvssAvailabilityImpact) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
UPDATE_VULNERABILITY=UPDATE vulnerability SET description=?, cwe=?, cvssScore=?, cvssAccessVector=?, cvssAccessComplexity=?, cvssAuthentication=?, cvssConfidentialityImpact=?, cvssIntegrityImpact=?, cvssAvailabilityImpact=? WHERE id=?
SELECT_CVE_FROM_SOFTWARE=SELECT cve, cpe, previousVersion FROM software INNER JOIN vulnerability ON vulnerability.id = software.cveId INNER JOIN cpeEntry ON cpeEntry.id = software.cpeEntryId WHERE vendor = ? AND product = ? ORDER BY cve, cpe
SELECT_CPE_ENTRIES=SELECT cpe FROM cpeEntry WHERE vendor = ? AND product = ?
SELECT_REFERENCES=SELECT source, name, url FROM reference WHERE cveid = ?
SELECT_VENDOR_PRODUCT_LIST=SELECT vendor, product FROM cpeEntry GROUP BY vendor, product
SELECT_SOFTWARE=SELECT cpe, previousVersion FROM software INNER JOIN cpeEntry ON software.cpeEntryId = cpeEntry.id WHERE cveid = ?
SELECT_VULNERABILITY=SELECT id, description, cwe, cvssScore, cvssAccessVector, cvssAccessComplexity, cvssAuthentication, cvssConfidentialityImpact, cvssIntegrityImpact, cvssAvailabilityImpact FROM vulnerability WHERE cve = ?
SELECT_VULNERABILITY_ID=SELECT id FROM vulnerability WHERE cve = ?
SELECT_PROPERTIES=SELECT id, value FROM properties
SELECT_PROPERTY=SELECT id, value FROM properties WHERE id = ?
INSERT_PROPERTY=INSERT INTO properties (id, value) VALUES (?, ?)
UPDATE_PROPERTY=UPDATE properties SET value = ? WHERE id = ?
DELETE_PROPERTY=DELETE FROM properties WHERE id = ?

#the following two statements are unused and are only referenecd in dead code
DELETE_UNUSED_DICT_CPE=DELETE FROM cpeEntry WHERE dictionaryEntry=true AND id NOT IN (SELECT cpeEntryId FROM software)
ADD_DICT_CPE=MERGE INTO cpeEntry (cpe, vendor, product, dictionaryEntry) KEY(cpe) VALUES(?,?,?,true)