templates.HtmlReport.vsl Maven / Gradle / Ivy
Show all versions of dependency-check-core Show documentation
#**
This file is part of dependency-check-core.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2012 Jeremy Long. All Rights Reserved.
@author Jeremy Long
@version 1.2
*#
#[[
Dependency-Check Report
Press CTR-C to copy XML [help]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
]]#
Project: $enc.html($applicationName)
#set($depCount=$dependencies.size())
#set($vulnDepCount=0)
#set($vulnCount=0)
#set($vulnSuppressedCount=0)
#set($cpeSuppressedCount=0)
#foreach($dependency in $dependencies)
#set($depCount=$depCount+$dependency.getRelatedDependencies().size())
#if($dependency.getVulnerabilities().size()>0)
#set($vulnDepCount=$vulnDepCount+1)
#set($vulnCount=$vulnCount+$dependency.getVulnerabilities().size())
#end
#if($dependency.getSuppressedIdentifiers().size()>0)
#set($cpeSuppressedCount=$cpeSuppressedCount+1)
#end
#if($dependency.getSuppressedVulnerabilities().size()>0)
#set($vulnSuppressedCount=$vulnSuppressedCount+$dependency.getSuppressedVulnerabilities().size())
#end
#end
Scan Information (show all):
- dependency-check version: $version
- Report Generated On: $scanDate
- Dependencies Scanned: $depCount
- Vulnerable Dependencies: $vulnDepCount
- Vulnerabilities Found: $vulnCount
- Vulnerabilities Suppressed: $vulnSuppressedCount
- ...
#foreach($prop in $properties.getMetaData().entrySet())
#end
Display: Showing Vulnerable Dependencies (click to show all)
#set($lnkcnt=0)
Dependency
CPE
GAV
Highest Severity
CVE Count
CPE Confidence
Evidence Count
#foreach($dependency in $dependencies)
#set($lnkcnt=$lnkcnt+1)
$enc.html($dependency.DisplayFileName)
#set($mavenlink="")
#set($cpeIdCount=0)
#set($cpeIdConf="")
#set($sortValue="")
#foreach($id in $dependency.getIdentifiers())
#if ($id.type!="maven")
#set($sortValue=$sortValue+$id.value)
#end
#end
#set($sortValue="")
#foreach($id in $dependency.getIdentifiers())
#set($cpeSort=0)
#if ($id.type=="maven")
#if ($mavenlink=="" || !$mavenlink.url)
#set($mavenlink=$id)
#end
#else
#if ($cpeIdCount>=1)
#end
#if( $id.url )
$enc.html($id.value)
#else
$enc.html($id.value)
#end
#if ($cpeIdConf == "")
#set($cpeIdConf=$id.confidence)
#set($cpeSort=$id.confidence.ordinal())
#elseif ($cpeIdConf.compareTo($id.confidence)>0)
#set($cpeIdConf=$id.confidence)
#set($cpeSort=$id.confidence.ordinal())
#end
#set($cpeIdCount=$cpeIdCount+1)
#end
#end
#if ($mavenlink=="")
#else
#if( $mavenlink.url )
##yes, we are HTML Encoding the href. This is okay. We can't URL encode as we have to trust the analyzer here...
$enc.html($mavenlink.value)
#elseif ($mavenlink.value)
$enc.html($mavenlink.value)
#end
#end
#set($cveImpact=-1)
#foreach($vuln in $dependency.getVulnerabilities())
#if ($cveImpact<$vuln.cvssScore)
#set($cveImpact=$vuln.cvssScore)
#end
#end
#set($sortValue=$cveImpact*10)
#if ($cveImpact<0)
#elseif ($cveImpact<4.0)
Low
#elseif ($cveImpact>=7.0)
High
#else
Medium
#end
$dependency.getVulnerabilities().size()
$cpeIdConf
$dependency.getEvidenceForDisplay().size()
#end
Dependencies
#set($lnkcnt=0)
#set($cnt=0)
#set($vsctr=0) ##counter to create unique groups for vulnerable software
#foreach($dependency in $dependencies)
#set($lnkcnt=$lnkcnt+1)
$enc.html($dependency.DisplayFileName)
#if ($dependency.description)
Description: $enc.html($dependency.description)
#end
#if ($dependency.license)
#if ($dependency.license.startsWith("http://"))
License:
$enc.html($dependency.license)
#else
License:$enc.html($dependency.license)
#end
#end
File Path: $enc.html($dependency.FilePath)
MD5: $enc.html($dependency.Md5sum)
SHA1: $enc.html($dependency.Sha1sum)
#if ($dependency.projectReferences.size()==1)
Referenced In Project:
#foreach($ref in $dependency.projectReferences)
$enc.html($ref)
#end
#end
#if ($dependency.projectReferences.size()>1)
Referenced In Projects:
#foreach($ref in $dependency.projectReferences)
- $enc.html($ref)
#end
#end
#set($cnt=$cnt+1)
Evidence
#if($dependency.getRelatedDependencies().size()>0)
#set($cnt=$cnt+1)
Related Dependencies
#end
#set($cnt=$cnt+1)
#set($cpeCount=0)
#foreach($id in $dependency.getIdentifiers())
#if($id.type.equals("cpe"))
#set($cpeCount=$cpeCount+1)
#end
#end
Identifiers
##: $enc.html($cpevalue)
#if ($dependency.getIdentifiers().size()==0)
- None
#else ## ($dependency.getIdentifiers().size()>0)
#foreach($id in $dependency.getIdentifiers())
#if( $id.url )
##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
- $enc.html($id.type): $enc.html($id.value)
#else
- $enc.html($id.type): $enc.html($id.value)
#end
#if ($id.confidence)
Confidence:$id.confidence
#end
#if ($id.type=="cpe")
##yes, we are HTML Encoding into JavaScript... the escape utils don't have a JS Encode and I haven't written one yet
#end
#if ($id.description)
$enc.html($id.description)
#end
#end
#end
#if($dependency.getVulnerabilities().size()>0)
#set($cnt=$cnt+1)
Published Vulnerabilities
#foreach($vuln in $dependency.getVulnerabilities())
#set($vsctr=$vsctr+1)
Severity:
#if ($vuln.cvssScore<4.0)
Low
#elseif ($vuln.cvssScore>=7.0)
High
#else
Medium
#end
CVSS Score: $vuln.cvssScore (AV:$enc.html($vuln.cvssAccessVector.substring(0,1))/AC:$enc.html($vuln.cvssAccessComplexity.substring(0,1))/Au:$enc.html($vuln.cvssAuthentication.substring(0,1))/C:$enc.html($vuln.cvssConfidentialityImpact.substring(0,1))/I:$enc.html($vuln.cvssIntegrityImpact.substring(0,1))/A:$enc.html($vuln.cvssAvailabilityImpact.substring(0,1)))
#if ($vuln.cwe)
CWE: $vuln.cwe
#end
$enc.html($vuln.description)
#if ($vuln.getReferences().size()>0)
#foreach($ref in $vuln.getReferences())
- $enc.html($ref.source) - $ref.name
#end
#end
#if ($vuln.getVulnerableSoftware().size()<2)
Vulnerable Software & Versions:
- $enc.html($vuln.matchedCPE) #if($vuln.hasMatchedAllPreviousCPE()) and all previous versions#end
#else
Vulnerable Software & Versions: (show all)
- $enc.html($vuln.matchedCPE) #if($vuln.hasMatchedAllPreviousCPE()) and all previous versions#end
- ...
#foreach($vs in $vuln.getVulnerableSoftware())
#end
#end
#end
#end
#end
## BEGIN SUPPRESSED VULNERABILITIES
#if ($vulnSuppressedCount>0 || $cpeSuppressedCount>0)
#set($cnt=$cnt+1)
Suppressed Vulnerabilities
#foreach($dependency in $dependencies)
#if ($dependency.getSuppressedIdentifiers().size()>0 || $dependency.getSuppressedVulnerabilities().size()>0)
#set($lnkcnt=$lnkcnt+1)
$enc.html($dependency.DisplayFileName)
#if ($dependency.description)
Description: $enc.html($dependency.description)
#end
#if ($dependency.license)
#if ($dependency.license.startsWith("http://"))
License:
$enc.html($dependency.license)
#else
License:$enc.html($dependency.license)
#end
#end
File Path: $enc.html($dependency.FilePath)
MD5: $enc.html($dependency.Md5sum)
SHA1: $enc.html($dependency.Sha1sum)
#set($cnt=$cnt+1)
Evidence
#if($dependency.getRelatedDependencies().size()>0)
#set($cnt=$cnt+1)
Related Dependencies
#end
#set($cnt=$cnt+1)
#set($cpeCount=0)
#foreach($id in $dependency.getSuppressedIdentifiers())
#if($id.type.equals("cpe"))
#set($cpeCount=$cpeCount+1)
#end
#end
Suppressed Identifiers
##: $enc.html($cpevalue)
#if ($dependency.getSuppressedIdentifiers().size()==0)
- None
#else ## ($dependency.getSuppressedIdentifiers().size()>0)
#foreach($id in $dependency.getSuppressedIdentifiers())
#if( $id.url )
##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
- $enc.html($id.type): $enc.html($id.value) suppressed
#else
- $enc.html($id.type): $enc.html($id.value) suppressed
#end
#if ($id.confidence)
Confidence:$id.confidence
#end
#if ($id.description)
$enc.html($id.description)
#end
#end
#end
#if($dependency.getSuppressedVulnerabilities().size()>0)
#set($cnt=$cnt+1)
Suppressed Vulnerabilities
#foreach($vuln in $dependency.getSuppressedVulnerabilities())
#set($vsctr=$vsctr+1)
$enc.html($vuln.name) suppressed
Severity:
#if ($vuln.cvssScore<4.0)
Low
#elseif ($vuln.cvssScore>=7.0)
High
#else
Medium
#end
CVSS Score: $vuln.cvssScore
#if ($vuln.cwe)
CWE: $vuln.cwe
#end
$enc.html($vuln.description)
#if ($vuln.getReferences().size()>0)
#foreach($ref in $vuln.getReferences())
- $enc.html($ref.source) - $ref.name
#end
#end
#if ($vuln.getVulnerableSoftware().size()<2)
Vulnerable Software & Versions:
git st- $enc.html($vuln.matchedCPE) #if($vuln.hasMatchedAllPreviousCPE()) and all previous versions#end
#else
Vulnerable Software & Versions: (show all)
- $enc.html($vuln.matchedCPE) #if($vuln.hasMatchedAllPreviousCPE()) and all previous versions#end
- ...
#foreach($vs in $vuln.getVulnerableSoftware())
#end
#end
#end
#end
#end
#end
#end
## END SUPPRESSED VULNERABILITIES