templates.xmlReport.vsl Maven / Gradle / Ivy
#**
This file is part of Dependency-Check.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2018 Jeremy Long. All Rights Reserved.
@author Jeremy Long
@version 2.0
*#
$version
#foreach($prop in $properties.getMetaData().entrySet())
$enc.xml($prop.key)
$enc.xml($prop.value)
#end
#if($exceptions)
#macro( writeXmlException $type $ex $depth)
<$type>$enc.xml($ex.toString())
#if($ex.getStackTrace())
#foreach($t in $ex.getStackTrace())
$enc.xml($t.toString())
#end
#end
#if($ex.getCause() && $depth<20)
#set($cause="cause")
#set($currentDepth=$depth+1)
#writeXmlException($cause $ex.getCause() $currentDepth)
#end
#end
#foreach($ex in $exceptions)
#set($type="exception")
#set($d=0)
#writeXmlException($type $ex $d)
#end
#end
$enc.xml($applicationName)
#if ($groupID)
$enc.xml($groupID)
#end
#if ($artifactID)
$enc.xml($artifactID)
#end
#if ($applicationVersion)
$enc.xml($applicationVersion)
#end
$scanDateXML
This product uses the NVD API but is not endorsed or certified by the NVD. This report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, Github Advisory Database (via NPM Audit API): https://github.com/advisories/, and the RetireJS community.
#foreach($dependency in $dependencies)
$enc.xml($dependency.DisplayFileName)
$enc.xml($dependency.FilePath)
#if(!$dependency.isVirtual())$enc.xml($dependency.Md5sum)#end
#if(!$dependency.isVirtual())$enc.xml($dependency.Sha1sum)#end
#if(!$dependency.isVirtual())$enc.xml($dependency.Sha256sum)#end
#if ($dependency.description)
$enc.xml($dependency.description)
#end
#if ($dependency.license)
$enc.xml($dependency.license)
#end
#if ($dependency.projectReferences.size()>0)
#foreach($ref in $dependency.projectReferences)
$enc.xml($ref)
#end
#end
#if ($dependency.includedBy.size()>0)
#foreach($ref in $dependency.includedBy)
$enc.xml($ref.getReference())
#end
#end
#if ($dependency.getRelatedDependencies().size()>0)
#foreach($related in $dependency.getRelatedDependencies())
$enc.xml($related.DisplayFileName)
$enc.xml($related.FilePath)
#if(!$related.isVirtual())$enc.xml($related.Sha256sum)#end
#if(!$related.isVirtual())$enc.xml($related.Sha1sum)#end
#if(!$related.isVirtual())$enc.xml($related.Md5sum)#end
#if($related.getSoftwareIdentifiers().size()>0)
#foreach($id in $related.getSoftwareIdentifiers())
$enc.xml($id.value)
#if( $id.url )
$enc.xml($id.url)
#end
#if( $id.description )
$enc.xml($id.description)
#end
#if ($id.notes)
$enc.xml($id.notes)
#end
#end
#end
#end
#end
#foreach($evidence in $dependency.getEvidence($VENDOR))
$enc.xml($evidence.getSource())
$enc.xml($evidence.getName())
$enc.xml($evidence.getValue().trim())
#end
#foreach($evidence in $dependency.getEvidence($PRODUCT))
$enc.xml($evidence.getSource())
$enc.xml($evidence.getName())
$enc.xml($evidence.getValue().trim())
#end
#foreach($evidence in $dependency.getEvidence($VERSION))
$enc.xml($evidence.getSource())
$enc.xml($evidence.getName())
$enc.xml($evidence.getValue().trim())
#end
#if($dependency.getSoftwareIdentifiers().size()>0 || $dependency.getVulnerableSoftwareIdentifiers().size()>0 || $dependency.getSuppressedIdentifiers().size()>0)
#foreach($id in $dependency.getSoftwareIdentifiers())
$enc.xml($id.value)
#if( $id.url )
$enc.xml($id.url)
#end
#if( $id.description )
$enc.xml($id.description)
#end
#if ($id.notes)
$enc.xml($id.notes)
#end
#end
#foreach($id in $dependency.getVulnerableSoftwareIdentifiers())
$enc.xml($id.value)
#if( $id.url )
$enc.xml($id.url)
#end
#if($id.description)$enc.xml($id.description)
#end
#if ($id.notes) $enc.xml($id.notes)
#end
#end
#foreach($id in $dependency.getSuppressedIdentifiers())
$enc.xml($id.value)
#if( $id.url )
$enc.xml($id.url)
#end
#if( $id.description )
$enc.xml($id.description)
#end
#if ($id.notes)
$enc.xml($id.notes)
#end
#end
#end
#if($dependency.getVulnerabilities().size()>0 || $dependency.getSuppressedVulnerabilities().size()>0)
#foreach($vuln in $dependency.getVulnerabilities(true))
$enc.xml($vuln.name)
#if($vuln.getKnownExploitedVulnerability())
#if($vuln.getKnownExploitedVulnerability().getVendorProject())
$enc.xml($vuln.getKnownExploitedVulnerability().getVendorProject())
#end
#if($vuln.getKnownExploitedVulnerability().getProduct())
$enc.xml($vuln.getKnownExploitedVulnerability().getProduct())
#end
#if($vuln.getKnownExploitedVulnerability().getVulnerabilityName())
enc.xml($vuln.getKnownExploitedVulnerability().getVulnerabilityName())
#end
#if($vuln.getKnownExploitedVulnerability().getDateAdded())
$enc.xml($vuln.getKnownExploitedVulnerability().getDateAdded())
#end
#if($vuln.getKnownExploitedVulnerability().getShortDescription())
$enc.xml($vuln.getKnownExploitedVulnerability().getShortDescription())
#end
#if($vuln.getKnownExploitedVulnerability().getRequiredAction())
$enc.xml($vuln.getKnownExploitedVulnerability().getRequiredAction())
#end
#if($vuln.getKnownExploitedVulnerability().getDueDate())
$enc.xml($vuln.getKnownExploitedVulnerability().getDueDate())
#end
#if($vuln.getKnownExploitedVulnerability().getNotes())
$enc.xml($vuln.getKnownExploitedVulnerability().getNotes())
#end
#end
#if($vuln.unscoredSeverity)
#if($vuln.unscoredSeverity.equals("0.0"))Unknown#else$enc.xml($vuln.unscoredSeverity)#end
#elseif($vuln.cvssV3 && $vuln.cvssV3.cvssData.baseSeverity)
$enc.xml($vuln.cvssV3.cvssData.baseSeverity)
#elseif($vuln.cvssV2 && $vuln.cvssV2.cvssData.baseSeverity)
$enc.xml($vuln.cvssV2.cvssData.baseSeverity)
#end
#if($vuln.cvssV2)
$vuln.cvssV2.cvssData.baseScore
#if($vuln.cvssV2.cvssData.accessVector)$enc.xml($vuln.cvssV2.cvssData.accessVector)#end
#if($vuln.cvssV2.cvssData.accessComplexity)$enc.xml($vuln.cvssV2.cvssData.accessComplexity)#end
#if($vuln.cvssV2.cvssData.authentication)$enc.xml($vuln.cvssV2.cvssData.authentication)#end
#if($vuln.cvssV2.cvssData.confidentialityImpact)$enc.xml($vuln.cvssV2.cvssData.confidentialityImpact)#end
#if($vuln.cvssV2.cvssData.integrityImpact)$enc.xml($vuln.cvssV2.cvssData.integrityImpact)#end
#if($vuln.cvssV2.cvssData.availabilityImpact)$enc.xml($vuln.cvssV2.cvssData.availabilityImpact)#end
#if($vuln.cvssV2.cvssData.baseSeverity)$enc.xml($vuln.cvssV2.cvssData.baseSeverity)#end
#if($vuln.cvssV2.cvssData.version)$enc.xml($vuln.cvssV2.cvssData.version) #end
#if($vuln.cvssV2.exploitabilityScore)$enc.xml($vuln.cvssV2.exploitabilityScore) #end
#if($vuln.cvssV2.impactScore)$enc.xml($vuln.cvssV2.impactScore) #end
#if($vuln.cvssV2.acInsufInfo)$enc.xml($vuln.cvssV2.acInsufInfo) #end
#if($vuln.cvssV2.obtainAllPrivilege)$enc.xml($vuln.cvssV2.obtainAllPrivilege) #end
#if($vuln.cvssV2.obtainUserPrivilege)$enc.xml($vuln.cvssV2.obtainUserPrivilege) #end
#if($vuln.cvssV2.obtainOtherPrivilege)$enc.xml($vuln.cvssV2.obtainOtherPrivilege) #end
#if($vuln.cvssV2.userInteractionRequired)$enc.xml($vuln.cvssV2.userInteractionRequired) #end
#end
#if($vuln.cvssV3)
$vuln.cvssV3.cvssData.baseScore
#if($vuln.cvssV3.cvssData.attackVector)$enc.xml($vuln.cvssV3.cvssData.attackVector)#end
#if($vuln.cvssV3.cvssData.attackComplexity)$enc.xml($vuln.cvssV3.cvssData.attackComplexity)#end
#if($vuln.cvssV3.cvssData.privilegesRequired)$enc.xml($vuln.cvssV3.cvssData.privilegesRequired)#end
#if($vuln.cvssV3.cvssData.userInteraction)$enc.xml($vuln.cvssV3.cvssData.userInteraction)#end
#if($vuln.cvssV3.cvssData.scope)$enc.xml($vuln.cvssV3.cvssData.scope)#end
#if($vuln.cvssV3.cvssData.confidentialityImpact)$enc.xml($vuln.cvssV3.cvssData.confidentialityImpact)#end
#if($vuln.cvssV3.cvssData.integrityImpact)$enc.xml($vuln.cvssV3.cvssData.integrityImpact)#end
#if($vuln.cvssV3.cvssData.availabilityImpact)$enc.xml($vuln.cvssV3.cvssData.availabilityImpact)#end
#if($vuln.cvssV3.cvssData.baseSeverity)$enc.xml($vuln.cvssV3.cvssData.baseSeverity)#end
#if($vuln.cvssV3.exploitabilityScore)$enc.xml($vuln.cvssV3.exploitabilityScore) #end
#if($vuln.cvssV3.impactScore)$enc.xml($vuln.cvssV3.impactScore) #end
#if($vuln.cvssV3.cvssData.version)$enc.xml($vuln.cvssV3.cvssData.version) #end
#end
#if (!$vuln.cwes.isEmpty())
#foreach($cweEntry in $vuln.cwes.entries)
#if($cweEntry)$enc.xml($cweEntry) #end
#end
#end
#if ($vuln.description)$enc.xml($vuln.description)#end
#if ($vuln.notes)
$enc.xml($vuln.notes)
#end
#foreach($ref in $vuln.getReferences())
$enc.xml($ref.source)
#if($ref.url)$enc.xml($ref.url) #end
#if($ref.name)$enc.xml($ref.name) #end
#end
#foreach($vs in $vuln.getVulnerableSoftware(true))
$enc.xml($vs.toCpe23FS())
#end
#end
#foreach($vuln in $dependency.getSuppressedVulnerabilities(true))
$enc.xml($vuln.name)
#if($vuln.cvssV2)
$vuln.cvssV2.cvssData.baseScore
#if($vuln.cvssV2.cvssData.accessVector)$enc.xml($vuln.cvssV2.cvssData.accessVector)#end
#if($vuln.cvssV2.cvssData.accessComplexity)$enc.xml($vuln.cvssV2.cvssData.accessComplexity)#end
#if($vuln.cvssV2.cvssData.authentication)$enc.xml($vuln.cvssV2.cvssData.authentication)#end
#if($vuln.cvssV2.cvssData.confidentialityImpact)$enc.xml($vuln.cvssV2.cvssData.confidentialityImpact)#end
#if($vuln.cvssV2.cvssData.integrityImpact)$enc.xml($vuln.cvssV2.cvssData.integrityImpact)#end
#if($vuln.cvssV2.cvssData.availabilityImpact)$enc.xml($vuln.cvssV2.cvssData.availabilityImpact)#end
#if($vuln.cvssV2.cvssData.baseSeverity)$enc.xml($vuln.cvssV2.cvssData.baseSeverity)#end
#if($vuln.cvssV2.cvssData.version)$enc.xml($vuln.cvssV2.cvssData.version) #end
#if($vuln.cvssV2.cvssData.exploitabilityScore)$enc.xml($vuln.cvssV2.cvssData.exploitabilityScore) #end
#if($vuln.cvssV2.cvssData.impactScore)$enc.xml($vuln.cvssV2.cvssData.impactScore) #end
#if($vuln.cvssV2.cvssData.acInsufInfo)$enc.xml($vuln.cvssV2.cvssData.acInsufInfo) #end
#if($vuln.cvssV2.cvssData.obtainAllPrivilege)$enc.xml($vuln.cvssV2.cvssData.obtainAllPrivilege) #end
#if($vuln.cvssV2.cvssData.obtainUserPrivilege)$enc.xml($vuln.cvssV2.cvssData.obtainUserPrivilege) #end
#if($vuln.cvssV2.cvssData.obtainOtherPrivilege)$enc.xml($vuln.cvssV2.cvssData.obtainOtherPrivilege) #end
#if($vuln.cvssV2.cvssData.userInteractionRequired)$enc.xml($vuln.cvssV2.cvssData.userInteractionRequired) #end
#end
#if($vuln.cvssV3)
$vuln.cvssV3.cvssData.baseScore
#if($vuln.cvssV3.cvssData.attackVector)$enc.xml($vuln.cvssV3.cvssData.attackVector)#end
#if($vuln.cvssV3.cvssData.attackComplexity)$enc.xml($vuln.cvssV3.cvssData.attackComplexity)#end
#if($vuln.cvssV3.cvssData.privilegesRequired)$enc.xml($vuln.cvssV3.cvssData.privilegesRequired)#end
#if($vuln.cvssV3.cvssData.userInteraction)$enc.xml($vuln.cvssV3.cvssData.userInteraction)#end
#if($vuln.cvssV3.cvssData.scope)$enc.xml($vuln.cvssV3.cvssData.scope)#end
#if($vuln.cvssV3.cvssData.confidentialityImpact)$enc.xml($vuln.cvssV3.cvssData.confidentialityImpact)#end
#if($vuln.cvssV3.cvssData.integrityImpact)$enc.xml($vuln.cvssV3.cvssData.integrityImpact)#end
#if($vuln.cvssV3.cvssData.availabilityImpact)$enc.xml($vuln.cvssV3.cvssData.availabilityImpact)#end
#if($vuln.cvssV3.cvssData.baseSeverity)$enc.xml($vuln.cvssV3.cvssData.baseSeverity)#end
#if($vuln.cvssV3.cvssData.exploitabilityScore)$enc.xml($vuln.cvssV3.cvssData.exploitabilityScore) #end
#if($vuln.cvssV3.cvssData.impactScore)$enc.xml($vuln.cvssV3.cvssData.impactScore) #end
#if($vuln.cvssV3.cvssData.version)$enc.xml($vuln.cvssV3.cvssData.version) #end
#end
#if (!$vuln.cwes.isEmpty())
#foreach($cweEntry in $vuln.cwes.entries)
#if($cweEntry)$enc.xml($cweEntry) #end
#end
#end
$enc.xml($vuln.description)
#if ($vuln.notes)
$enc.xml($vuln.notes)
#end
#foreach($ref in $vuln.getReferences())
$enc.xml($ref.source)
#if($ref.url)$enc.xml($ref.url) #end
#if($ref.name)$enc.xml($ref.name) #end
#end
#foreach($vs in $vuln.getVulnerableSoftware(true))
$enc.xml($vs.toCpe23FS())
#end
#end
#end
#end