endency-check-core.5.0.0-M3.source-code.dependencycheck-base-hint.xml Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of dependency-check-core Show documentation
Show all versions of dependency-check-core Show documentation
dependency-check-core is the engine and reporting tool used to identify and report if there are any known, publicly disclosed vulnerabilities in the scanned project's dependencies. The engine extracts meta-data from the dependencies and uses this to do fuzzy key-word matching against the Common Platfrom Enumeration (CPE), if any CPE identifiers are found the associated Common Vulnerability and Exposure (CVE) entries are added to the generated report.
<?xml version="1.0" encoding="UTF-8"?> <hints xmlns="https://jeremylong.github.io/DependencyCheck/dependency-hint.1.3.xsd"> <hint> <given><!-- NOTE: these are OR conditions --> <evidence type="product" source="Manifest" name="Implementation-Title" value="Spring Framework" confidence="HIGH"/> <evidence type="product" source="Manifest" name="Implementation-Title" value="org.springframework.core" confidence="HIGH"/> <evidence type="product" source="Manifest" name="Implementation-Title" value="spring-core" confidence="HIGH"/> <evidence type="vendor" source="pom" name="groupid" value="springframework" confidence="HIGHEST"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGH"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGH"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGH"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGH"/> </add> </hint> <hint> <given> <evidence type="product" source="jar" name="package name" value="springframework" confidence="LOW"/> <fileName contains="spring"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGH"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGH"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGH"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGH"/> </add> </hint> <hint> <given> <evidence regex="true" type="vendor" source="pom" name="groupid" value="org\.springframework.*" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGH"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGH"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGH"/> </add> </hint> <hint> <given> <evidence type="product" source="jar" name="package name" value="springframework" confidence="LOW"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGH"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGH"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGH"/> </add> </hint> <hint> <given> <evidence type="product" source="Manifest" name="Implementation-Title" regex="true" value="spring-.*" confidence="HIGH"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="product" source="Manifest" name="Bundle-Name" value="Spring Security Core" confidence="MEDIUM"/> <evidence type="product" source="pom" name="artifactid" value="spring-security-core" confidence="HIGH"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGH"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGH"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGH"/> </add> </hint> <hint> <given> <evidence type="vendor" source="composer.lock" name="vendor" value="symfony" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="sensiolabs" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="vendor" source="composer.lock" name="vendor" value="zendframework" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="zend" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="product" source="composer.lock" name="product" value="zendframework" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="zend_framework" confidence="HIGHEST"/> </add> </hint> <!-- begin hack for temporary patch of issue #534--> <hint> <given> <fileName regex="true" contains=".*hibernate-validator-5\.0\..*"/> </given> <add> <evidence type="version" source="hint" name="version" value="5.0" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName regex="true" contains=".*hibernate-validator-5\.1\.[01].*"/> </given> <add> <evidence type="version" source="hint" name="version" value="5.1" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName regex="true" contains=".*hibernate-validator-4\.1\..*"/> </given> <add> <evidence type="version" source="hint" name="version" value="4.1.0" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName regex="true" contains=".*hibernate-validator-4\.2\.0.*"/> </given> <add> <evidence type="version" source="hint" name="version" value="4.2.0" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName regex="true" contains=".*hibernate-validator-4\.3\.[01]\..*"/> </given> <add> <evidence type="version" source="hint" name="version" value="4.3.0" confidence="HIGHEST"/> </add> </hint> <!-- end hack for temporary patch of issue #534--> <!-- creating a spring boot starter project can cause your app to incorrectly be flagged as spring--> <hint> <given> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGHEST"/> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGH"/> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="MEDIUM"/> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="LOW"/> </given> <remove> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGHEST"/> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGH"/> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="MEDIUM"/> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="LOW"/> </remove> </hint> <hint> <given> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGHEST"/> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGH"/> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="MEDIUM"/> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="LOW"/> </given> <remove> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGHEST"/> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGH"/> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="MEDIUM"/> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="LOW"/> </remove> </hint> <!-- The following hint is from the google group discussion found here: https://mail.google.com/mail/u/0/?zx=trb89qxxa4e5#inbox/15defe7b224506a2 --> <hint> <given> <fileName contains="mysql-connector.*" regex="true"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="mysql_connectors" confidence="HIGHEST"/> <evidence type="product" source="hint analyzer" name="product" value="mysql_connector_j" confidence="HIGHEST"/> <evidence type="product" source="hint analyzer" name="product" value="mysql_connector/j" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="oracle" confidence="HIGHEST"/> </add> </hint> <vendorDuplicatingHint value="sun" duplicate="oracle"/> <vendorDuplicatingHint value="oracle" duplicate="sun"/> <!--additional hints from community--> <hint> <given> <fileName contains="bsh-.*" regex="true"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="beanshell" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="beanshell_project" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName contains="opensaml-.*" regex="true"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="opensaml" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="shibboleth" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName contains="htmlcleaner-.*" regex="true"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="htmlcleaner" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="htmlcleaner_project" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName contains="not-yet-commons-ssl-.*" regex="true"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="not_yet_commons_ssl" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="not_yet_commons_ssl_project" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence regex="true" type="vendor" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/> <evidence regex="true" type="product" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/> </given> <remove> <evidence regex="true" type="vendor" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/> <evidence regex="true" type="product" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/> </remove> </hint> <hint> <given> <evidence type="vendor" source="Manifest" name="Implementation-Vendor-Id" value="org.primefaces" confidence="MEDIUM"/> <evidence type="vendor" source="pom" name="groupid" value="primefaces" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="primetek" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="vendor" source="Manifest" name="Implementation-Vendor" value="JBoss Inc." confidence="HIGH"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="redhat" confidence="HIGH"/> </add> </hint> <hint> <given> <evidence type="product" source="Manifest" name="extension-name" value="org.bouncycastle.bcprovider" confidence="MEDIUM"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="legion-of-the-bouncy-castle-java-crytography-api" confidence="HIGH"/> </add> </hint> </hints>