endency-check-core.5.1.1.source-code.dependencycheck-base-hint.xml Maven / Gradle / Ivy
<?xml version="1.0" encoding="UTF-8"?>
<hints xmlns="https://jeremylong.github.io/DependencyCheck/dependency-hint.1.3.xsd">
<hint>
<given><!-- NOTE: these are OR conditions -->
<evidence type="product" source="Manifest" name="Implementation-Title" value="Spring Framework" confidence="HIGH"/>
<evidence type="product" source="Manifest" name="Implementation-Title" value="org.springframework.core" confidence="HIGH"/>
<evidence type="product" source="Manifest" name="Implementation-Title" value="spring-core" confidence="HIGH"/>
<evidence type="vendor" source="pom" name="groupid" value="springframework" confidence="HIGHEST"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence type="product" source="jar" name="package name" value="springframework" confidence="LOW"/>
<fileName contains="spring"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence regex="true" type="vendor" source="pom" name="groupid" value="org\.springframework.*" confidence="HIGHEST"/>
</given>
<add>
<evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence regex="true" type="vendor" source="pom" name="groupid" value="org\.hibernate.*" confidence="HIGHEST"/>
</given>
<add>
<evidence type="vendor" source="hint analyzer" name="vendor" value="redhat" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence regex="true" type="vendor" source="pom" name="groupid" value="org\.hornetq" confidence="HIGHEST"/>
</given>
<add>
<evidence type="vendor" source="hint analyzer" name="vendor" value="redhat" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence regex="true" type="vendor" source="pom" name="groupid" value="org\.fusesource\.hawtjni" confidence="HIGHEST"/>
</given>
<add>
<evidence type="vendor" source="hint analyzer" name="vendor" value="redhat" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence regex="true" type="vendor" source="pom" name="groupid" value="org\.wildfly(\..*)?" confidence="HIGHEST"/>
</given>
<add>
<evidence type="vendor" source="hint analyzer" name="vendor" value="redhat" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence type="product" source="jar" name="package name" value="springframework" confidence="LOW"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence type="product" source="Manifest" name="Implementation-Title" regex="true" value="spring-.*" confidence="HIGH"/>
</given>
<add>
<evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence type="product" source="Manifest" name="Bundle-Name" value="Spring Security Core" confidence="MEDIUM"/>
<evidence type="product" source="pom" name="artifactid" value="spring-security-core" confidence="HIGH"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence type="vendor" source="composer.lock" name="vendor" value="symfony" confidence="HIGHEST"/>
</given>
<add>
<evidence type="vendor" source="hint analyzer" name="vendor" value="sensiolabs" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence type="vendor" source="composer.lock" name="vendor" value="zendframework" confidence="HIGHEST"/>
</given>
<add>
<evidence type="vendor" source="hint analyzer" name="vendor" value="zend" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence type="product" source="composer.lock" name="product" value="zendframework" confidence="HIGHEST"/>
</given>
<add>
<evidence type="vendor" source="hint analyzer" name="vendor" value="zend_framework" confidence="HIGHEST"/>
</add>
</hint>
<!-- begin hack for temporary patch of issue #534-->
<hint>
<given>
<fileName regex="true" contains=".*hibernate-validator-5\.0\..*"/>
</given>
<add>
<evidence type="version" source="hint" name="version" value="5.0" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<fileName regex="true" contains=".*hibernate-validator-5\.1\.[01].*"/>
</given>
<add>
<evidence type="version" source="hint" name="version" value="5.1" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<fileName regex="true" contains=".*hibernate-validator-4\.1\..*"/>
</given>
<add>
<evidence type="version" source="hint" name="version" value="4.1.0" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<fileName regex="true" contains=".*hibernate-validator-4\.2\.0.*"/>
</given>
<add>
<evidence type="version" source="hint" name="version" value="4.2.0" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<fileName regex="true" contains=".*hibernate-validator-4\.3\.[01]\..*"/>
</given>
<add>
<evidence type="version" source="hint" name="version" value="4.3.0" confidence="HIGHEST"/>
</add>
</hint>
<!-- end hack for temporary patch of issue #534-->
<!-- creating a spring boot starter project can cause your app to incorrectly be flagged as spring-->
<hint>
<given>
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGHEST"/>
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGH"/>
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="MEDIUM"/>
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="LOW"/>
</given>
<remove>
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGHEST"/>
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGH"/>
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="MEDIUM"/>
<evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="LOW"/>
</remove>
</hint>
<hint>
<given>
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGHEST"/>
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGH"/>
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="MEDIUM"/>
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="LOW"/>
</given>
<remove>
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGHEST"/>
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGH"/>
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="MEDIUM"/>
<evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="LOW"/>
</remove>
</hint>
<!--
The following hint is from the google group discussion found here: https://mail.google.com/mail/u/0/?zx=trb89qxxa4e5#inbox/15defe7b224506a2
-->
<hint>
<given>
<fileName contains="mysql-connector.*" regex="true"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="product" value="mysql_connectors" confidence="HIGHEST"/>
<evidence type="product" source="hint analyzer" name="product" value="mysql_connector_j" confidence="HIGHEST"/>
<evidence type="product" source="hint analyzer" name="product" value="mysql_connector/j" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="oracle" confidence="HIGHEST"/>
</add>
</hint>
<vendorDuplicatingHint value="sun" duplicate="oracle"/>
<vendorDuplicatingHint value="oracle" duplicate="sun"/>
<!--additional hints from community-->
<hint>
<given>
<fileName contains="bsh-.*" regex="true"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="product" value="beanshell" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="beanshell_project" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<fileName contains="opensaml-.*" regex="true"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="product" value="opensaml" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="shibboleth" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<fileName contains="htmlcleaner-.*" regex="true"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="product" value="htmlcleaner" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="htmlcleaner_project" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<fileName contains="not-yet-commons-ssl-.*" regex="true"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="product" value="not_yet_commons_ssl" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="not_yet_commons_ssl_project" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence regex="true" type="vendor" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/>
<evidence regex="true" type="product" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/>
</given>
<remove>
<evidence regex="true" type="vendor" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/>
<evidence regex="true" type="product" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/>
</remove>
</hint>
<hint>
<given>
<evidence type="vendor" source="Manifest" name="Implementation-Vendor-Id" value="org.primefaces" confidence="MEDIUM"/>
<evidence type="vendor" source="pom" name="groupid" value="primefaces" confidence="HIGHEST"/>
</given>
<add>
<evidence type="vendor" source="hint analyzer" name="vendor" value="primetek" confidence="HIGHEST"/>
</add>
</hint>
<hint>
<given>
<evidence type="vendor" source="Manifest" name="Implementation-Vendor" value="JBoss Inc." confidence="HIGH"/>
</given>
<add>
<evidence type="vendor" source="hint analyzer" name="vendor" value="redhat" confidence="HIGH"/>
</add>
</hint>
<hint>
<given>
<evidence type="product" source="Manifest" name="extension-name" value="org.bouncycastle.bcprovider" confidence="MEDIUM"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="product" value="legion-of-the-bouncy-castle-java-crytography-api" confidence="HIGH"/>
</add>
</hint>
</hints>