endency-check-core.8.0.0.source-code.dependencycheck-base-hint.xml Maven / Gradle / Ivy
<?xml version="1.0" encoding="UTF-8"?> <hints xmlns="https://jeremylong.github.io/DependencyCheck/dependency-hint.1.3.xsd"> <hint> <given><!-- NOTE: these are OR conditions --> <evidence type="product" source="Manifest" name="Implementation-Title" value="Spring Framework" confidence="HIGH"/> <evidence type="product" source="Manifest" name="Implementation-Title" value="org.springframework.core" confidence="HIGH"/> <evidence type="product" source="Manifest" name="Implementation-Title" value="spring-core" confidence="HIGH"/> <evidence type="vendor" source="pom" name="groupid" value="org.springframework" confidence="HIGHEST"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="product" source="jar" name="package name" value="springframework" confidence="LOW"/> <fileName contains="spring"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence regex="true" type="vendor" source="pom" name="groupid" value="org\.springframework\.amqp" confidence="HIGHEST"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="spring_advanced_message_queuing_protocol" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence regex="true" type="vendor" source="pom" name="groupid" value="org\.springframework.*" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence regex="true" type="vendor" source="gradle" name="groupid" value="org\.springframework.*" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="SpringSource" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence regex="true" type="vendor" source="pom" name="groupid" value="org\.hibernate.*" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="redhat" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence regex="true" type="vendor" source="pom" name="groupid" value="org\.hibernate" /> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="orm" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence regex="true" type="vendor" source="pom" name="name" value=".*\bO/RM\b.*" /> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="orm" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence regex="true" type="vendor" source="pom" name="groupid" value="org\.hornetq" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="redhat" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence regex="true" type="vendor" source="pom" name="groupid" value="org\.fusesource\.hawtjni" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="redhat" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence regex="true" type="vendor" source="pom" name="groupid" value="org\.wildfly(\..*)?" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="redhat" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="product" source="jar" name="package name" value="springframework" confidence="LOW"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="springsource_spring_framework" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="vmware" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="product" source="Manifest" name="Implementation-Title" regex="true" value="spring-.*" confidence="HIGH"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal software" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="vendor" source="composer.lock" name="vendor" value="symfony" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="sensiolabs" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="vendor" source="composer.lock" name="vendor" value="zendframework" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="zend" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="product" source="composer.lock" name="product" value="zendframework" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="zend_framework" confidence="HIGHEST"/> </add> </hint> <!-- begin hack for temporary patch of issue #534--> <hint> <given> <fileName regex="true" contains=".*hibernate-validator-5\.0\..*"/> </given> <add> <evidence type="version" source="hint" name="version" value="5.0" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName regex="true" contains=".*hibernate-validator-5\.1\.[01].*"/> </given> <add> <evidence type="version" source="hint" name="version" value="5.1" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName regex="true" contains=".*hibernate-validator-4\.1\..*"/> </given> <add> <evidence type="version" source="hint" name="version" value="4.1.0" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName regex="true" contains=".*hibernate-validator-4\.2\.0.*"/> </given> <add> <evidence type="version" source="hint" name="version" value="4.2.0" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName regex="true" contains=".*hibernate-validator-4\.3\.[01]\..*"/> </given> <add> <evidence type="version" source="hint" name="version" value="4.3.0" confidence="HIGHEST"/> </add> </hint> <!-- end hack for temporary patch of issue #534--> <!-- creating a spring boot starter project can cause your app to incorrectly be flagged as spring--> <hint> <given> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGHEST"/> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGH"/> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="MEDIUM"/> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="LOW"/> </given> <remove> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGHEST"/> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="HIGH"/> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="MEDIUM"/> <evidence type="product" source="pom" name="parent-artifactid" value="spring-boot-starter-parent" confidence="LOW"/> </remove> </hint> <hint> <given> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGHEST"/> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGH"/> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="MEDIUM"/> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="LOW"/> </given> <remove> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGHEST"/> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="HIGH"/> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="MEDIUM"/> <evidence type="vendor" source="pom" name="parent-groupid" value="org.springframework.boot" confidence="LOW"/> </remove> </hint> <!-- The following hint is from the google group discussion found here: https://mail.google.com/mail/u/0/?zx=trb89qxxa4e5#inbox/15defe7b224506a2 --> <hint> <given> <fileName contains="mysql-connector.*" regex="true"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="mysql_connectors" confidence="HIGHEST"/> <evidence type="product" source="hint analyzer" name="product" value="mysql_connector_j" confidence="HIGHEST"/> <evidence type="product" source="hint analyzer" name="product" value="mysql_connector/j" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="oracle" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="product" name="artifactId" value="icu4j"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="international_components_for_unicode" confidence="HIGHEST"/> </add> </hint> <vendorDuplicatingHint value="sun" duplicate="oracle"/> <vendorDuplicatingHint value="oracle" duplicate="sun"/> <vendorDuplicatingHint value="icu4j" duplicate="unicode"/> <vendorDuplicatingHint value="icu4j" duplicate="icu-project"/> <vendorDuplicatingHint value="unicode" duplicate="icu-project"/> <vendorDuplicatingHint value="icu-project" duplicate="unicode"/> <!--additional hints from community--> <hint> <given> <fileName contains="bsh-.*" regex="true"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="beanshell" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="beanshell_project" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName contains="opensaml-.*" regex="true"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="opensaml" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="shibboleth" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName contains="jenkins.*\.war" regex="true"/> </given> <remove> <evidence type="version" name="hudson-version" value=".*" regex="true"/> </remove> </hint> <hint> <given> <fileName contains="htmlcleaner-.*" regex="true"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="htmlcleaner" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="htmlcleaner_project" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="product" source="Manifest" name="bundle-symbolicname" value="cq.quickstart.quickstart.jar.global.apis" /> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="experience manager" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="adobe" confidence="HIGHEST"/> </add> </hint> <hint> <given> <fileName contains="not-yet-commons-ssl-.*" regex="true"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="not_yet_commons_ssl" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="not_yet_commons_ssl_project" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence regex="true" type="vendor" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/> <evidence regex="true" type="product" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/> </given> <remove> <evidence regex="true" type="vendor" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/> <evidence regex="true" type="product" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/> </remove> </hint> <hint> <given> <evidence type="vendor" source="Manifest" name="Implementation-Vendor-Id" value="org.primefaces" confidence="MEDIUM"/> <evidence type="vendor" source="pom" name="groupid" value="org.primefaces" confidence="HIGHEST"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="primetek" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="vendor" source="Manifest" name="Implementation-Vendor" value="JBoss Inc." confidence="HIGH"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="redhat" confidence="HIGH"/> </add> </hint> <hint> <given> <evidence type="product" source="Manifest" name="extension-name" value="org.bouncycastle.bcprovider" confidence="MEDIUM"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="legion-of-the-bouncy-castle-java-crytography-api" confidence="HIGH"/> <evidence type="product" source="hint analyzer" name="product" value="the_bouncy_castle_crypto_package_for_java" confidence="HIGH"/> </add> </hint> <hint> <given> <evidence regex="true" type="vendor" source="pom" name="groupid" value="^.*[\.-]ws([\.-].*)?$"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="web services" confidence="MEDIUM"/> <evidence type="product" source="hint analyzer" name="product" value="web services" confidence="MEDIUM"/> </add> </hint> <hint> <given> <evidence regex="true" type="product" source="pom" name="artifactid" value="^.*[\.-]ws([\.-].*)?$"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="web services" confidence="MEDIUM"/> <evidence type="product" source="hint analyzer" name="product" value="web services" confidence="MEDIUM"/> </add> </hint> <hint> <given> <evidence type="vendor" source="pom" name="groupid" value="com.zeroturnaround"/> <evidence type="vendor" source="pom" name="groupid" value="org.zeroturnaround"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="jrebel" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="vendor" source="Manifest" name="Implementation-Vendor" value="JBoss by Red Hat"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="redhat" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="vendor" source="pom" name="groupid" value="com.datomic"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="cognitect" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="vendor" source="pom" name="groupid" value="io.projectreactor.netty"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="pivotal" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="product" source="grokassembly" name="FileDescription" value="Telerik.Web.UI"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="Progress" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="Telerik" confidence="HIGHEST"/> <evidence type="product" source="hint analyzer" name="product" value="ASP.NET AJAX" confidence="HIGHEST"/> <evidence type="product" source="hint analyzer" name="product" value="UI For ASP.NET AJAX" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="vendor" source="pom" name="groupid" value="org.quartz-scheduler"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="softwareag" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="product" source="pom" name="groupid" value="com.fasterxml.jackson.core"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="modules" confidence="HIGHEST"/> <evidence type="product" source="hint analyzer" name="product" value="java8" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="vendor" source="pom" name="groupid" value="org.cryptacular"/> <evidence type="vendor" source="jar" name="package name" value="cryptacular"/> </given> <add> <evidence type="vendor" source="hint analyzer" name="vendor" value="Virginia Tech" confidence="HIGHEST"/> <evidence type="vendor" source="hint analyzer" name="vendor" value="vt" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="vendor" source="pom" name="url" value="https://www.bouncycastle.org/fips-java"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="legion-of-the-bouncy-castle-fips-java" confidence="HIGHEST"/> <evidence type="product" source="hint analyzer" name="product" value="legion-of-the-bouncy-castle-fips-java-api" confidence="HIGHEST"/> </add> </hint> <hint> <given> <evidence type="product" source="pom" name="name" value="PostgreSQL JDBC Driver"/> <evidence type="product" source="Manifest" name="Implementation-Title" value="PostgreSQL JDBC Driver"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="postgresql_jdbc_driver" confidence="HIGHEST"/> <evidence type="product" source="hint analyzer" name="product" value="pgjdbc" confidence="HIGHEST"/> </add> </hint> <hint> <!-- false negative per issue #4389, NVD has two CPE products in active use for Apache Xerces: xerces2_java and xerces-j --> <given> <evidence type="product" source="pom" name="artifactId" value="xercesImpl"/> <evidence type="product" source="file" name="name" value="xercesImpl"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="xerces-j" confidence="HIGHEST"/> </add> </hint> <hint> <!-- false negative per issue #4930 --> <given> <evidence type="product" source="pom" name="parent-artifactid" value="parquet"/> </given> <add> <evidence type="product" source="hint analyzer" name="product" value="parquet-mr" confidence="HIGH"/> </add> </hint> </hints>