svn commit: r1810055 [2/2] - /ofbiz/tools/security/dependen
Locked
svn commit: r1810055 [2/2] - /ofbiz/tools/security/dependen
 
|
Modified: ofbiz/tools/security/dependency-check/dependency-check-report.html URL: http://svn.apache.org/viewvc/ofbiz/tools/security/dependency-check/dependency-check-report.html?rev=1810055&r1=1810054&r2=1810055&view=diff ============================================================================== --- ofbiz/tools/security/dependency-check/dependency-check-report.html (original) +++ ofbiz/tools/security/dependency-check/dependency-check-report.html Fri Sep 29 06:32:56 2017 @@ -64,16 +64,68 @@ xml += $("#modal-text").text().replace(/\n/g,'\n '); xml += '\n</suppressions>'; $('#modal-text').text(xml).focus().select(); + $('#modal-add-header').toggleClass('active'); }); }); - function copyText(name, sha1, type, val) { + function suppressSwitchTo(switchTo) { + $('#modal-suppress-change-to-sha1').toggleClass('active'); + $('#modal-suppress-change-to-gav').toggleClass('active'); + setCopyText($('#suppress-name').val(), + switchTo, + $('#suppress-'+switchTo).val(), + $('#suppress-type').val(), + $('#suppress-val').val()); + } + function copyText(name, sha1, gav, type, val) { + $('#suppress-name').val(name); + $('#suppress-type').val(type); + $('#suppress-val').val(val); + $('#suppress-sha1').val(sha1); + $('#suppress-gav').val(gav); + if (gav=='') { + if ($('#modal-suppress-change-to-gav').hasClass('active')) { + $('#modal-suppress-change-to-gav').toggleClass('active'); + } + if ($('#modal-suppress-change-to-sha1').hasClass('active')) { + $('#modal-suppress-change-to-sha1').toggleClass('active'); + } + setCopyText(name, 'sha1', sha1, type, val); + } else { + if ($('#modal-suppress-change-to-gav').hasClass('active')) { + $('#modal-suppress-change-to-gav').toggleClass('active'); + } + if (!$('#modal-suppress-change-to-sha1').hasClass('active')) { + $('#modal-suppress-change-to-sha1').toggleClass('active'); + } + setCopyText(name, 'gav', gav, type, val); + } + } + function setCopyText(name, matchType, matchValue, suppressType, suppressVal) { xml = '<suppress>\n'; xml += ' <notes><!'+'[CDATA[\n file name: ' + name + '\n ]]'+'></notes>\n'; - xml += ' <sha1>' + sha1 + '</sha1>\n'; - xml += ' <'+type+'>' + val + '</'+type+'>\n'; + if (matchType=='gav') { + v = matchValue.match(/^[^:]+:[^:]+:/); + if (v && v[0]) { + xml += ' <'+matchType+' regex="true">^' + v[0].replace(/\./g,'\\.') + '.*$</'+matchType+'>\n'; + } else { + xml += ' <'+matchType+'>' + matchValue + '</'+matchType+'>\n'; + } + } else { + xml += ' <'+matchType+'>' + matchValue + '</'+matchType+'>\n'; + } + if (suppressType=='cpe') { + v = suppressVal.match(/^cpe:\/a:[^:]+:[^:]+/); + if (v && v[0]) { + xml += ' <'+suppressType+'>' + v[0] + '</'+suppressType+'>\n'; + } else { + xml += ' <'+suppressType+'>' + suppressVal + '</'+suppressType+'>\n'; + } + } else { + xml += ' <'+suppressType+'>' + suppressVal + '</'+suppressType+'>\n'; + } xml += '</suppress>'; $('#modal-text').text(xml); - $('#modal-content,#modal-background').toggleClass('active'); + $('#modal-content,#modal-background').addClass('active'); $('#modal-text').focus(); $('#modal-text').select(); } @@ -131,6 +183,12 @@ #modal-text:focus { outline: none; } + .suppresstype { + display: none; + } + .suppresstype.active { + display: block; + } .suppressedLabel { cursor: default; padding:1px; @@ -485,6 +543,11 @@ <div id="modal-background"></div> <div id="modal-content"> <div>Press CTR-C to copy XML <a href="http://jeremylong.github.io/DependencyCheck/general/suppression.html" class="infolink" target="_blank" title="Help with suppressing false positives">[help]</a></div> + <button onclick="suppressSwitchTo('gav')" id="modal-suppress-change-to-gav" class="modal-button suppresstype" title="Supress by Maven Group Artifact Version">Suppress By GAV</button> + <button onclick="suppressSwitchTo('sha1')" id="modal-suppress-change-to-sha1" class="modal-button suppresstype" title="Supress by SHA1 hash">Suppress By SHA1</button><br/> + <input type="hidden" id="suppress-name"/> + <input type="hidden" id="suppress-type"/><input type="hidden" id="suppress-val"/> + <input type="hidden" id="suppress-sha1"/><input type="hidden" id="suppress-gav"/> <textarea id="modal-text" cols="50" rows="10" readonly></textarea><br/> <button id="modal-add-header" title="Add the parent XML nodes to create the complete XML file that can be used to suppress this finding" class="modal-button">Complete XML Doc</button><button id="modal-close" class="modal-button-right">Close</button> </div> @@ -496,37 +559,42 @@ the reporting provided constitutes accep implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the userâs risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.</p> +<h3><a href="http://jeremylong.github.io/DependencyCheck/general/thereport.html" target="_blank">How to read the report</a> | +<a href="http://jeremylong.github.io/DependencyCheck/general/suppression.html" target="_blank">Suppressing false positives</a> | +Getting Help: <a href="https://groups.google.com/forum/#!forum/dependency-check" target="_blank">google group</a> | +<a href="https://github.com/jeremylong/DependencyCheck/issues" target="_blank">github issues</a></h3> <h2 class="">Project: ofbiz</h2> <div class=""> - Scan Information (<a href="#" title="Click to toggle display" onclick="return toggleDisplay(this, '.scaninfo', 'show all', 'show less'); return false;">show all</a>):<br/> + Scan Information (<a href="#" title="Click to toggle display" onclick="return toggleDisplay(this, '.scaninfo', 'show all', 'show less'); return false;">show all</a>):<br/> <ul class="indent"> - <li><i>dependency-check version</i>: 1.4.0</li> - <li><i>Report Generated On</i>: févr. 11, 2017 at 14:09:13 CET</li> - <li><i>Dependencies Scanned</i>: 425</li> - <li><i>Vulnerable Dependencies</i>: 82</li> - <li><i>Vulnerabilities Found</i>: 361</li> + <li><i>dependency-check version</i>: 2.1.1</li> + <li><i>Report Generated On</i>: sept. 27, 2017 at 15:56:54 +02:00</li> + <li><i>Dependencies Scanned</i>: 444 (442 unique)</li> + <li><i>Vulnerable Dependencies</i>: <span id="vulnerableCount">129</span></li> + <li><i>Vulnerabilities Found</i>: 534</li> <li><i>Vulnerabilities Suppressed</i>: 0</li> <li class="scaninfo">...</li> - <li class="scaninfo hidden"><i>NVD CVE 2002</i>: 03/02/2017 09:06:57</li> - <li class="scaninfo hidden"><i>NVD CVE 2003</i>: 03/01/2017 09:25:13</li> - <li class="scaninfo hidden"><i>NVD CVE 2004</i>: 02/02/2017 09:05:56</li> - <li class="scaninfo hidden"><i>NVD CVE 2005</i>: 20/01/2017 09:25:07</li> - <li class="scaninfo hidden"><i>NVD CVE 2006</i>: 20/01/2017 09:22:50</li> - <li class="scaninfo hidden"><i>NVD CVE 2007</i>: 20/01/2017 09:20:14</li> - <li class="scaninfo hidden"><i>NVD CVE 2008</i>: 20/01/2017 09:17:42</li> - <li class="scaninfo hidden"><i>NVD CVE 2009</i>: 08/02/2017 09:10:21</li> - <li class="scaninfo hidden"><i>NVD CVE 2010</i>: 09/02/2017 09:09:26</li> - <li class="scaninfo hidden"><i>NVD CVE 2011</i>: 08/02/2017 09:08:02</li> - <li class="scaninfo hidden"><i>NVD CVE 2012</i>: 11/02/2017 09:09:05</li> - <li class="scaninfo hidden"><i>NVD CVE 2013</i>: 10/02/2017 09:06:36</li> - <li class="scaninfo hidden"><i>NVD CVE 2014</i>: 11/02/2017 09:06:56</li> - <li class="scaninfo hidden"><i>NVD CVE 2015</i>: 02/02/2017 09:04:55</li> - <li class="scaninfo hidden"><i>NVD CVE 2017</i>: 11/02/2017 09:00:08</li> - <li class="scaninfo hidden"><i>NVD CVE Checked</i>: 11/02/2017 13:59:58</li> - <li class="scaninfo hidden"><i>NVD CVE Modified</i>: 11/02/2017 12:00:39</li> - <li class="scaninfo hidden"><i>VersionCheckOn</i>: 1486096882201</li> + <li class="scaninfo hidden"><i>NVD CVE 2002</i>: 21/09/2017 09:13:36</li> + <li class="scaninfo hidden"><i>NVD CVE 2003</i>: 29/08/2017 09:31:01</li> + <li class="scaninfo hidden"><i>NVD CVE 2004</i>: 17/08/2017 09:29:57</li> + <li class="scaninfo hidden"><i>NVD CVE 2005</i>: 16/09/2017 09:25:56</li> + <li class="scaninfo hidden"><i>NVD CVE 2006</i>: 03/09/2017 09:26:27</li> + <li class="scaninfo hidden"><i>NVD CVE 2007</i>: 08/09/2017 09:27:55</li> + <li class="scaninfo hidden"><i>NVD CVE 2008</i>: 08/09/2017 09:25:36</li> + <li class="scaninfo hidden"><i>NVD CVE 2009</i>: 19/09/2017 09:29:07</li> + <li class="scaninfo hidden"><i>NVD CVE 2010</i>: 27/09/2017 09:21:55</li> + <li class="scaninfo hidden"><i>NVD CVE 2011</i>: 27/09/2017 14:29:09</li> + <li class="scaninfo hidden"><i>NVD CVE 2012</i>: 27/09/2017 09:14:30</li> + <li class="scaninfo hidden"><i>NVD CVE 2013</i>: 22/09/2017 09:14:33</li> + <li class="scaninfo hidden"><i>NVD CVE 2014</i>: 27/09/2017 09:11:53</li> + <li class="scaninfo hidden"><i>NVD CVE 2015</i>: 27/09/2017 09:08:47</li> + <li class="scaninfo hidden"><i>NVD CVE 2016</i>: 27/09/2017 14:29:11</li> + <li class="scaninfo hidden"><i>NVD CVE 2017</i>: 27/09/2017 09:02:28</li> + <li class="scaninfo hidden"><i>NVD CVE Checked</i>: 27/09/2017 15:54:11</li> + <li class="scaninfo hidden"><i>NVD CVE Modified</i>: 27/09/2017 14:00:45</li> + <li class="scaninfo hidden"><i>VersionCheckOn</i>: 1506520451876</li> </ul><br/> Display: <a href="#" title="Click to toggle display" onclick="return toggleDisplay(this, '.notvulnerable', 'Showing Vulnerable Dependencies (click to show all)', 'Showing All Dependencies (click to show less)'); return false;">Showing Vulnerable Dependencies (click to show all)</a><br/><br/> <table id="summaryTable" class="lined"> @@ -540,404 +608,421 @@ arising out of or in connection with the <th class="sortable" data-sort="int" title="The count of evidence collected to identify the CPE">Evidence Count</th> </tr></thead> <tr class="notvulnerable"> - <td data-sort-value="antlr-2.7.6.jar"><a href="#l1_cf4f67dae5df4f9932ae7810f4548ef3e14dd35e">antlr-2.7.6.jar</a></td> + <td data-sort-value="ANTLR-2.7.6.JAR"><a href="#l1_cf4f67dae5df4f9932ae7810f4548ef3e14dd35e">antlr-2.7.6.jar</a></td> <td data-sort-value=""> </td> - <td data-sort-value="antlr:antlr:2.7.6"> <a href="http://search.maven.org/remotecontent?filepath=antlr/antlr/2.7.6/antlr-2.7.6.jar" target="_blank">antlr:antlr:2.7.6</a> + <td data-sort-value="antlr:antlr:2.7.6"> <a href="http://search.maven.org/#search|ga|1|1%3A%22cf4f67dae5df4f9932ae7810f4548ef3e14dd35e%22" target="_blank">antlr:antlr:2.7.6</a> <span title="verified from repo" style="color:green">✓</span> </td> <td data-sort-value="-10"> </td> <td>0</td> <td data-sort-value="0"></td> - <td>11</td> + <td>14</td> </tr> <tr class="notvulnerable"> - <td data-sort-value="aopalliance-1.0.jar"><a href="#l2_0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8">aopalliance-1.0.jar</a></td> + <td data-sort-value="AOPALLIANCE-1.0.JAR"><a href="#l2_0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8">aopalliance-1.0.jar</a></td> <td data-sort-value=""> </td> - <td data-sort-value="aopalliance:aopalliance:1.0"> <a href="http://search.maven.org/remotecontent?filepath=aopalliance/aopalliance/1.0/aopalliance-1.0.jar" target="_blank">aopalliance:aopalliance:1.0</a> + <td data-sort-value="aopalliance:aopalliance:1.0"> <a href="http://search.maven.org/#search|ga|1|1%3A%220235ba8b489512805ac13a8f9ea77a1ca5ebe3e8%22" target="_blank">aopalliance:aopalliance:1.0</a> <span title="verified from repo" style="color:green">✓</span> </td> <td data-sort-value="-10"> </td> <td>0</td> <td data-sort-value="0"></td> - <td>13</td> + <td>16</td> </tr> <tr class="notvulnerable"> - <td data-sort-value="xercesImpl-2.9.1.jar"><a href="#l3_7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6">xercesImpl-2.9.1.jar</a></td> - <td data-sort-value=""> - </td> - <td data-sort-value="xerces:xercesImpl:2.9.1"> <a href="http://search.maven.org/remotecontent?filepath=xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar" target="_blank">xerces:xercesImpl:2.9.1</a> + <td data-sort-value="XERCESIMPL-2.9.1.JAR"><a href="#l3_7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6">xercesImpl-2.9.1.jar</a></td> + <td data-sort-value=""> + </td> + <td data-sort-value="xerces:xercesimpl:2.9.1"> <a href="http://search.maven.org/remotecontent?filepath=xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar" target="_blank">xerces:xercesImpl:2.9.1</a> <span title="verified from repo" style="color:green">✓</span> </td> <td data-sort-value="-10"> </td> <td>0</td> <td data-sort-value="0"></td> - <td>55</td> + <td>47</td> </tr> <tr class="notvulnerable"> [... 84645 lines stripped ...] |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |