public Boolean isThrowsException() { return this.isAboveThreshold() && !this.isBlacklisted(); } public Boolean isThrowsExceptionExcluded() { return this.isAboveThreshold() && this.isBlacklisted(); }
public boolean isNotReachable() { return !isReachable() && isReachableConfirmed(); } public boolean isNotTraced() { return !isTraced() && isTracedConfirmed(); }
public boolean isNotTraced() { return !isTraced() && isTracedConfirmed(); }
public boolean isNoneAffectedVersion() { return this.getAffectedVersion()==0 && this.getAffectedVersionConfirmed()==1; }
if(analysis.isAffectedVersion()) vulns_total_incl++; if(analysis.isReachable()) vulns_total_reach++; if(analysis.isTraced()) vulns_total_traced++; analysis.setBlacklisted(this.isIgnoredForBuildException(analysis, v.getBug().getBugId())); if(analysis.isBlacklisted()) scope_out++; else scope_in++; if(analysis.isTraced() && analysis.isReachable() && analysis.isReachableConfirmed()) vulns_traced_not_reach++; if(!analysis.isNoneAffectedVersion()) { vulns_incl++; vulnsToReport.add(v); } if(!analysis.isNoneAffectedVersion() && ( analysis.isReachable() || !analysis.isReachableConfirmed() )) { vulns_reach++; vulnsToReport.add(v); } if(!analysis.isNoneAffectedVersion() && ( analysis.isTraced() || !analysis.isTracedConfirmed() )) { vulns_traced++; vulnsToReport.add(v); } if( (exceptionThreshold.equalsIgnoreCase(THRESHOLD_DEP_ON) && ( analysis.isAffectedVersion() || !analysis.isAffectedVersionConfirmed() ) ) || (exceptionThreshold.equalsIgnoreCase(THRESHOLD_POT_EXE) && ( !analysis.isNoneAffectedVersion() && ( analysis.isReachable() || !analysis.isReachableConfirmed() ) ) ) || (exceptionThreshold.equalsIgnoreCase(THRESHOLD_ACT_EXE) && ( !analysis.isNoneAffectedVersion() && ( analysis.isTraced() || !analysis.isTracedConfirmed() ) ) ) ) { analysis.setAboveThreshold(true); } else { analysis.setAboveThreshold(false); if(analysis.isThrowsException()) { v.aboveThreshold = true; vulnsAboveThreshold.add(v);
@Override public int compareTo(Object _o) { VulnerableDependency other = null; if(_o instanceof VulnerableDependency) other = (VulnerableDependency)_o; else throw new IllegalArgumentException(); final int filename_comparison = this.getDep().getFilename().compareTo(other.getDep().getFilename()); final int bugid_comparison = this.getBug().getBugId().compareTo(other.getBug().getBugId()); if(filename_comparison!=0) return filename_comparison; else return bugid_comparison; }
this.historicalVulns.add(v.getBug().getBugId()); this.relevantVulns.add(v.getBug().getBugId()); v.setApp(prj); final AggregatedVuln new_av = new AggregatedVuln(v.getDep().getLib().getDigest(), v.getDep().getFilename(), v.getBug()); final AggregatedVuln added_av = this.update(this.vulns, new_av); if(v.getDep().getLib().getLibraryId()!=null && this.isAmongAggregatedModules(v.getDep().getLib().getLibraryId())) log.warn("Skipping [" + v.getBug().getBugId() + "] for dependency of " + prj + " on " + v.getDep().getLib().getLibraryId() + ", the latter is one of the aggregated modules"); else added_av.addAnalysis(v);
public String getResultAsString() { final StringBuilder builder = new StringBuilder(); // Explanatory text if(exceptionThreshold.equalsIgnoreCase(THRESHOLD_DEP_ON)) builder.append("The application depends on the following vulnerable archives: "); else if(exceptionThreshold.equalsIgnoreCase(THRESHOLD_POT_EXE)) builder.append("The application potentially executes vulnerable code of the following vulnerable archives (or reachability was not checked): "); else if(exceptionThreshold.equalsIgnoreCase(THRESHOLD_ACT_EXE)) builder.append("The application actually executes vulnerable code of the following vulnerable archives (or no tests were run): "); // Will it result in a build exception? int i = 0; for(AggregatedVuln v: this.vulnsAboveThreshold) { for(VulnerableDependency analysis: v.getAnalyses()) { if(analysis.isThrowsException()) { builder.append(System.getProperty("line.separator")).append(" ").append(++i).append(": "); builder.append("[filename=").append(v.filename); builder.append(", scope=").append(analysis.getDep().getScope()); builder.append(", transitive=").append(analysis.getDep().getTransitive()); builder.append(", wellknownSha1=").append(analysis.getDep().getLib().isWellknownDigest()); builder.append(", isAffectedVersionConfirmed=").append(analysis.isAffectedVersionConfirmed()); builder.append(", bug=").append(v.bug.getBugId()).append("]"); } } } return builder.toString(); }
private boolean ignoreUnassessed(VulnerableDependency _a) { if(this.ignoreUnassessed.equalsIgnoreCase(IGN_UNASS_OFF)) return false; else if(this.ignoreUnassessed.equalsIgnoreCase(IGN_UNASS_ALL)) return !_a.isAffectedVersionConfirmed(); else return !_a.isAffectedVersionConfirmed() && _a.getDep().getLib().isWellknownDigest(); }
/** * Returns true if the given analysis will not lead to a build exception according to the * configured scope blacklists and excluded bugs. * @param _a * @param _excl_scopes * @param _excl_bugs * @return */ private boolean isIgnoredForBuildException(VulnerableDependency _a, String _bugid) { return (this.excludedScopes!=null && _a.getDep().getScope()!=null && this.excludedScopes.contains(_a.getDep().getScope().toString(), ComparisonMode.EQUALS, CaseSensitivity.CASE_INSENSITIVE)) || (this.excludedBugs!=null && this.excludedBugs.contains(_bugid, ComparisonMode.EQUALS, CaseSensitivity.CASE_INSENSITIVE)) || (this.ignoreUnassessed(_a)); }
public VulnerableDependency(Dependency d, Bug b){ super(); this.dep = d; this.bug = b; this.evalAffectedVersion(); }
public boolean isAffectedVersion() { return this.getAffectedVersion() == 1; }
public Boolean isThrowsExceptionExcluded() { return this.isAboveThreshold() && this.isBlacklisted(); }