Skip to content

Commit

Permalink
fix: confidentail -> confidentiality
Browse files Browse the repository at this point in the history 
See https://github.com/jeremylong/DependencyCheck/pull/5978\#discussion_r1385802578
  • Loading branch information
@jeremylong
jeremylong committed Nov 10, 2023
1 parent 0c973dd commit 99280ab
Show file tree
Hide file tree
Showing 5 changed files with 295 additions and 10 deletions.
8 changes: 4 additions & 4 deletions core/src/main/java/org/owasp/dependencycheck/reporting/SarifRule.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -596,18 +596,18 @@ public void setCvssv2IntegrityImpact(String cvssv2IntegrityImpact) {
}

/**
* Get the value of CVSS2 Confidential Impact.
* Get the value of CVSS2 Confidentiality Impact.
*
* @return the value of CVSS2 Confidential Impact
* @return the value of CVSS2 Confidentiality Impact
*/
public String getCvssv2ConfidentialityImpact() {
return cvssv2ConfidentialityImpact;
}

/**
* Set the value of CVSS2 Confidential Impact.
* Set the value of CVSS2 Confidentiality Impact.
*
* @param cvssv2ConfidentialityImpact new value of CVSS2 Confidential Impact
* @param cvssv2ConfidentialityImpact new value of CVSS2 Confidentiality Impact
*/
public void setCvssv2ConfidentialityImpact(String cvssv2ConfidentialityImpact) {
this.cvssv2ConfidentialityImpact = cvssv2ConfidentialityImpact;
Expand Down
285 changes: 285 additions & 0 deletions core/src/main/resources/schema/dependency-check.4.0.xsd
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,285 @@
<?xml version="1.0" encoding="utf-8"?>
<xs:schema id="analysis"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified"
targetNamespace="https://jeremylong.github.io/DependencyCheck/dependency-check.4.0.xsd"
xmlns:dc="https://jeremylong.github.io/DependencyCheck/dependency-check.4.0.xsd">
<xs:complexType name="exception">
<xs:sequence>
<xs:element name="message" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="stackTrace" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="trace" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="cause" type="dc:exception" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="scanInfo">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="engineVersion" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="dataSource">
<xs:complexType>
<xs:sequence>
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="timestamp" type="xs:string" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:element name="analysisExceptions" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="exception" type="dc:exception"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="projectInfo">
<xs:sequence>
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="groupID" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="artifactID" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="version" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="reportDate" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="credits" type="xs:string" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="identifier">
<xs:sequence>
<xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="url" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="notes" type="xs:string" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
<xs:attribute name="confidence" type="xs:string" use="optional"/>
</xs:complexType>
<xs:complexType name="relatedDependency">
<xs:sequence>
<xs:element name="fileName" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="filePath" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="sha256" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="sha1" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="md5" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="identifiers" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="package" type="dc:identifier"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name="isVirtual" type="xs:boolean" use="optional"/>
</xs:complexType>
<xs:complexType name="evidence">
<xs:sequence>
<xs:element name="source" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="value" type="xs:string" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
<xs:attribute name="type" type="xs:string" use="required"/>
<xs:attribute name="confidence" type="xs:string" use="required"/>
</xs:complexType>
<xs:complexType name="cvssV2">
<xs:sequence>
<xs:element name="score" type="xs:decimal" minOccurs="1" maxOccurs="1"/>
<xs:element name="accessVector" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="accessComplexity" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="authenticationr" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="confidentialityImpact" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="integrityImpact" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="availabilityImpact" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="severity" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="version" type="xs:decimal" minOccurs="0" maxOccurs="1"/>
<xs:element name="exploitabilityScore" type="xs:decimal" minOccurs="0" maxOccurs="1"/>
<xs:element name="impactScore" type="xs:decimal" minOccurs="0" maxOccurs="1"/>
<xs:element name="acInsufInfo" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
<xs:element name="obtainAllPrivilege" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
<xs:element name="obtainUserPrivilege" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
<xs:element name="obtainOtherPrivilege" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
<xs:element name="userInteractionRequired" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="cvssV3">
<xs:sequence>
<xs:element name="baseScore" type="xs:decimal" minOccurs="1" maxOccurs="1"/>
<xs:element name="attackVector" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="attackComplexity" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="privilegesRequired" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="userInteraction" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="scope" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="confidentialityImpact" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="integrityImpact" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="availabilityImpact" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="baseSeverity" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="exploitabilityScore" type="xs:decimal" minOccurs="0" maxOccurs="1"/>
<xs:element name="impactScore" type="xs:decimal" minOccurs="0" maxOccurs="1"/>
<xs:element name="version" type="xs:decimal" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="reference">
<xs:sequence>
<xs:element name="source" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="url" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="software">
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="vulnerabilityIdMatched" type="xs:boolean"/>
<xs:attribute name="versionStartIncluding" type="xs:string"/>
<xs:attribute name="versionStartExcluding" type="xs:string"/>
<xs:attribute name="versionEndIncluding" type="xs:string"/>
<xs:attribute name="versionEndExcluding" type="xs:string"/>
<xs:attribute name="vulnerable" type="xs:boolean"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:complexType name="severity">
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="unscored" type="xs:boolean"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:complexType name="knownExploitedVulnerability">
<xs:sequence>
<xs:element name="vendorProject" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="product" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="name" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="dateAdded" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="requiredAction" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="dueDate" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="notes" type="xs:string" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="vulnerability">
<xs:sequence>
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="knownExploitedVulnerability" type="dc:knownExploitedVulnerability" minOccurs="0" maxOccurs="1"/>
<xs:element name="severity" type="dc:severity" minOccurs="0" maxOccurs="1"/>
<xs:element name="cvssV2" type="dc:cvssV2" minOccurs="0" maxOccurs="1"/>
<xs:element name="cvssV3" type="dc:cvssV3" minOccurs="0" maxOccurs="1"/>
<xs:element name="cwes" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="cwe" type="xs:string" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="description" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="notes" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="references" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="reference" type="dc:reference"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="vulnerableSoftware" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="software" type="dc:software"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name="source" type="xs:string" use="required"/>
</xs:complexType>
<xs:complexType name="dependency">
<xs:sequence>
<xs:element name="fileName" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="filePath" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="md5" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="sha1" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="sha256" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="license" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="projectReferences" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="projectReference" type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="includedBy" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="reference" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="type" type="xs:string"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="relatedDependencies" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="relatedDependency" type="dc:relatedDependency"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="evidenceCollected" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="evidence" type="dc:evidence"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="identifiers" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="package" type="dc:identifier"/>
</xs:sequence>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="vulnerabilityIds" type="dc:identifier"/>
</xs:sequence>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="suppressedVulnerabilityIds" type="dc:identifier"/>
</xs:sequence>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="vulnerabilities" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="vulnerability" type="dc:vulnerability"/>
</xs:sequence>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="suppressedVulnerability" type="dc:vulnerability"/>
</xs:sequence>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name="isVirtual" type="xs:boolean" use="required"/>
</xs:complexType>
<xs:element name="analysis">
<xs:complexType>
<xs:sequence>
<xs:element name="scanInfo" type="dc:scanInfo"/>
<xs:element name="projectInfo" type="dc:projectInfo"/>
<xs:element name="dependencies">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="dependency" type="dc:dependency"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
4 changes: 2 additions & 2 deletions core/src/main/resources/templates/jsonReport.vsl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@
,"accessVector": "$enc.json($vuln.cvssV2.cvssData.accessVector)"
,"accessComplexity": "$enc.json($vuln.cvssV2.cvssData.accessComplexity)"
,"authenticationr": "$enc.json($vuln.cvssV2.cvssData.authentication)"
,"confidentialImpact": "$enc.json($vuln.cvssV2.cvssData.confidentialityImpact)"
,"confidentialityImpact": "$enc.json($vuln.cvssV2.cvssData.confidentialityImpact)"
,"integrityImpact": "$enc.json($vuln.cvssV2.cvssData.integrityImpact)"
,"availabilityImpact": "$enc.json($vuln.cvssV2.cvssData.availabilityImpact)"
,"severity": "$enc.json($vuln.cvssV2.cvssData.baseSeverity)"
Expand Down Expand Up @@ -284,7 +284,7 @@
,"accessVector": "$enc.json($vuln.cvssV2.cvssData.accessVector)"
,"accessComplexity": "$enc.json($vuln.cvssV2.cvssData.accessComplexity)"
,"authenticationr": "$enc.json($vuln.cvssV2.cvssData.authentication)"
,"confidentialImpact": "$enc.json($vuln.cvssV2.cvssData.confidentialityImpact)"
,"confidentialityImpact": "$enc.json($vuln.cvssV2.cvssData.confidentialityImpact)"
,"integrityImpact": "$enc.json($vuln.cvssV2.cvssData.integrityImpact)"
,"availabilityImpact": "$enc.json($vuln.cvssV2.cvssData.availabilityImpact)"
,"severity": "$enc.json($vuln.cvssV2.cvssData.baseSeverity)"
Expand Down
Loading

0 comments on commit 99280ab

Please sign in to comment.