for (JsLibraryResult libraryResult : results) { final JsLibrary lib = libraryResult.getLibrary(); dependency.setName(lib.getName()); dependency.setVersion(libraryResult.getDetectedVersion()); dependency.addEvidence(EvidenceType.VERSION, "file", "version", libraryResult.getDetectedVersion(), Confidence.HIGH); dependency.addEvidence(EvidenceType.PRODUCT, "file", "name", libraryResult.getLibrary().getName(), Confidence.HIGH); final JsVulnerability jsVuln = libraryResult.getVuln(); switch (key) { case "issue": individualVuln.setName(libraryResult.getLibrary().getName() + " issue: " + value.get(0)); individualVuln.addReference(key, key, value.get(0)); break; case "bug": individualVuln.setName(libraryResult.getLibrary().getName() + " bug: " + value.get(0)); individualVuln.addReference(key, key, value.get(0)); break;
private void findVersionVulnerable(JsLibrary lib,String version,List<JsLibraryResult> resultsFound,String regexRequest,String regexResponse) { //Look for vulnerability affecting this specific version.. for(JsVulnerability vuln : lib.getVulnerabilities()) { if(CompareVersionUtil.isUnder(version,vuln.getBelow())) { if(vuln.getAtOrAbove() == null || CompareVersionUtil.atOrAbove(version,vuln.getAtOrAbove())) { Log.info(String.format("Vulnerability found: %s below %s", lib.getName(), vuln.getBelow())); resultsFound.add(new JsLibraryResult(lib,vuln,version,regexRequest,regexResponse)); } } } } }
for (JsLibraryResult libraryResult : results) { final JsLibrary lib = libraryResult.getLibrary(); dependency.setName(lib.getName()); dependency.setVersion(libraryResult.getDetectedVersion()); dependency.addEvidence(EvidenceType.VERSION, "file", "version", libraryResult.getDetectedVersion(), Confidence.HIGH); dependency.addEvidence(EvidenceType.PRODUCT, "file", "name", libraryResult.getLibrary().getName(), Confidence.HIGH); final JsVulnerability jsVuln = libraryResult.getVuln(); switch (key) { case "issue": individualVuln.setName(libraryResult.getLibrary().getName() + " issue: " + value.get(0)); individualVuln.addReference(key, key, value.get(0)); break; case "bug": individualVuln.setName(libraryResult.getLibrary().getName() + " bug: " + value.get(0)); individualVuln.addReference(key, key, value.get(0)); break;