final JsVulnerability jsVuln = libraryResult.getVuln(); if (jsVuln.getIdentifiers().containsKey("CVE") || jsVuln.getIdentifiers().containsKey("osvdb")) { for (Map.Entry<String, List<String>> entry : jsVuln.getIdentifiers().entrySet()) { final String key = entry.getKey(); final List<String> value = entry.getValue(); vuln.setUnscoredSeverity(jsVuln.getSeverity()); vuln.setSource(Vulnerability.Source.RETIREJS); for (String info : jsVuln.getInfo()) { vuln.addReference("info", "info", info); vuln.setName(osvdb); vuln.setSource(Vulnerability.Source.RETIREJS); vuln.setUnscoredSeverity(jsVuln.getSeverity()); for (String info : jsVuln.getInfo()) { vuln.addReference("info", "info", info); for (Map.Entry<String, List<String>> entry : jsVuln.getIdentifiers().entrySet()) { final String key = entry.getKey(); final List<String> value = entry.getValue(); individualVuln.setUnscoredSeverity(jsVuln.getSeverity()); for (String info : jsVuln.getInfo()) { individualVuln.addReference("info", "info", info);
private void findVersionVulnerable(JsLibrary lib,String version,List<JsLibraryResult> resultsFound,String regexRequest,String regexResponse) { //Look for vulnerability affecting this specific version.. for(JsVulnerability vuln : lib.getVulnerabilities()) { if(CompareVersionUtil.isUnder(version,vuln.getBelow())) { if(vuln.getAtOrAbove() == null || CompareVersionUtil.atOrAbove(version,vuln.getAtOrAbove())) { Log.info(String.format("Vulnerability found: %s below %s", lib.getName(), vuln.getBelow())); resultsFound.add(new JsLibraryResult(lib,vuln,version,regexRequest,regexResponse)); } } } } }
new HashMap<String,List<String>>(); String severity = vuln.has("severity") ? vuln.getString("severity") : "medium"; lib.getVulnerabilities().add(new JsVulnerability(atOrAbove, below, info,identifiers,severity));
final JsVulnerability jsVuln = libraryResult.getVuln(); if (jsVuln.getIdentifiers().containsKey("CVE") || jsVuln.getIdentifiers().containsKey("osvdb")) { for (Map.Entry<String, List<String>> entry : jsVuln.getIdentifiers().entrySet()) { final String key = entry.getKey(); final List<String> value = entry.getValue(); vuln.setUnscoredSeverity(jsVuln.getSeverity()); vuln.setSource(Vulnerability.Source.RETIREJS); for (String info : jsVuln.getInfo()) { vuln.addReference("info", "info", info); vuln.setName(osvdb); vuln.setSource(Vulnerability.Source.RETIREJS); vuln.setUnscoredSeverity(jsVuln.getSeverity()); for (String info : jsVuln.getInfo()) { vuln.addReference("info", "info", info); for (Map.Entry<String, List<String>> entry : jsVuln.getIdentifiers().entrySet()) { final String key = entry.getKey(); final List<String> value = entry.getValue(); individualVuln.setUnscoredSeverity(jsVuln.getSeverity()); for (String info : jsVuln.getInfo()) { individualVuln.addReference("info", "info", info);