org.owasp.dependencycheck.dependency

Class Vulnerability

java.lang.Object

org.owasp.dependencycheck.dependency.Vulnerability

All Implemented Interfaces:

Serializable, Comparable<Vulnerability>

@NotThreadSafe
public class Vulnerability
extends Object
implements Serializable, Comparable<Vulnerability>

Contains the information about a vulnerability.

Author:

Jeremy Long

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Vulnerability.Source An enumeration for the source of vulnerability.

Constructor Summary

Constructors

Constructor and Description
Vulnerability() Default constructor.
Vulnerability(String name) Constructs a new Vulnerability by its name.

Method Summary

Modifier and Type	Method and Description
void	addCwe(String cwe) Adds a CWE to the set.
void	addReference(Reference ref) Adds a reference to the references collection.
void	addReference(String referenceSource, String referenceName, String referenceUrl) Adds a reference.
void	addVulnerableSoftware(VulnerableSoftware software) Adds an entry for vulnerable software.
int	compareTo(@NotNull Vulnerability o) Compares two vulnerabilities.
boolean	equals(Object obj)
CvssV2	getCvssV2() Get the CVSS V2 scoring information.
CvssV3	getCvssV3() Get the CVSS V3 scoring information.
CweSet	getCwes() Get the set of CWEs.
String	getDescription() Get the value of description.
VulnerableSoftware	getMatchedVulnerableSoftware() Get the value of matchedVulnerableSoftware.
String	getName() Get the value of name.
String	getNotes() Get the value of notes from suppression notes.
Set<Reference>	getReferences() Get the value of references.
List<Reference>	getReferences(boolean sorted) Returns the list of references.
Vulnerability.Source	getSource() Returns the source that identified the vulnerability.
String	getUnscoredSeverity() Retrieves the severity a Vulnerability.Source has assigned for which a CVSS score is not available.
Set<VulnerableSoftware>	getVulnerableSoftware() Get the value of vulnerableSoftware.
List<VulnerableSoftware>	getVulnerableSoftware(boolean sorted) Returns a sorted list of vulnerable software.
int	hashCode()
void	setCvssV2(CvssV2 cvssV2) Sets the CVSS V2 scoring information.
void	setCvssV3(CvssV3 cvssV3) Sets the CVSS V3 scoring information.
void	setDescription(String description) Set the value of description.
void	setMatchedVulnerableSoftware(VulnerableSoftware software) Sets the CPE that caused this vulnerability to be flagged.
void	setName(String name) Set the value of name.
void	setNotes(String notes) Set the value of notes.
void	setReferences(Set<Reference> references) Set the value of references.
void	setSource(Vulnerability.Source source) Sets the source that identified the vulnerability.
void	setUnscoredSeverity(String unscoredSeverity) Sets the severity a Vulnerability.Source has assigned for which a CVSS score is not available.
void	setVulnerableSoftware(Set<VulnerableSoftware> vulnerableSoftware) Set the value of vulnerableSoftware.
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

Vulnerability

public Vulnerability()

Default constructor.

Vulnerability

public Vulnerability(String name)

Constructs a new Vulnerability by its name.

Parameters:

name - the name of the vulnerability

Method Detail

getName

public String getName()

Get the value of name.

Returns:

the value of name

setName

public void setName(String name)

Set the value of name.

Parameters:

name - new value of name

getDescription

public String getDescription()

Get the value of description.

Returns:

the value of description

setDescription

public void setDescription(String description)

Set the value of description.

Parameters:

description - new value of description

getReferences

public Set<Reference> getReferences()

Get the value of references.

Returns:

the value of references

getReferences

public List<Reference> getReferences(boolean sorted)

Returns the list of references. This is primarily used within the generated reports.

Parameters:

sorted - whether the returned list should be sorted

Returns:

the list of references

setReferences

public void setReferences(Set<Reference> references)

Set the value of references.

Parameters:

references - new value of references

addReference

public void addReference(Reference ref)

Adds a reference to the references collection.

Parameters:

ref - a reference for the vulnerability

addReference

public void addReference(String referenceSource,
                         String referenceName,
                         String referenceUrl)

Adds a reference.

Parameters:

referenceSource - the source of the reference

referenceName - the referenceName of the reference

referenceUrl - the url of the reference

getVulnerableSoftware

public Set<VulnerableSoftware> getVulnerableSoftware()

Get the value of vulnerableSoftware.

Returns:

the value of vulnerableSoftware

getVulnerableSoftware

public List<VulnerableSoftware> getVulnerableSoftware(boolean sorted)

Returns a sorted list of vulnerable software. This is primarily used for display within reports.

Parameters:

sorted - whether or not the list should be sorted

Returns:

the list of vulnerable software

setVulnerableSoftware

public void setVulnerableSoftware(Set<VulnerableSoftware> vulnerableSoftware)

Set the value of vulnerableSoftware.

Parameters:

vulnerableSoftware - new value of vulnerableSoftware

addVulnerableSoftware

public void addVulnerableSoftware(VulnerableSoftware software)

Adds an entry for vulnerable software.

Parameters:

software - the vulnerable software reference to add

getCvssV2

public CvssV2 getCvssV2()

Get the CVSS V2 scoring information.

Returns:

the CVSS V2 scoring information

setCvssV2

public void setCvssV2(CvssV2 cvssV2)

Sets the CVSS V2 scoring information.

Parameters:

cvssV2 - the CVSS V2 scoring information

getCvssV3

public CvssV3 getCvssV3()

Get the CVSS V3 scoring information.

Returns:

the CVSS V3 scoring information

setCvssV3

public void setCvssV3(CvssV3 cvssV3)

Sets the CVSS V3 scoring information.

Parameters:

cvssV3 - the CVSS V3 scoring information

getCwes

public CweSet getCwes()

Get the set of CWEs.

Returns:

the set of CWEs

addCwe

public void addCwe(String cwe)

Adds a CWE to the set.

Parameters:

cwe - new CWE to add

getUnscoredSeverity

public String getUnscoredSeverity()

Retrieves the severity a Vulnerability.Source has assigned for which a CVSS score is not available. Severity could be anything ranging from 'critical', 'high', 'medium', and 'low', to non-traditional labels like 'major', 'minor', and 'important'.

Returns:

the un-scored severity

setUnscoredSeverity

public void setUnscoredSeverity(String unscoredSeverity)

Sets the severity a Vulnerability.Source has assigned for which a CVSS score is not available. Severity could be anything ranging from 'critical', 'high', 'medium', and 'low', to non-traditional labels like 'major', 'minor', and 'important'.

Parameters:

unscoredSeverity - the un-scored severity

getNotes

public String getNotes()

Get the value of notes from suppression notes.

Returns:

the value of notes

setNotes

public void setNotes(String notes)

Set the value of notes.

Parameters:

notes - new value of cwes

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object

compareTo

public int compareTo(@NotNull
                     @NotNull Vulnerability o)

Compares two vulnerabilities.

Specified by:

compareTo in interface Comparable<Vulnerability>

Parameters:

o - a vulnerability to be compared

Returns:

a negative integer, zero, or a positive integer as this object is less than, equal to, or greater than the specified vulnerability

setMatchedVulnerableSoftware

public void setMatchedVulnerableSoftware(VulnerableSoftware software)

Sets the CPE that caused this vulnerability to be flagged.

Parameters:

software - a Vulnerable Software identifier

getMatchedVulnerableSoftware

public VulnerableSoftware getMatchedVulnerableSoftware()

Get the value of matchedVulnerableSoftware.

Returns:

the value of matchedVulnerableSoftware

getSource

public Vulnerability.Source getSource()

Returns the source that identified the vulnerability.

Returns:

the source

setSource

public void setSource(Vulnerability.Source source)

Sets the source that identified the vulnerability.

Parameters:

source - the source