1 /*
2 * This file is part of dependency-check-core.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * Copyright (c) 2016 Jeremy Long. All Rights Reserved.
17 */
18 package org.owasp.dependencycheck.xml.hints;
19
20 import java.util.ArrayList;
21 import java.util.List;
22 import javax.annotation.concurrent.NotThreadSafe;
23 import org.owasp.dependencycheck.dependency.Confidence;
24 import org.owasp.dependencycheck.dependency.Evidence;
25 import org.owasp.dependencycheck.xml.suppression.PropertyType;
26
27 /**
28 * A collection of product and vendor evidence to match; if any evidence is
29 * matched the addVendor and addProduct evidence should be added to the
30 * dependency.
31 *
32 * @author Jeremy Long
33 */
34 @NotThreadSafe
35 public class HintRule {
36
37 /**
38 * The list of file names to match.
39 */
40 private final List<PropertyType> fileNames = new ArrayList<>();
41 /**
42 * The list of vendor evidence that is being matched.
43 */
44 private final List<EvidenceMatcher> givenVendor = new ArrayList<>();
45 /**
46 * The list of product evidence that is being matched.
47 */
48 private final List<EvidenceMatcher> givenProduct = new ArrayList<>();
49 /**
50 * The list of product evidence that is being matched.
51 */
52 private final List<EvidenceMatcher> givenVersion = new ArrayList<>();
53 /**
54 * The list of vendor hints to add.
55 */
56 private final List<Evidence> addVendor = new ArrayList<>();
57 /**
58 * The list of product evidence to add.
59 */
60 private final List<Evidence> addProduct = new ArrayList<>();
61 /**
62 * The list of version evidence to add.
63 */
64 private final List<Evidence> addVersion = new ArrayList<>();
65
66 /**
67 * The list of vendor hints to remove.
68 */
69 private final List<EvidenceMatcher> removeVendor = new ArrayList<>();
70 /**
71 * The list of product evidence to remove.
72 */
73 private final List<EvidenceMatcher> removeProduct = new ArrayList<>();
74 /**
75 * The list of version evidence to remove.
76 */
77 private final List<EvidenceMatcher> removeVersion = new ArrayList<>();
78
79 /**
80 * Adds the filename evidence to the collection.
81 *
82 * @param filename the filename to add
83 */
84 public void addFilename(PropertyType filename) {
85 this.fileNames.add(filename);
86 }
87
88 /**
89 * Returns the list of fileName evidence to match against.
90 *
91 * @return the list of fileName evidence to match against
92 */
93 public List<PropertyType> getFileNames() {
94 return fileNames;
95 }
96
97 /**
98 * Adds a given product to the list of evidence to matched.
99 *
100 * @param source the source of the evidence
101 * @param name the name of the evidence
102 * @param value the value of the evidence
103 * @param regex whether value is a regex
104 * @param confidence the confidence of the evidence
105 */
106 public void addGivenProduct(String source, String name, String value, boolean regex, Confidence confidence) {
107 givenProduct.add(new EvidenceMatcher(source, name, value, regex, confidence));
108 }
109
110 /**
111 * Get the value of givenProduct.
112 *
113 * @return the value of givenProduct
114 */
115 public List<EvidenceMatcher> getGivenProduct() {
116 return givenProduct;
117 }
118
119 /**
120 * Adds a given vendors to the list of evidence to matched.
121 *
122 * @param source the source of the evidence
123 * @param name the name of the evidence
124 * @param value the value of the evidence
125 * @param regex whether value is a regex
126 * @param confidence the confidence of the evidence
127 */
128 public void addGivenVendor(String source, String name, String value, boolean regex, Confidence confidence) {
129 givenVendor.add(new EvidenceMatcher(source, name, value, regex, confidence));
130 }
131
132 /**
133 * Get the value of givenVendor.
134 *
135 * @return the value of givenVendor
136 */
137 public List<EvidenceMatcher> getGivenVendor() {
138 return givenVendor;
139 }
140
141 /**
142 * Adds a given product to the list of evidence to add when matched.
143 *
144 * @param source the source of the evidence
145 * @param name the name of the evidence
146 * @param value the value of the evidence
147 * @param confidence the confidence of the evidence
148 */
149 public void addAddProduct(String source, String name, String value, Confidence confidence) {
150 addProduct.add(new Evidence(source, name, value, confidence, true));
151 }
152
153 /**
154 * Get the value of addProduct.
155 *
156 * @return the value of addProduct
157 */
158 public List<Evidence> getAddProduct() {
159 return addProduct;
160 }
161
162 /**
163 * Adds a given version to the list of evidence to add when matched.
164 *
165 * @param source the source of the evidence
166 * @param name the name of the evidence
167 * @param value the value of the evidence
168 * @param confidence the confidence of the evidence
169 */
170 public void addAddVersion(String source, String name, String value, Confidence confidence) {
171 addVersion.add(new Evidence(source, name, value, confidence, true));
172 }
173
174 /**
175 * Get the value of addVersion.
176 *
177 * @return the value of addVersion
178 */
179 public List<Evidence> getAddVersion() {
180 return addVersion;
181 }
182
183 /**
184 * Adds a given vendor to the list of evidence to add when matched.
185 *
186 * @param source the source of the evidence
187 * @param name the name of the evidence
188 * @param value the value of the evidence
189 * @param confidence the confidence of the evidence
190 */
191 public void addAddVendor(String source, String name, String value, Confidence confidence) {
192 addVendor.add(new Evidence(source, name, value, confidence, true));
193 }
194
195 /**
196 * Get the value of addVendor.
197 *
198 * @return the value of addVendor
199 */
200 public List<Evidence> getAddVendor() {
201 return addVendor;
202 }
203
204 /**
205 * Adds a given vendor to the list of evidence to remove when matched.
206 *
207 * @param source the source of the evidence
208 * @param name the name of the evidence
209 * @param value the value of the evidence
210 * @param regex whether value is a regex
211 * @param confidence the confidence of the evidence
212 */
213 public void addRemoveVendor(String source, String name, String value, boolean regex, Confidence confidence) {
214 removeVendor.add(new EvidenceMatcher(source, name, value, regex, confidence));
215 }
216 /**
217 * Get the value of removeVendor.
218 *
219 * @return the value of removeVendor
220 */
221 public List<EvidenceMatcher> getRemoveVendor() {
222 return removeVendor;
223 }
224 /**
225 * Adds a given product to the list of evidence to remove when matched.
226 *
227 * @param source the source of the evidence
228 * @param name the name of the evidence
229 * @param value the value of the evidence
230 * @param regex whether value is a regex
231 * @param confidence the confidence of the evidence
232 */
233 public void addRemoveProduct(String source, String name, String value, boolean regex, Confidence confidence) {
234 removeProduct.add(new EvidenceMatcher(source, name, value, regex, confidence));
235 }
236 /**
237 * Get the value of removeProduct.
238 *
239 * @return the value of removeProduct
240 */
241 public List<EvidenceMatcher> getRemoveProduct() {
242 return removeProduct;
243 }
244 /**
245 * Adds a given version to the list of evidence to remove when matched.
246 *
247 * @param source the source of the evidence
248 * @param name the name of the evidence
249 * @param value the value of the evidence
250 * @param regex whether value is a regex
251 * @param confidence the confidence of the evidence
252 */
253 public void addRemoveVersion(String source, String name, String value, boolean regex, Confidence confidence) {
254 removeVersion.add(new EvidenceMatcher(source, name, value, regex, confidence));
255 }
256 /**
257 * Get the value of removeVersion.
258 *
259 * @return the value of removeVersion
260 */
261 public List<EvidenceMatcher> getRemoveVersion() {
262 return removeVersion;
263 }
264 /**
265 * Adds a given version to the list of evidence to match.
266 *
267 * @param source the source of the evidence
268 * @param name the name of the evidence
269 * @param value the value of the evidence
270 * @param regex whether value is a regex
271 * @param confidence the confidence of the evidence
272 */
273 public void addGivenVersion(String source, String name, String value, boolean regex, Confidence confidence) {
274 givenVersion.add(new EvidenceMatcher(source, name, value, regex, confidence));
275 }
276 /**
277 * Get the value of givenVersion.
278 *
279 * @return the value of givenVersion
280 */
281 public List<EvidenceMatcher> getGivenVersion() {
282 return givenVersion;
283 }
284 }