Updated view template and details

rsenden · rsenden · commit 4497f4c59b78 · 2019-12-12T11:21:38.000+01:00
diff --git a/src/main/java/com/fortify/ssc/parser/owasp/dependencycheck/CustomVulnAttribute.java b/src/main/java/com/fortify/ssc/parser/owasp/dependencycheck/CustomVulnAttribute.java
@@ -14,7 +14,10 @@
  */
 
 public enum CustomVulnAttribute implements com.fortify.plugin.spi.VulnerabilityAttribute {
-
+	fileName(AttrType.STRING),
+	source(AttrType.STRING),
+	name(AttrType.STRING),
+	cveUrl(AttrType.STRING),
 	notes(AttrType.STRING),
 	cvssScore(AttrType.DECIMAL),
 	cvssAccessVector(AttrType.STRING),
diff --git a/src/main/java/com/fortify/ssc/parser/owasp/dependencycheck/domain/Vulnerability.java b/src/main/java/com/fortify/ssc/parser/owasp/dependencycheck/domain/Vulnerability.java
@@ -30,6 +30,7 @@
 
 @Getter
 public final class Vulnerability {
+	@JsonProperty private String source;
 	@JsonProperty private String name;
 	@JsonProperty private String severity;
 	@JsonProperty private String description;
diff --git a/src/main/java/com/fortify/ssc/parser/owasp/dependencycheck/parser/VulnerabilitiesParser.java b/src/main/java/com/fortify/ssc/parser/owasp/dependencycheck/parser/VulnerabilitiesParser.java
@@ -58,7 +58,12 @@ private final void buildVulnerability(Dependency dependency, Vulnerability vulne
 		vb.setKingdom(FortifyKingdom.ENVIRONMENT.getKingdomName());
 		vb.setAnalyzer(FortifyAnalyser.CONFIGURATION.getAnalyserName());
 		vb.setCategory("Insecure Deployment");
-		vb.setSubCategory(vulnerability.getName());
+		vb.setSubCategory("Vulnerable Dependency");
+		
+		vb.setStringCustomAttributeValue(CustomVulnAttribute.fileName, dependency.getFileName());
+		vb.setStringCustomAttributeValue(CustomVulnAttribute.source, vulnerability.getSource());
+		vb.setStringCustomAttributeValue(CustomVulnAttribute.name, vulnerability.getName());
+		vb.setStringCustomAttributeValue(CustomVulnAttribute.cveUrl, "https://nvd.nist.gov/vuln/detail/"+vulnerability.getName());
 		
 		// Set mandatory values to JavaDoc-recommended values
 		vb.setAccuracy(5.0f);
diff --git a/src/main/resources/viewtemplate/OWASPDependencyCheckTemplate.json b/src/main/resources/viewtemplate/OWASPDependencyCheckTemplate.json
@@ -2,30 +2,29 @@
 	[
 		{
 			"type": "template",
-			"title": "Description",
-			"key": "brief",
-			"templateId": "SIMPLE",
-			"dataType": "string"
-		}
-	],
-	[
-		{
-			"type": "fieldset",
-			"htmlClass": "container-spacer-bottom",
+			"title": "Details",
+			"templateId": "TITLEBOX",
 			"items": [
 				{
 					"type": "template",
 					"title": "File name",
-					"key": "fullFileName",
+					"key": "customAttributes.fileName",
 					"templateId": "SIMPLE",
 					"dataType": "string"
 				},
 				{
 					"type": "template",
-					"title": "Impact",
-					"key": "impact",
+					"title": "Vulnerability",
+					"key": "customAttributes.name",
 					"templateId": "SIMPLE",
-					"dataType": "float"
+					"dataType": "string"
+				},
+				{
+					"type": "template",
+					"title": "Source",
+					"key": "customAttributes.source",
+					"templateId": "SIMPLE",
+					"dataType": "string"
 				},
 				{
 					"type": "template",
@@ -36,18 +35,32 @@
 				},
 				{
 					"type": "template",
-					"title": "CWE's",
+					"title": "CWE",
 					"key": "customAttributes.cwes",
 					"templateId": "SIMPLE",
 					"dataType": "string"
+				},
+				{
+					"type": "template",
+					"title": "CVE URL",
+					"key": "customAttributes.cveUrl",
+					"templateId": "SIMPLE",
+					"dataType": "string"
 				}
 			]
+		},
+		{
+			"type": "template",
+			"title": "Description",
+			"key": "brief",
+			"templateId": "COLLAPSE",
+			"dataType": "string"
 		}
 	],
 	[
 		{
 			"type": "template",
-			"title": "CVSS Information",
+			"title": "CVSS 2.0",
 			"templateId": "TITLEBOX",
 			"items": [
 				{
@@ -70,31 +83,24 @@
 					"key": "customAttributes.cvssAccessComplexity",
 					"templateId": "SIMPLE",
 					"dataType": "string"
-				}
-			]
-		},
-		{
-			"type": "template",
-			"title": "CVSS IMPACT (CIA)",
-			"templateId": "TITLEBOX",
-			"items": [
+				},
 				{
 					"type": "template",
-					"title": "Confidentiality",
+					"title": "Confidentiality Impact",
 					"key": "customAttributes.cvssConfidentialImpact",
 					"templateId": "SIMPLE",
 					"dataType": "string"
 				},
 				{
 					"type": "template",
-					"title": "Integrity",
+					"title": "Integrity Impact",
 					"key": "customAttributes.cvssIntegrityImpact",
 					"templateId": "SIMPLE",
 					"dataType": "string"
 				},
 				{
 					"type": "template",
-					"title": "Availability",
+					"title": "Availability Impact",
 					"key": "customAttributes.cvssAvailabilityImpact",
 					"templateId": "SIMPLE",
 					"dataType": "string"
