├── .dockerignore ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── PULL_REQUEST_TEMPLATE.md └── main.workflow ├── .gitignore ├── .reuse └── dep5 ├── .travis.yml ├── .travis ├── .env ├── check.sh ├── check_code_style.sh ├── check_dockerfile_location.sh ├── docker_hub_push_release.sh ├── docker_hub_push_snapshot.sh ├── package_steady_cli.sh ├── settings.xml ├── skaffold.yaml └── steady-custom.properties.sample ├── CONTRIBUTING.md ├── CONTRIBUTORS.md ├── Jenkinsfile ├── LICENSE ├── LICENSES ├── Apache-2.0.txt ├── BSD-3-Clause.txt ├── EPL-1.0.txt ├── EPL-2.0.txt └── MIT.txt ├── NOTICE ├── README.md ├── SECURITY.md ├── bump-version.sh ├── cli-scanner ├── pom.xml └── src │ ├── main │ └── java │ │ └── org │ │ └── eclipse │ │ └── steady │ │ └── cli │ │ ├── VulasCli.java │ │ └── package-info.java │ └── test │ ├── java │ └── org │ │ └── eclipse │ │ └── steady │ │ └── cli │ │ ├── AbstractGoalTest.java │ │ ├── FileAnalyzerTest.java │ │ └── VulasCliTest.java │ └── resources │ ├── appfolder with space │ └── ClassWithoutPackage.class │ ├── appfolder │ └── com │ │ └── acme │ │ ├── ArchivePrinter$1$1Bar.class │ │ ├── ArchivePrinter$1.class │ │ ├── ArchivePrinter$2.class │ │ ├── ArchivePrinter$InnerNonStaticClass.class │ │ ├── ArchivePrinter$InnerStaticClass.class │ │ ├── ArchivePrinter.class │ │ ├── ArchiveServlet.class │ │ ├── HelloWorldAction.class │ │ ├── MessageStore$1$1Bar.class │ │ ├── MessageStore$1.class │ │ └── MessageStore.class │ ├── cf-helloworld │ ├── helloworld │ │ └── app.py │ └── setup.py │ ├── depfolder with space │ └── commons-compress-1.12.jar │ ├── depfolder │ ├── commons-codec-1.6.jar │ └── commons-collections-3.2.2.jar │ ├── file.java │ ├── file.py │ ├── foo │ ├── __init__.py │ ├── class_hw.py │ ├── func_hw.py │ └── hello_world.py │ └── java-app │ ├── cf1.2.2-cc1.4-xz1.0.jar │ └── com │ └── acme │ ├── ArchivePrinter.java │ ├── ArchiveServlet.java │ ├── HelloWorldAction.java │ └── MessageStore.java ├── copyright-license-header-template.txt ├── docker ├── .env.sample ├── Dockerfile ├── README.md ├── cache │ └── conf │ │ └── nginx.conf ├── docker-compose.build.yml ├── docker-compose.yml ├── frontend-apps │ ├── Dockerfile │ └── index.html ├── frontend-bugs │ └── Dockerfile ├── haproxy │ └── conf │ │ └── haproxy.cfg ├── kb-importer │ ├── Dockerfile │ ├── certs │ │ └── readme.txt │ ├── conf │ │ └── kaybeeconf.yaml.sample │ ├── kb-importer.sh │ └── start.sh ├── patch-lib-analyzer │ ├── Dockerfile │ └── run.sh ├── pipeline │ ├── Dockerfile │ └── README.md ├── postgresql │ └── conf │ │ └── 10-vulas-setup.sh ├── push-images.sh ├── readme-pages │ ├── Assessment-and-Mitigation.md │ ├── Automation.md │ ├── CLI.md │ ├── Configuration.md │ ├── Goals.md │ ├── Help.md │ ├── Java.md │ ├── Python.md │ ├── Sample-Maven-profile.md │ ├── Vulnerability-Database.md │ ├── Workspace.md │ └── dep-tree.png ├── rest-backend │ ├── Dockerfile │ ├── conf │ │ └── restbackend.properties │ └── run.sh ├── rest-lib-utils │ └── Dockerfile ├── run.sh ├── setup-steady.sh └── start-steady.sh ├── docs ├── .editorconfig ├── Dockerfile ├── README.md ├── checklinks.sh ├── docs.py ├── guidelines.md ├── mkdocs.yml ├── public.properties ├── public │ ├── content │ │ ├── about │ │ │ └── index.md │ │ ├── admin │ │ │ ├── img │ │ │ │ └── components.png │ │ │ ├── index.md │ │ │ ├── manuals │ │ │ │ └── index.md │ │ │ ├── support │ │ │ │ ├── faq.md │ │ │ │ └── getting_help.md │ │ │ └── tutorials │ │ │ │ ├── build.md │ │ │ │ ├── docker.md │ │ │ │ └── registry.md │ │ ├── blog │ │ │ └── 2018 │ │ │ │ └── index.md │ │ ├── contributor │ │ │ ├── index.md │ │ │ ├── manuals │ │ │ │ ├── index.md │ │ │ │ └── languages.md │ │ │ ├── support │ │ │ │ ├── faq.md │ │ │ │ └── getting_help.md │ │ │ └── tutorials │ │ │ │ ├── img │ │ │ │ └── vulas-mvn-modules.png │ │ │ │ ├── new_lang.md │ │ │ │ └── project_structure.md │ │ ├── css │ │ │ ├── faq.css │ │ │ ├── override.css │ │ │ └── scrollTop.css │ │ ├── images │ │ │ ├── ES-favicon-48-transparent.png │ │ │ ├── ES-logo-152-black-normal.png │ │ │ ├── ES-logo-152-transparent.png │ │ │ ├── ES-logo-152-white-normal.png │ │ │ ├── Es-favicon-32-transparent.png │ │ │ ├── components-2.png │ │ │ ├── eclipse-incubation.png │ │ │ ├── helm_architecture.drawio │ │ │ ├── helm_architecture.png │ │ │ ├── helm_database_change.drawio │ │ │ ├── helm_database_change.png │ │ │ ├── helm_db_benchmark.png │ │ │ ├── helm_postgres.drawio │ │ │ └── helm_postgres.png │ │ ├── index.md │ │ ├── js │ │ │ └── scrollTop.js │ │ ├── user │ │ │ ├── index.md │ │ │ ├── manuals │ │ │ │ ├── analysis.md │ │ │ │ ├── assess_and_mitigate.md │ │ │ │ ├── frontend.md │ │ │ │ ├── img │ │ │ │ │ ├── dep-tree.png │ │ │ │ │ ├── frontend_callers_to_be_modified.png │ │ │ │ │ ├── frontend_dependencies_details.png │ │ │ │ │ ├── frontend_dependencies_details_2.png │ │ │ │ │ ├── frontend_dependencies_overview.png │ │ │ │ │ ├── frontend_history_details.png │ │ │ │ │ ├── frontend_history_overview.png │ │ │ │ │ ├── frontend_mitigation_overview.png │ │ │ │ │ ├── frontend_search.png │ │ │ │ │ ├── frontend_start_page.png │ │ │ │ │ ├── frontend_statistics.png │ │ │ │ │ ├── frontend_vulnerabilities.png │ │ │ │ │ ├── frontend_vulnerabilities_details.png │ │ │ │ │ ├── frontend_vulnerabilities_graph.png │ │ │ │ │ ├── manual_assessment.jpg │ │ │ │ │ ├── report_core.png │ │ │ │ │ ├── report_header.png │ │ │ │ │ ├── trace_alert.png │ │ │ │ │ ├── trace_ok.png │ │ │ │ │ ├── transparent.png │ │ │ │ │ ├── version_alert.png │ │ │ │ │ ├── version_ok.png │ │ │ │ │ └── version_qmark.png │ │ │ │ ├── index.md │ │ │ │ ├── library_assessment.md │ │ │ │ ├── report.md │ │ │ │ ├── setup.md │ │ │ │ └── updating_vuln_data.md │ │ │ ├── support │ │ │ │ ├── faq.md │ │ │ │ ├── img │ │ │ │ │ ├── vulas_report_jenkins.png │ │ │ │ │ ├── vuln_rebundles.jpg │ │ │ │ │ └── vuln_references.jpg │ │ │ │ └── index.md │ │ │ └── tutorials │ │ │ │ ├── img │ │ │ │ ├── frontend_low_left.jpg │ │ │ │ ├── frontend_toolbar_choose_workspace.png │ │ │ │ ├── frontend_toolbar_create_workspace.png │ │ │ │ ├── jenkins.jpg │ │ │ │ └── vulas_report_jenkins.jpg │ │ │ │ ├── index.md │ │ │ │ ├── java_cli.md │ │ │ │ ├── java_gradle.md │ │ │ │ ├── java_maven.md │ │ │ │ ├── java_maven_advanced.md │ │ │ │ ├── jenkins_howto.md │ │ │ │ ├── partials │ │ │ │ ├── create_workspace.md │ │ │ │ └── vulas_profile.md │ │ │ │ ├── python_cli.md │ │ │ │ ├── reports.md │ │ │ │ ├── workspace_howto.md │ │ │ │ └── workspace_howto_advanced.md │ │ └── vuln_db │ │ │ └── index.md │ └── custom_theme │ │ └── main.html └── requirements.txt ├── findbugs-exclude.xml ├── findbugs-include.xml ├── frontend-apps ├── pom.xml └── src │ └── main │ ├── Version.js │ ├── exempted.png │ ├── icons.xcf │ ├── legend.xcf │ ├── loading.png │ ├── reach_legend.png │ ├── trace_alert.png │ ├── trace_legend.png │ ├── trace_ok.png │ ├── transparent.png │ ├── version_alert.png │ ├── version_legend.png │ ├── version_ok.png │ ├── version_qmark.png │ └── webapp │ ├── .xsaccess │ ├── .xsapp │ ├── Component-preload.js │ ├── MyRouter.js │ ├── WEB-INF │ └── web.xml │ ├── css │ └── style.css │ ├── helpers │ ├── basePriorityQueue.js │ ├── pqueue.js │ └── transpiled │ │ ├── basePriorityQueueES5.js │ │ └── pqueueES5.js │ ├── i18n │ ├── messageBundle.properties │ ├── messageBundle_de.properties │ ├── messageBundle_en.properties │ └── messageBundle_en_US.properties │ ├── img │ ├── exempted.png │ ├── icon.png │ ├── loading.png │ ├── reach_legend.png │ ├── touch_point.gif │ ├── trace_alert.png │ ├── trace_legend.png │ ├── trace_ok.png │ ├── transparent.png │ ├── version_alert.png │ ├── version_legend.png │ ├── version_ok.png │ └── version_qmark.png │ ├── index.html │ ├── model │ ├── Config.js │ └── Formatter.js │ └── view │ ├── App.controller.js │ ├── App.view.js │ ├── ArchiveDetail.controller.js │ ├── ArchiveDetail.view.xml │ ├── BugDetail.controller.js │ ├── BugDetail.view.xml │ ├── Component.controller.js │ ├── Component.view.xml │ ├── ExecutionDetail.controller.js │ ├── ExecutionDetail.view.xml │ ├── GraphDetail.controller.js │ ├── GraphDetail.view.xml │ ├── GraphDetailObject.js │ ├── Master.controller.js │ ├── Master.view.xml │ ├── Popover.fragment.xml │ ├── UpdateDetail.controller.js │ └── UpdateDetail.view.xml ├── frontend-bugs ├── pom.xml └── src │ └── main │ ├── Version.js │ └── webapp │ ├── .xsaccess │ ├── .xsapp │ ├── Component-preload.js │ ├── Component.js │ ├── MyRouter.js │ ├── WEB-INF │ └── web.xml │ ├── css │ └── style.css │ ├── d3.v3.min.js │ ├── i18n │ ├── messageBundle.properties │ ├── messageBundle_de.properties │ └── messageBundle_en.properties │ ├── img │ ├── alert.png │ ├── att1.png │ ├── att2.png │ ├── att3.png │ ├── icon.png │ ├── linkimage.png │ ├── maven.png │ ├── notmaven.png │ ├── ok.png │ └── q.png │ ├── index.html │ ├── model │ ├── Config.js │ ├── Formatter.js │ ├── TreeUtils.js │ └── Utils.js │ └── view │ ├── ASTViewer.controller.js │ ├── ASTViewer.view.xml │ ├── ASTViewerNew.controller.js │ ├── ASTViewerNew.view.xml │ ├── App.controller.js │ ├── App.view.js │ ├── BugDetailPatchEval.controller.js │ ├── BugDetailPatchEval.view.xml │ ├── CheckversionDetail.controller.js │ ├── CheckversionDetail.view.xml │ ├── Component.controller.js │ ├── Component.view.xml │ ├── LibDetail.controller.js │ ├── LibDetail.view.xml │ ├── Master.controller.js │ ├── Master.view.xml │ └── Popover.fragment.xml ├── kb-importer ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── kb │ │ │ ├── Main.java │ │ │ ├── command │ │ │ ├── Command.java │ │ │ ├── CommandExecutor.java │ │ │ ├── CommandParser.java │ │ │ ├── Help.java │ │ │ ├── Import.java │ │ │ └── Version.java │ │ │ ├── exception │ │ │ ├── CommandLineParserException.java │ │ │ └── ValidationException.java │ │ │ ├── model │ │ │ ├── Artifact.java │ │ │ ├── Commit.java │ │ │ ├── Note.java │ │ │ └── Vulnerability.java │ │ │ ├── task │ │ │ ├── ImportAffectedLibraries.java │ │ │ ├── ImportVulnerability.java │ │ │ ├── Task.java │ │ │ └── TaskProvider.java │ │ │ └── util │ │ │ ├── ConstructSet.java │ │ │ ├── FileComparator.java │ │ │ └── Metadata.java │ └── resources │ │ └── META-INF │ │ └── services │ │ ├── org.eclipse.steady.kb.command.Command │ │ └── org.eclipse.steady.kb.task.Task │ └── test │ ├── java │ └── org │ │ └── eclipse │ │ └── steady │ │ └── kb │ │ ├── MainTest.java │ │ ├── TestConstructs.java │ │ ├── TestPythonConstructs.java │ │ ├── ZipUtil.java │ │ ├── command │ │ ├── CommandParserTest.java │ │ └── ImportTest.java │ │ ├── task │ │ ├── MockBackConnector.java │ │ ├── TestImportAffectedLibraries.java │ │ ├── TestImportVulnerability.java │ │ └── TestImportVulnerability_CVE_2017_2617.java │ │ └── util │ │ └── MetadataTest.java │ └── resources │ ├── COLLECTIONS-580.zip │ ├── CVE-2011-4343 │ └── metadata.json │ ├── CVE-2014-0094.zip │ ├── CVE-2016-2048.zip │ ├── CVE-2017-2617.zip │ ├── commitDir1 │ └── metadata.json │ ├── testAffectedLibs │ └── metadata.json │ ├── testRootDir1 │ └── metadata.json │ ├── testRootDir2 │ └── metadata.json │ ├── testRootDir3 │ └── metadata.json │ ├── testRootDir4 │ └── metadata.json │ └── testRootDir5 │ └── metadata.json ├── lang-java-reach-soot ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── cg │ │ │ └── soot │ │ │ ├── CustomEntryPointCreator.java │ │ │ ├── SootCallgraphConstructor.java │ │ │ └── SootConfiguration.java │ └── resources │ │ ├── META-INF │ │ └── services │ │ │ └── org.eclipse.steady.cg.spi.ICallgraphConstructor │ │ └── steady-reach-soot.properties │ └── test │ ├── java │ └── SootCallGraphTest.java │ └── resources │ ├── empty.jar │ └── examples.jar ├── lang-java-reach-wala ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── cg │ │ │ └── wala │ │ │ └── WalaCallgraphConstructor.java │ └── resources │ │ ├── META-INF │ │ └── services │ │ │ └── org.eclipse.steady.cg.spi.ICallgraphConstructor │ │ └── steady-reach-wala.properties │ └── test │ ├── java │ └── org │ │ └── eclipse │ │ └── steady │ │ └── cg │ │ └── wala │ │ └── WalaCallGraphTest.java │ └── resources │ ├── ExamplesJdk17.java │ ├── empty.jar │ ├── examples.jar │ └── examplesJdk17.jar ├── lang-java-reach ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── cg │ │ │ ├── A2CGoal.java │ │ │ ├── AbstractGetPaths.java │ │ │ ├── AbstractReachGoal.java │ │ │ ├── Callgraph.java │ │ │ ├── CallgraphConstructException.java │ │ │ ├── CallgraphPathSearch.java │ │ │ ├── CallgraphReachableSearch.java │ │ │ ├── DepthFirstGetPaths.java │ │ │ ├── MethodNameFilter.java │ │ │ ├── NodeMetaInformation.java │ │ │ ├── PathSimilarity.java │ │ │ ├── PrunedGraphGetPaths.java │ │ │ ├── ReachabilityAnalyzer.java │ │ │ ├── ReachabilityConfiguration.java │ │ │ ├── T2CGoal.java │ │ │ └── spi │ │ │ ├── CallgraphConstructorFactory.java │ │ │ └── ICallgraphConstructor.java │ └── resources │ │ └── steady-reach.properties │ └── test │ ├── java │ └── org │ │ └── eclipse │ │ └── steady │ │ └── cg │ │ ├── CallgraphConstructorFactoryTest.java │ │ ├── CallgraphTest.java │ │ ├── DummyCallgraphConstructor.java │ │ └── Examples.java │ └── resources │ ├── Struts2-Dummy-Vuln.json │ └── dummy-service.jar ├── lang-java ├── pom.xml └── src │ ├── main │ ├── antlr4 │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── java │ │ │ └── antlr │ │ │ ├── JavaLexer.g4 │ │ │ └── JavaParser.g4 │ ├── java │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── java │ │ │ ├── AarAnalyzer.java │ │ │ ├── ArchiveAnalysisManager.java │ │ │ ├── ClassFileAnalyzer.java │ │ │ ├── JarAnalysisException.java │ │ │ ├── JarAnalyzer.java │ │ │ ├── JarEntryWriter.java │ │ │ ├── JarWriter.java │ │ │ ├── JavaClassId.java │ │ │ ├── JavaClassInit.java │ │ │ ├── JavaConstructorId.java │ │ │ ├── JavaEnumId.java │ │ │ ├── JavaFileAnalyzer2.java │ │ │ ├── JavaId.java │ │ │ ├── JavaInterfaceId.java │ │ │ ├── JavaMethodId.java │ │ │ ├── JavaPackageId.java │ │ │ ├── PomParser.java │ │ │ ├── SpringBootAnalyzer.java │ │ │ ├── WarAnalyzer.java │ │ │ ├── bytecode │ │ │ ├── BytecodeComparator.java │ │ │ └── ConstructBytecodeASTManager.java │ │ │ ├── decompiler │ │ │ ├── IDecompiler.java │ │ │ └── ProcyonDecompiler.java │ │ │ ├── goals │ │ │ ├── CheckBytecodeGoal.java │ │ │ └── InstrGoal.java │ │ │ ├── monitor │ │ │ ├── AbstractInstrumentor.java │ │ │ ├── ClassNameLoaderFilter.java │ │ │ ├── ClassPoolUpdater.java │ │ │ ├── ClassVisitor.java │ │ │ ├── DynamicTransformer.java │ │ │ ├── ExecutionMonitor.java │ │ │ ├── IInstrumentor.java │ │ │ ├── InstrumentationControl.java │ │ │ ├── InstrumentorFactory.java │ │ │ ├── Loader.java │ │ │ ├── LoaderFilter.java │ │ │ ├── LoaderHierarchy.java │ │ │ ├── PrintlnInstrumentor.java │ │ │ ├── UploadScheduler.java │ │ │ ├── slice │ │ │ │ └── SliceInstrumentor.java │ │ │ ├── touch │ │ │ │ ├── ConstructIdUtil.java │ │ │ │ ├── TouchPointCollector.java │ │ │ │ └── TouchPointInstrumentor.java │ │ │ └── trace │ │ │ │ ├── AbstractTraceInstrumentor.java │ │ │ │ ├── ConstructUsage.java │ │ │ │ ├── PathNode.java │ │ │ │ ├── SingleStackTraceInstrumentor.java │ │ │ │ ├── SingleTraceInstrumentor.java │ │ │ │ ├── StackTraceInstrumentor.java │ │ │ │ ├── StackTraceUtil.java │ │ │ │ └── TraceCollector.java │ │ │ ├── sign │ │ │ ├── ASTConstructBodySignature.java │ │ │ ├── ASTSignature.java │ │ │ ├── ASTSignatureChange.java │ │ │ ├── ASTSignatureComparator.java │ │ │ ├── ASTUtil.java │ │ │ ├── CompilationUtils.java │ │ │ ├── DistillerUtil.java │ │ │ ├── JavaSignatureFactory.java │ │ │ ├── UniqueNameNormalizer.java │ │ │ ├── gson │ │ │ │ ├── ASTConstructBodySignatureDeserializer.java │ │ │ │ ├── ASTConstructBodySignatureSerializer.java │ │ │ │ ├── ASTSignatureChangeDeserializer.java │ │ │ │ ├── ASTSignatureChangeSerializer.java │ │ │ │ ├── ASTSignatureDeserializer.java │ │ │ │ ├── GsonHelper.java │ │ │ │ └── package-info.java │ │ │ └── package-info.java │ │ │ └── tasks │ │ │ ├── JavaBomTask.java │ │ │ └── package-info.java │ ├── resources │ │ ├── META-INF │ │ │ └── services │ │ │ │ ├── org.eclipse.steady.FileAnalyzer │ │ │ │ ├── org.eclipse.steady.sign.SignatureFactory │ │ │ │ └── org.eclipse.steady.tasks.BomTask │ │ ├── steady-core-sign.properties │ │ └── steady-java.properties │ └── sh │ │ └── find_jars.sh │ └── test │ ├── java │ ├── ClassWithoutPackage.java │ ├── NestedDeclarationMess.java │ └── org │ │ └── eclipse │ │ └── steady │ │ └── java │ │ ├── AarAnalyzerTest.java │ │ ├── ArchiveAnalysisManagerTest.java │ │ ├── ClassFileAnalyzerTest.java │ │ ├── ClassPoolUpdaterTest.java │ │ ├── JarAnalyzerTest.java │ │ ├── JarWriterTest.java │ │ ├── JavaFileAnalyzer2Test.java │ │ ├── JavaIdTest.java │ │ ├── JsonHelperTest.java │ │ ├── PomParserTest.java │ │ ├── SpringBootAnalyzerTest.java │ │ ├── WarAnalyzerTest.java │ │ ├── decompiler │ │ └── IDecompilerTest.java │ │ ├── monitor │ │ ├── AbstractGoalTest.java │ │ ├── ClassVisitorTest.java │ │ └── ConstructTransformerTest.java │ │ ├── sign │ │ ├── ASTSignatureComparatorTest.java │ │ ├── SignatureFactoryTest.java │ │ ├── StringSimilarity.java │ │ ├── StringSimilarityLevenshtein.java │ │ ├── StringSimilarityNGrams.java │ │ ├── UniqueNamePreprocessorTest.java │ │ └── gson │ │ │ └── ASTDeserializeSignComparatorTest.java │ │ └── test │ │ ├── ConfigKey.java │ │ ├── ConfigurationKey.java │ │ ├── DrinkEnumExample.java │ │ ├── EnumTest.java │ │ ├── Generics.java │ │ ├── HelloWorldAnonymousClasses.java │ │ ├── HttpRequestCompletionLog.java │ │ ├── NestedDeclarationMess2.java │ │ ├── NestedDeclarations.java │ │ ├── OuterClass.java │ │ ├── TestAgainAnon.java │ │ ├── TestAnon.java │ │ ├── TestClass$NoNestedClass.java │ │ ├── TestInterface.java │ │ └── Vanilla.java │ └── resources │ ├── AbstractVerifier.class │ ├── ArchivePrinter$InnerNonStaticClass.class │ ├── ArchivePrinter.class │ ├── ArchivePrinter.java │ ├── BZip2CompressorOutputStream.java │ ├── Callgraph.class │ ├── Callgraph.java │ ├── DumpArchiveEntry.class │ ├── FileUploadBase$InvalidContentTypeException.class │ ├── FileUploadBase$InvalidContentTypeException.java │ ├── FileUploadBase.class │ ├── Filter.java │ ├── MultipartStream.class │ ├── OuterClass$InnerClass.class │ ├── OuterClass.class │ ├── ShortFileException.class │ ├── TarUtils.class │ ├── TarUtils.java │ ├── boot-app.jar │ ├── bugs.json │ ├── classpath │ ├── BasicClass.class │ ├── OuterClass$InnerClass.class │ ├── OuterClass.class │ ├── StaticBlock.class │ ├── StaticFields.class │ ├── StaticFinal.class │ └── StaticMethod.class │ ├── com │ └── sap │ │ └── psr │ │ └── vulas │ │ └── java │ │ └── test │ │ ├── OuterClass$InnerClass.class │ │ └── OuterClass.class │ ├── commons-compress-1.10.jar │ ├── commons-fileupload-1.3.1.jar │ ├── constructIds.json │ ├── cucumber-android-4.3.0.aar │ ├── diverse.jar │ ├── examples.jar │ ├── examples.war │ ├── junit-4.12.jar │ ├── log4j-core-2.14.0.jar │ ├── logback-android-1.1.1-11.aar │ ├── methodBody │ ├── AbstractCommonHostnameVerifier.java │ ├── AbstractCommonHostnameVerifierDef.java │ ├── AbstractCommonHostnameVerifierFix.java │ ├── AbstractVerifier.class │ ├── AbstractVerifier.java │ ├── AbstractVerifierDef.java │ ├── AbstractVerifierFix.java │ ├── BZip2CompressorOutputStream.class │ ├── BZip2CompressorOutputStream.java │ ├── BZip2CompressorOutputStreamDef.java │ ├── BZip2CompressorOutputStreamFix.java │ ├── C_MultipartStream_F │ ├── C_MultipartStream_V │ ├── FileUploadBase$FileItemIteratorImpl$FileItemStreamImpl$1.java │ ├── FileUploadBase.java │ ├── J_AbstractVerifier_F.java │ ├── J_AbstractVerifier_V.java │ ├── J_MultipartStream.java │ ├── M_getCNs_F │ ├── M_getCNs_V │ ├── MultipartStream.java │ ├── MultipartStream121.java │ ├── MultipartStreamDef.java │ ├── MultipartStreamFix.java │ ├── SevenZArchiveEntry.java │ ├── Test.java │ └── deserialize │ │ ├── signature.json │ │ ├── signatureChange.json │ │ ├── signatureDef.json │ │ ├── signatureFix.json │ │ └── signatureUnknown.json │ ├── org.apache.servicemix.bundles.jaxb-xjc-2.2.4_1.jar │ ├── org.eclipse.equinox.cm_1.0.400.v20120319-2029.jar │ ├── poi-ooxml-schemas-3.11-beta1.jar │ ├── small.war │ ├── vulnAppArchiveDependency.json │ ├── vulndepJsonExpected.json │ ├── ws_security_1438423 │ └── src │ │ ├── main │ │ └── java │ │ │ └── org │ │ │ └── apache │ │ │ └── cxf │ │ │ └── ws │ │ │ └── security │ │ │ ├── SecurityConstants.java │ │ │ ├── cache │ │ │ ├── CacheCleanupListener.java │ │ │ ├── EHCacheManagerHolder.java │ │ │ ├── EHCacheReplayCache.java │ │ │ ├── EHCacheReplayCacheFactory.java │ │ │ ├── MemoryReplayCacheFactory.java │ │ │ └── ReplayCacheFactory.java │ │ │ ├── kerberos │ │ │ ├── KerberosClient.java │ │ │ └── KerberosUtils.java │ │ │ ├── policy │ │ │ ├── SP11Constants.java │ │ │ ├── SP12Constants.java │ │ │ ├── SP13Constants.java │ │ │ ├── SPConstants.java │ │ │ ├── WSSPolicyException.java │ │ │ ├── WSSecurityPolicyLoader.java │ │ │ ├── builders │ │ │ │ ├── AlgorithmSuiteBuilder.java │ │ │ │ ├── AsymmetricBindingBuilder.java │ │ │ │ ├── ContentEncryptedElementsBuilder.java │ │ │ │ ├── EncryptedElementsBuilder.java │ │ │ │ ├── EncryptedPartsBuilder.java │ │ │ │ ├── HttpsTokenBuilder.java │ │ │ │ ├── InitiatorEncryptionTokenBuilder.java │ │ │ │ ├── InitiatorSignatureTokenBuilder.java │ │ │ │ ├── InitiatorTokenBuilder.java │ │ │ │ ├── IssuedTokenBuilder.java │ │ │ │ ├── KerberosTokenBuilder.java │ │ │ │ ├── KeyValueTokenBuilder.java │ │ │ │ ├── LayoutBuilder.java │ │ │ │ ├── ProtectionTokenBuilder.java │ │ │ │ ├── RecipientEncryptionTokenBuilder.java │ │ │ │ ├── RecipientSignatureTokenBuilder.java │ │ │ │ ├── RecipientTokenBuilder.java │ │ │ │ ├── RequiredElementsBuilder.java │ │ │ │ ├── RequiredPartsBuilder.java │ │ │ │ ├── SamlTokenBuilder.java │ │ │ │ ├── SecureConversationTokenBuilder.java │ │ │ │ ├── SecurityContextTokenBuilder.java │ │ │ │ ├── SignedElementsBuilder.java │ │ │ │ ├── SignedPartsBuilder.java │ │ │ │ ├── SpnegoContextTokenBuilder.java │ │ │ │ ├── SupportingTokens12Builder.java │ │ │ │ ├── SupportingTokensBuilder.java │ │ │ │ ├── SymmetricBindingBuilder.java │ │ │ │ ├── TransportBindingBuilder.java │ │ │ │ ├── TransportTokenBuilder.java │ │ │ │ ├── Trust10Builder.java │ │ │ │ ├── Trust13Builder.java │ │ │ │ ├── UsernameTokenBuilder.java │ │ │ │ ├── WSS10Builder.java │ │ │ │ ├── WSS11Builder.java │ │ │ │ └── X509TokenBuilder.java │ │ │ ├── custom │ │ │ │ ├── AlgorithmSuiteLoader.java │ │ │ │ ├── DefaultAlgorithmSuiteLoader.java │ │ │ │ └── GCMAlgorithmSuite.java │ │ │ ├── interceptors │ │ │ │ ├── HttpsTokenInterceptorProvider.java │ │ │ │ ├── IssuedTokenInterceptorProvider.java │ │ │ │ ├── KerberosTokenInterceptorProvider.java │ │ │ │ ├── Messages.properties │ │ │ │ ├── NegotiationUtils.java │ │ │ │ ├── STSInvoker.java │ │ │ │ ├── SamlTokenInterceptorProvider.java │ │ │ │ ├── SecureConversationInInterceptor.java │ │ │ │ ├── SecureConversationOutInterceptor.java │ │ │ │ ├── SecureConversationTokenInterceptorProvider.java │ │ │ │ ├── SecurityVerificationOutInterceptor.java │ │ │ │ ├── SpnegoContextTokenInInterceptor.java │ │ │ │ ├── SpnegoContextTokenOutInterceptor.java │ │ │ │ ├── SpnegoTokenInterceptorProvider.java │ │ │ │ ├── UsernameTokenInterceptorProvider.java │ │ │ │ ├── WSSecurityInterceptorProvider.java │ │ │ │ └── WSSecurityPolicyInterceptorProvider.java │ │ │ └── model │ │ │ │ ├── AbstractSecurityAssertion.java │ │ │ │ ├── AlgorithmSuite.java │ │ │ │ ├── AlgorithmWrapper.java │ │ │ │ ├── AsymmetricBinding.java │ │ │ │ ├── Binding.java │ │ │ │ ├── ContentEncryptedElements.java │ │ │ │ ├── EncryptionToken.java │ │ │ │ ├── Header.java │ │ │ │ ├── HttpsToken.java │ │ │ │ ├── InitiatorEncryptionToken.java │ │ │ │ ├── InitiatorSignatureToken.java │ │ │ │ ├── InitiatorToken.java │ │ │ │ ├── IssuedToken.java │ │ │ │ ├── KerberosToken.java │ │ │ │ ├── KeyValueToken.java │ │ │ │ ├── Layout.java │ │ │ │ ├── Messages.properties │ │ │ │ ├── ProtectionToken.java │ │ │ │ ├── RecipientEncryptionToken.java │ │ │ │ ├── RecipientSignatureToken.java │ │ │ │ ├── RecipientToken.java │ │ │ │ ├── RequiredElements.java │ │ │ │ ├── RequiredParts.java │ │ │ │ ├── SamlToken.java │ │ │ │ ├── SecureConversationToken.java │ │ │ │ ├── SecurityContextToken.java │ │ │ │ ├── SignatureToken.java │ │ │ │ ├── SignedEncryptedElements.java │ │ │ │ ├── SignedEncryptedParts.java │ │ │ │ ├── SpnegoContextToken.java │ │ │ │ ├── SupportingToken.java │ │ │ │ ├── SymmetricAsymmetricBindingBase.java │ │ │ │ ├── SymmetricBinding.java │ │ │ │ ├── Token.java │ │ │ │ ├── TokenWrapper.java │ │ │ │ ├── TransportBinding.java │ │ │ │ ├── TransportToken.java │ │ │ │ ├── Trust10.java │ │ │ │ ├── Trust13.java │ │ │ │ ├── UsernameToken.java │ │ │ │ ├── Wss10.java │ │ │ │ ├── Wss11.java │ │ │ │ └── X509Token.java │ │ │ ├── sts │ │ │ └── provider │ │ │ │ ├── STSException.java │ │ │ │ ├── SecurityTokenService.java │ │ │ │ ├── SecurityTokenServiceImpl.java │ │ │ │ ├── SecurityTokenServiceProvider.java │ │ │ │ └── operation │ │ │ │ ├── CancelOperation.java │ │ │ │ ├── IssueOperation.java │ │ │ │ ├── IssueSingleOperation.java │ │ │ │ ├── KeyExchangeTokenOperation.java │ │ │ │ ├── RenewOperation.java │ │ │ │ ├── RequestCollectionOperation.java │ │ │ │ └── ValidateOperation.java │ │ │ ├── tokenstore │ │ │ ├── EHCacheTokenStore.java │ │ │ ├── EHCacheTokenStoreFactory.java │ │ │ ├── MemoryTokenStore.java │ │ │ ├── MemoryTokenStoreFactory.java │ │ │ ├── SecurityToken.java │ │ │ ├── TokenStore.java │ │ │ └── TokenStoreFactory.java │ │ │ ├── trust │ │ │ ├── AbstractSTSClient.java │ │ │ ├── AuthPolicyValidatingInterceptor.java │ │ │ ├── Messages.properties │ │ │ ├── STSClient.java │ │ │ ├── STSSamlAssertionValidator.java │ │ │ ├── STSTokenValidator.java │ │ │ ├── STSUtils.java │ │ │ ├── TrustException.java │ │ │ ├── claims │ │ │ │ └── ClaimsCallback.java │ │ │ └── delegation │ │ │ │ ├── DelegationCallback.java │ │ │ │ ├── ReceivedTokenCallbackHandler.java │ │ │ │ └── WSSUsernameCallbackHandler.java │ │ │ └── wss4j │ │ │ ├── AbstractUsernameTokenAuthenticatingInterceptor.java │ │ │ ├── AbstractWSS4JInterceptor.java │ │ │ ├── CryptoCoverageChecker.java │ │ │ ├── CryptoCoverageUtil.java │ │ │ ├── DefaultCryptoCoverageChecker.java │ │ │ ├── DelegatingCallbackHandler.java │ │ │ ├── Messages.properties │ │ │ ├── PolicyBasedWSS4JInInterceptor.java │ │ │ ├── PolicyBasedWSS4JOutInterceptor.java │ │ │ ├── SAMLUtils.java │ │ │ ├── SamlTokenInterceptor.java │ │ │ ├── UsernameTokenInterceptor.java │ │ │ ├── WSS4JInInterceptor.java │ │ │ ├── WSS4JOutInterceptor.java │ │ │ ├── WSS4JTokenConverter.java │ │ │ ├── WSS4JUtils.java │ │ │ ├── policyhandlers │ │ │ ├── AbstractBindingBuilder.java │ │ │ ├── AsymmetricBindingHandler.java │ │ │ ├── SymmetricBindingHandler.java │ │ │ ├── TransportBindingHandler.java │ │ │ └── WSSecurityTokenHolder.java │ │ │ └── policyvalidators │ │ │ ├── AbstractBindingPolicyValidator.java │ │ │ ├── AbstractSamlPolicyValidator.java │ │ │ ├── AbstractSupportingTokenPolicyValidator.java │ │ │ ├── AbstractTokenPolicyValidator.java │ │ │ ├── AsymmetricBindingPolicyValidator.java │ │ │ ├── BindingPolicyValidator.java │ │ │ ├── ClaimsPolicyValidator.java │ │ │ ├── ConcreteSupportingTokenPolicyValidator.java │ │ │ ├── DefaultClaimsPolicyValidator.java │ │ │ ├── EncryptedTokenPolicyValidator.java │ │ │ ├── EndorsingEncryptedTokenPolicyValidator.java │ │ │ ├── EndorsingTokenPolicyValidator.java │ │ │ ├── IssuedTokenPolicyValidator.java │ │ │ ├── KerberosTokenPolicyValidator.java │ │ │ ├── SamlTokenPolicyValidator.java │ │ │ ├── SecurityContextTokenPolicyValidator.java │ │ │ ├── SignedEncryptedTokenPolicyValidator.java │ │ │ ├── SignedEndorsingEncryptedTokenPolicyValidator.java │ │ │ ├── SignedEndorsingTokenPolicyValidator.java │ │ │ ├── SignedTokenPolicyValidator.java │ │ │ ├── SupportingTokenPolicyValidator.java │ │ │ ├── SymmetricBindingPolicyValidator.java │ │ │ ├── TokenPolicyValidator.java │ │ │ ├── TransportBindingPolicyValidator.java │ │ │ ├── UsernameTokenPolicyValidator.java │ │ │ ├── WSS11PolicyValidator.java │ │ │ └── X509TokenPolicyValidator.java │ │ └── test │ │ └── java │ │ └── org │ │ └── apache │ │ └── cxf │ │ └── ws │ │ └── security │ │ ├── sts │ │ ├── STSClientTest.java │ │ └── provider │ │ │ ├── SecurityTokenServiceImplTest.java │ │ │ └── SecurityTokenServiceProviderTest.java │ │ ├── tokenstore │ │ ├── EHCacheTokenStoreTest.java │ │ └── MemoryTokenStoreTest.java │ │ ├── trust │ │ └── AuthPolicyValidatingInterceptorTest.java │ │ └── wss4j │ │ ├── AbstractPolicySecurityTest.java │ │ ├── AbstractSecurityTest.java │ │ ├── CryptoCoverageCheckerTest.java │ │ ├── CustomProcessor.java │ │ ├── DefaultCryptoCoverageCheckerTest.java │ │ ├── Echo.java │ │ ├── EchoImpl.java │ │ ├── KeystorePasswordCallback.java │ │ ├── PolicyBasedWss4JInOutTest.java │ │ ├── RoundTripTest.java │ │ ├── SecurityVerificationOutTest.java │ │ ├── SignatureConfirmationTest.java │ │ ├── SimpleSubjectCreatingInterceptor.java │ │ ├── TestPwdCallback.java │ │ ├── UserNameTokenAuthorizationTest.java │ │ ├── WSS4JFaultCodeTest.java │ │ ├── WSS4JInOutTest.java │ │ ├── WSS4JOutInterceptorTest.java │ │ └── saml │ │ ├── AbstractSAMLCallbackHandler.java │ │ ├── CustomSamlValidator.java │ │ ├── PolicyBasedSamlTest.java │ │ ├── SAML1CallbackHandler.java │ │ ├── SAML2CallbackHandler.java │ │ └── SamlTokenTest.java │ └── ws_security_1438424 │ └── src │ ├── main │ └── java │ │ └── org │ │ └── apache │ │ └── cxf │ │ └── ws │ │ └── security │ │ ├── SecurityConstants.java │ │ ├── cache │ │ ├── CacheCleanupListener.java │ │ ├── EHCacheManagerHolder.java │ │ ├── EHCacheReplayCache.java │ │ ├── EHCacheReplayCacheFactory.java │ │ ├── MemoryReplayCacheFactory.java │ │ └── ReplayCacheFactory.java │ │ ├── kerberos │ │ ├── KerberosClient.java │ │ └── KerberosUtils.java │ │ ├── policy │ │ ├── SP11Constants.java │ │ ├── SP12Constants.java │ │ ├── SP13Constants.java │ │ ├── SPConstants.java │ │ ├── WSSPolicyException.java │ │ ├── WSSecurityPolicyLoader.java │ │ ├── builders │ │ │ ├── AlgorithmSuiteBuilder.java │ │ │ ├── AsymmetricBindingBuilder.java │ │ │ ├── ContentEncryptedElementsBuilder.java │ │ │ ├── EncryptedElementsBuilder.java │ │ │ ├── EncryptedPartsBuilder.java │ │ │ ├── HttpsTokenBuilder.java │ │ │ ├── InitiatorEncryptionTokenBuilder.java │ │ │ ├── InitiatorSignatureTokenBuilder.java │ │ │ ├── InitiatorTokenBuilder.java │ │ │ ├── IssuedTokenBuilder.java │ │ │ ├── KerberosTokenBuilder.java │ │ │ ├── KeyValueTokenBuilder.java │ │ │ ├── LayoutBuilder.java │ │ │ ├── ProtectionTokenBuilder.java │ │ │ ├── RecipientEncryptionTokenBuilder.java │ │ │ ├── RecipientSignatureTokenBuilder.java │ │ │ ├── RecipientTokenBuilder.java │ │ │ ├── RequiredElementsBuilder.java │ │ │ ├── RequiredPartsBuilder.java │ │ │ ├── SamlTokenBuilder.java │ │ │ ├── SecureConversationTokenBuilder.java │ │ │ ├── SecurityContextTokenBuilder.java │ │ │ ├── SignedElementsBuilder.java │ │ │ ├── SignedPartsBuilder.java │ │ │ ├── SpnegoContextTokenBuilder.java │ │ │ ├── SupportingTokens12Builder.java │ │ │ ├── SupportingTokensBuilder.java │ │ │ ├── SymmetricBindingBuilder.java │ │ │ ├── TransportBindingBuilder.java │ │ │ ├── TransportTokenBuilder.java │ │ │ ├── Trust10Builder.java │ │ │ ├── Trust13Builder.java │ │ │ ├── UsernameTokenBuilder.java │ │ │ ├── WSS10Builder.java │ │ │ ├── WSS11Builder.java │ │ │ └── X509TokenBuilder.java │ │ ├── custom │ │ │ ├── AlgorithmSuiteLoader.java │ │ │ ├── DefaultAlgorithmSuiteLoader.java │ │ │ └── GCMAlgorithmSuite.java │ │ ├── interceptors │ │ │ ├── HttpsTokenInterceptorProvider.java │ │ │ ├── IssuedTokenInterceptorProvider.java │ │ │ ├── KerberosTokenInterceptorProvider.java │ │ │ ├── Messages.properties │ │ │ ├── NegotiationUtils.java │ │ │ ├── STSInvoker.java │ │ │ ├── SamlTokenInterceptorProvider.java │ │ │ ├── SecureConversationInInterceptor.java │ │ │ ├── SecureConversationOutInterceptor.java │ │ │ ├── SecureConversationTokenInterceptorProvider.java │ │ │ ├── SecurityVerificationOutInterceptor.java │ │ │ ├── SpnegoContextTokenInInterceptor.java │ │ │ ├── SpnegoContextTokenOutInterceptor.java │ │ │ ├── SpnegoTokenInterceptorProvider.java │ │ │ ├── UsernameTokenInterceptorProvider.java │ │ │ ├── WSSecurityInterceptorProvider.java │ │ │ └── WSSecurityPolicyInterceptorProvider.java │ │ └── model │ │ │ ├── AbstractSecurityAssertion.java │ │ │ ├── AlgorithmSuite.java │ │ │ ├── AlgorithmWrapper.java │ │ │ ├── AsymmetricBinding.java │ │ │ ├── Binding.java │ │ │ ├── ContentEncryptedElements.java │ │ │ ├── EncryptionToken.java │ │ │ ├── Header.java │ │ │ ├── HttpsToken.java │ │ │ ├── InitiatorEncryptionToken.java │ │ │ ├── InitiatorSignatureToken.java │ │ │ ├── InitiatorToken.java │ │ │ ├── IssuedToken.java │ │ │ ├── KerberosToken.java │ │ │ ├── KeyValueToken.java │ │ │ ├── Layout.java │ │ │ ├── Messages.properties │ │ │ ├── ProtectionToken.java │ │ │ ├── RecipientEncryptionToken.java │ │ │ ├── RecipientSignatureToken.java │ │ │ ├── RecipientToken.java │ │ │ ├── RequiredElements.java │ │ │ ├── RequiredParts.java │ │ │ ├── SamlToken.java │ │ │ ├── SecureConversationToken.java │ │ │ ├── SecurityContextToken.java │ │ │ ├── SignatureToken.java │ │ │ ├── SignedEncryptedElements.java │ │ │ ├── SignedEncryptedParts.java │ │ │ ├── SpnegoContextToken.java │ │ │ ├── SupportingToken.java │ │ │ ├── SymmetricAsymmetricBindingBase.java │ │ │ ├── SymmetricBinding.java │ │ │ ├── Token.java │ │ │ ├── TokenWrapper.java │ │ │ ├── TransportBinding.java │ │ │ ├── TransportToken.java │ │ │ ├── Trust10.java │ │ │ ├── Trust13.java │ │ │ ├── UsernameToken.java │ │ │ ├── Wss10.java │ │ │ ├── Wss11.java │ │ │ └── X509Token.java │ │ ├── sts │ │ └── provider │ │ │ ├── STSException.java │ │ │ ├── SecurityTokenService.java │ │ │ ├── SecurityTokenServiceImpl.java │ │ │ ├── SecurityTokenServiceProvider.java │ │ │ └── operation │ │ │ ├── CancelOperation.java │ │ │ ├── IssueOperation.java │ │ │ ├── IssueSingleOperation.java │ │ │ ├── KeyExchangeTokenOperation.java │ │ │ ├── RenewOperation.java │ │ │ ├── RequestCollectionOperation.java │ │ │ └── ValidateOperation.java │ │ ├── tokenstore │ │ ├── EHCacheTokenStore.java │ │ ├── EHCacheTokenStoreFactory.java │ │ ├── MemoryTokenStore.java │ │ ├── MemoryTokenStoreFactory.java │ │ ├── SecurityToken.java │ │ ├── TokenStore.java │ │ └── TokenStoreFactory.java │ │ ├── trust │ │ ├── AbstractSTSClient.java │ │ ├── AuthPolicyValidatingInterceptor.java │ │ ├── Messages.properties │ │ ├── STSClient.java │ │ ├── STSSamlAssertionValidator.java │ │ ├── STSTokenValidator.java │ │ ├── STSUtils.java │ │ ├── TrustException.java │ │ ├── claims │ │ │ └── ClaimsCallback.java │ │ └── delegation │ │ │ ├── DelegationCallback.java │ │ │ ├── ReceivedTokenCallbackHandler.java │ │ │ └── WSSUsernameCallbackHandler.java │ │ └── wss4j │ │ ├── AbstractUsernameTokenAuthenticatingInterceptor.java │ │ ├── AbstractWSS4JInterceptor.java │ │ ├── CryptoCoverageChecker.java │ │ ├── CryptoCoverageUtil.java │ │ ├── DefaultCryptoCoverageChecker.java │ │ ├── DelegatingCallbackHandler.java │ │ ├── Messages.properties │ │ ├── PolicyBasedWSS4JInInterceptor.java │ │ ├── PolicyBasedWSS4JOutInterceptor.java │ │ ├── SAMLUtils.java │ │ ├── SamlTokenInterceptor.java │ │ ├── UsernameTokenInterceptor.java │ │ ├── WSS4JInInterceptor.java │ │ ├── WSS4JOutInterceptor.java │ │ ├── WSS4JTokenConverter.java │ │ ├── WSS4JUtils.java │ │ ├── policyhandlers │ │ ├── AbstractBindingBuilder.java │ │ ├── AsymmetricBindingHandler.java │ │ ├── SymmetricBindingHandler.java │ │ ├── TransportBindingHandler.java │ │ └── WSSecurityTokenHolder.java │ │ └── policyvalidators │ │ ├── AbstractBindingPolicyValidator.java │ │ ├── AbstractSamlPolicyValidator.java │ │ ├── AbstractSupportingTokenPolicyValidator.java │ │ ├── AbstractTokenPolicyValidator.java │ │ ├── AsymmetricBindingPolicyValidator.java │ │ ├── BindingPolicyValidator.java │ │ ├── ClaimsPolicyValidator.java │ │ ├── ConcreteSupportingTokenPolicyValidator.java │ │ ├── DefaultClaimsPolicyValidator.java │ │ ├── EncryptedTokenPolicyValidator.java │ │ ├── EndorsingEncryptedTokenPolicyValidator.java │ │ ├── EndorsingTokenPolicyValidator.java │ │ ├── IssuedTokenPolicyValidator.java │ │ ├── KerberosTokenPolicyValidator.java │ │ ├── SamlTokenPolicyValidator.java │ │ ├── SecurityContextTokenPolicyValidator.java │ │ ├── SignedEncryptedTokenPolicyValidator.java │ │ ├── SignedEndorsingEncryptedTokenPolicyValidator.java │ │ ├── SignedEndorsingTokenPolicyValidator.java │ │ ├── SignedTokenPolicyValidator.java │ │ ├── SupportingTokenPolicyValidator.java │ │ ├── SymmetricBindingPolicyValidator.java │ │ ├── TokenPolicyValidator.java │ │ ├── TransportBindingPolicyValidator.java │ │ ├── UsernameTokenPolicyValidator.java │ │ ├── WSS11PolicyValidator.java │ │ └── X509TokenPolicyValidator.java │ └── test │ └── java │ └── org │ └── apache │ └── cxf │ └── ws │ └── security │ ├── sts │ ├── STSClientTest.java │ └── provider │ │ ├── SecurityTokenServiceImplTest.java │ │ └── SecurityTokenServiceProviderTest.java │ ├── tokenstore │ ├── EHCacheTokenStoreTest.java │ └── MemoryTokenStoreTest.java │ ├── trust │ └── AuthPolicyValidatingInterceptorTest.java │ └── wss4j │ ├── AbstractPolicySecurityTest.java │ ├── AbstractSecurityTest.java │ ├── CryptoCoverageCheckerTest.java │ ├── CustomProcessor.java │ ├── DefaultCryptoCoverageCheckerTest.java │ ├── Echo.java │ ├── EchoImpl.java │ ├── KeystorePasswordCallback.java │ ├── PolicyBasedWss4JInOutTest.java │ ├── RoundTripTest.java │ ├── SecurityVerificationOutTest.java │ ├── SignatureConfirmationTest.java │ ├── SimpleSubjectCreatingInterceptor.java │ ├── TestPwdCallback.java │ ├── UserNameTokenAuthorizationTest.java │ ├── WSS4JFaultCodeTest.java │ ├── WSS4JInOutTest.java │ ├── WSS4JOutInterceptorTest.java │ └── saml │ ├── AbstractSAMLCallbackHandler.java │ ├── CustomSamlValidator.java │ ├── PolicyBasedSamlTest.java │ ├── SAML1CallbackHandler.java │ ├── SAML2CallbackHandler.java │ └── SamlTokenTest.java ├── lang-python ├── pom.xml └── src │ ├── main │ ├── antlr4 │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── python │ │ │ └── antlr │ │ │ ├── python3 │ │ │ └── Python3.g4 │ │ │ └── python335 │ │ │ └── Python335.g4 │ ├── java │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── python │ │ │ ├── ProcessWrapper.java │ │ │ ├── ProcessWrapperException.java │ │ │ ├── Python335FileAnalyzer.java │ │ │ ├── Python3FileAnalyzer.java │ │ │ ├── PythonArchiveAnalyzer.java │ │ │ ├── PythonFileAnalyzer.java │ │ │ ├── PythonId.java │ │ │ ├── pip │ │ │ ├── PipInstalledPackage.java │ │ │ ├── PipWrapper.java │ │ │ ├── PyWrapper.java │ │ │ └── package-info.java │ │ │ ├── sign │ │ │ ├── PythonConstructDigest.java │ │ │ ├── PythonConstructDigestDeserializer.java │ │ │ ├── PythonConstructDigestSerializer.java │ │ │ └── PythonSignatureFactory.java │ │ │ ├── tasks │ │ │ ├── PythonBomTask.java │ │ │ └── package-info.java │ │ │ ├── utils │ │ │ └── PythonConfiguration.java │ │ │ └── virtualenv │ │ │ ├── VirtualenvWrapper.java │ │ │ └── package-info.java │ └── resources │ │ ├── META-INF │ │ └── services │ │ │ ├── org.eclipse.steady.FileAnalyzer │ │ │ ├── org.eclipse.steady.sign.SignatureFactory │ │ │ └── org.eclipse.steady.tasks.BomTask │ │ └── steady-python.properties │ └── test │ ├── java │ └── org │ │ └── eclipse │ │ └── steady │ │ └── python │ │ ├── ProcessWrapperTest.java │ │ ├── PythonArchiveAnalyzerTest.java │ │ ├── PythonFileAnalyzerTest.java │ │ ├── pip │ │ ├── PipInstalledPackageTest.java │ │ ├── PipWrapperTest.java │ │ └── PyWrapperTest.java │ │ └── virtualenv │ │ └── VirtualenvWrapperTest.java │ └── resources │ ├── async.py │ ├── cf-helloworld │ ├── helloworld │ │ └── app.py │ └── setup.py │ ├── corecffi.py │ ├── flask-oidc_e4ce5 │ └── flask_oidc │ │ └── __init__.py │ ├── flask-oidc_f2ef8 │ └── flask_oidc │ │ └── __init__.py │ ├── gevent-1.2.2-cp35-cp35m-win_amd64.whl │ ├── gunicorn-19.7.1-py2.py3-none-any.whl │ ├── itsdangerous-0.24-monotonic-1.3.tar.gz │ ├── itsdangerous-0.24.tar.gz │ ├── monotonic-1.3-py2.py3-none-any.whl │ ├── pandas-0.22.0-cp36-cp36m-win_amd64.whl │ ├── pip-download-out-1.txt │ ├── pip-download-out-2.txt │ ├── pip-install-out.txt │ ├── pip-list-new.json │ ├── pip-list-old.json │ ├── python2_syntax.py │ ├── setuptools_git-1.2-py3.6.egg │ ├── testapp │ └── foo │ │ ├── __init__.py │ │ ├── class_hw.py │ │ ├── func_hw.py │ │ └── hello_world.py │ ├── tiny_py_interpreter │ ├── setup.py │ ├── test_entryp.py │ └── tinypy │ │ ├── AST │ │ ├── __init__.py │ │ ├── ast.py │ │ ├── builder │ │ │ ├── Builder.py │ │ │ ├── ExprVisitor.py │ │ │ ├── StmtVisitor.py │ │ │ └── __init__.py │ │ ├── expr.py │ │ └── stmt.py │ │ ├── __init__.py │ │ ├── parser │ │ ├── CST.py │ │ ├── CustomLexer.py │ │ ├── Errors.py │ │ ├── Utils.py │ │ └── __init__.py │ │ ├── run_tests.py │ │ ├── runtime │ │ ├── Errors.py │ │ ├── Memory.py │ │ └── __init__.py │ │ ├── shell │ │ ├── __init__.py │ │ └── shell.py │ │ ├── tests │ │ ├── binarysearch.py │ │ ├── ethiopian.py │ │ ├── euler04.py │ │ ├── euler38.py │ │ ├── factorial.py │ │ ├── fibo1.py │ │ ├── fibo2.py │ │ ├── fibo3.py │ │ ├── file.py │ │ ├── fizzbuzz.py │ │ ├── fizzbuzz2.py │ │ ├── flow1.py │ │ ├── gcd.py │ │ ├── logic.py │ │ ├── mergesort1.py │ │ ├── numbers1.py │ │ ├── parenbalance.py │ │ ├── parens.py │ │ ├── quicksort.py │ │ ├── scope1.py │ │ ├── scope2.py │ │ ├── shell │ │ │ ├── assignment.py │ │ │ ├── control_flow.py │ │ │ ├── debug.py │ │ │ ├── dedents.py │ │ │ ├── lcm.py │ │ │ └── statement_lists.py │ │ ├── trailing_dedents.py │ │ └── unicode1.py │ │ └── tinypyapp.py │ └── vulas_python_testapp │ ├── manage.py │ ├── setup.py │ ├── testapp │ ├── __init__.py │ ├── admin.py │ ├── migrations │ │ └── __init__.py │ ├── models.py │ ├── testinput │ │ ├── subdir │ │ │ └── test3.py │ │ ├── test.py │ │ └── test2.py │ ├── tests.py │ ├── urls.py │ └── views.py │ └── vulas_python_testapp │ ├── __init__.py │ ├── settings.py │ ├── urls.py │ └── wsgi.py ├── lang ├── pom.xml └── src │ ├── main │ ├── java │ │ ├── Java.tokens │ │ ├── JavaLexer.tokens │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ ├── Construct.java │ │ │ ├── ConstructChange.java │ │ │ ├── ConstructId.java │ │ │ ├── DirAnalyzer.java │ │ │ ├── FileAnalysisException.java │ │ │ ├── FileAnalyzer.java │ │ │ ├── FileAnalyzerFactory.java │ │ │ ├── backend │ │ │ ├── BackendConnectionException.java │ │ │ ├── BackendConnector.java │ │ │ ├── EntityNotFoundInBackendException.java │ │ │ ├── HttpMethod.java │ │ │ ├── HttpResponse.java │ │ │ └── requests │ │ │ │ ├── AbstractHttpRequest.java │ │ │ │ ├── BasicHttpRequest.java │ │ │ │ ├── ConditionalHttpRequest.java │ │ │ │ ├── ContentCondition.java │ │ │ │ ├── HttpRequest.java │ │ │ │ ├── HttpRequestList.java │ │ │ │ ├── PutLibraryCondition.java │ │ │ │ ├── RequestRepeater.java │ │ │ │ ├── ResponseCondition.java │ │ │ │ ├── StatusCondition.java │ │ │ │ └── package-info.java │ │ │ ├── core │ │ │ └── util │ │ │ │ ├── CoreConfiguration.java │ │ │ │ ├── SignatureConfiguration.java │ │ │ │ └── package-info.java │ │ │ ├── goals │ │ │ ├── AbstractAppGoal.java │ │ │ ├── AbstractGoal.java │ │ │ ├── AbstractSpaceGoal.java │ │ │ ├── BomGoal.java │ │ │ ├── CheckverGoal.java │ │ │ ├── CleanGoal.java │ │ │ ├── ExecutionObserver.java │ │ │ ├── GoalConfigurationException.java │ │ │ ├── GoalContext.java │ │ │ ├── GoalExecutionException.java │ │ │ ├── GoalExecutor.java │ │ │ ├── GoalFactory.java │ │ │ ├── ReportException.java │ │ │ ├── ReportGoal.java │ │ │ ├── SequenceGoal.java │ │ │ ├── SpaceCleanGoal.java │ │ │ ├── SpaceDelGoal.java │ │ │ ├── SpaceModGoal.java │ │ │ ├── SpaceNewGoal.java │ │ │ ├── TestGoal.java │ │ │ ├── UploadGoal.java │ │ │ └── package-info.java │ │ │ ├── malice │ │ │ ├── MaliciousnessAnalysisResult.java │ │ │ ├── MaliciousnessAnalyzer.java │ │ │ ├── MaliciousnessAnalyzerLoop.java │ │ │ └── ZipSlipAnalyzer.java │ │ │ ├── report │ │ │ └── Report.java │ │ │ ├── sign │ │ │ ├── Signature.java │ │ │ ├── SignatureAnalysis.java │ │ │ ├── SignatureChange.java │ │ │ ├── SignatureComparator.java │ │ │ └── SignatureFactory.java │ │ │ └── tasks │ │ │ ├── AbstractBomTask.java │ │ │ ├── AbstractTask.java │ │ │ ├── BomTask.java │ │ │ ├── ReachTask.java │ │ │ ├── Task.java │ │ │ └── package-info.java │ └── resources │ │ ├── META-INF │ │ └── services │ │ │ ├── org.eclipse.steady.FileAnalyzer │ │ │ └── org.eclipse.steady.malice.MaliciousnessAnalyzer │ │ ├── steady-core-sign.properties │ │ ├── steady-core.properties │ │ ├── steady-tenant.properties │ │ ├── velocity_template.html │ │ ├── velocity_template.json │ │ └── velocity_template.xml │ └── test │ ├── java │ └── org │ │ └── eclipse │ │ └── steady │ │ ├── goals │ │ ├── AbstractGoalTest.java │ │ ├── BomGoalTest.java │ │ ├── CleanGoalTest.java │ │ ├── SpaceDelGoalTest.java │ │ └── SpaceNewGoalTest.java │ │ ├── malice │ │ ├── MaliciousnessAnalyzerLoopTest.java │ │ └── ZipSlipAnalyzerTest.java │ │ └── report │ │ └── ReportTest.java │ └── resources │ ├── no-zip-slip.zip │ ├── vuln_deps_actual.json │ ├── vuln_deps_hist.json │ ├── zip-slip-win.tar │ ├── zip-slip-win.zip │ ├── zip-slip.jar │ ├── zip-slip.tar │ └── zip-slip.zip ├── lib ├── changedistiller-0.0.4-SNAPSHOT.jar └── dependency-finder-1.2.1-beta5-log4j.jar ├── patch-analyzer ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── patcha │ │ │ ├── FileComparator.java │ │ │ ├── PatchAnalyzer.java │ │ │ ├── PatchaConfiguration.java │ │ │ └── VulasProxySelector.java │ └── resources │ │ └── steady-patcha.properties │ └── test │ ├── java │ └── org │ │ └── eclipse │ │ └── steady │ │ └── patcha │ │ ├── FileComparatorTest.java │ │ └── IT01_PatchAnalyzerIT.java │ └── resources │ ├── flask-oidc_e4ce5 │ └── flask_oidc │ │ └── __init__.py │ ├── flask-oidc_f2ef8 │ └── flask_oidc │ │ └── __init__.py │ ├── ws_security_1438423 │ └── src │ │ ├── main │ │ └── java │ │ │ └── org │ │ │ └── apache │ │ │ └── cxf │ │ │ └── ws │ │ │ └── security │ │ │ ├── SecurityConstants.java │ │ │ ├── cache │ │ │ ├── CacheCleanupListener.java │ │ │ ├── EHCacheManagerHolder.java │ │ │ ├── EHCacheReplayCache.java │ │ │ ├── EHCacheReplayCacheFactory.java │ │ │ ├── MemoryReplayCacheFactory.java │ │ │ └── ReplayCacheFactory.java │ │ │ ├── kerberos │ │ │ ├── KerberosClient.java │ │ │ └── KerberosUtils.java │ │ │ ├── policy │ │ │ ├── SP11Constants.java │ │ │ ├── SP12Constants.java │ │ │ ├── SP13Constants.java │ │ │ ├── SPConstants.java │ │ │ ├── WSSPolicyException.java │ │ │ ├── WSSecurityPolicyLoader.java │ │ │ ├── builders │ │ │ │ ├── AlgorithmSuiteBuilder.java │ │ │ │ ├── AsymmetricBindingBuilder.java │ │ │ │ ├── ContentEncryptedElementsBuilder.java │ │ │ │ ├── EncryptedElementsBuilder.java │ │ │ │ ├── EncryptedPartsBuilder.java │ │ │ │ ├── HttpsTokenBuilder.java │ │ │ │ ├── InitiatorEncryptionTokenBuilder.java │ │ │ │ ├── InitiatorSignatureTokenBuilder.java │ │ │ │ ├── InitiatorTokenBuilder.java │ │ │ │ ├── IssuedTokenBuilder.java │ │ │ │ ├── KerberosTokenBuilder.java │ │ │ │ ├── KeyValueTokenBuilder.java │ │ │ │ ├── LayoutBuilder.java │ │ │ │ ├── ProtectionTokenBuilder.java │ │ │ │ ├── RecipientEncryptionTokenBuilder.java │ │ │ │ ├── RecipientSignatureTokenBuilder.java │ │ │ │ ├── RecipientTokenBuilder.java │ │ │ │ ├── RequiredElementsBuilder.java │ │ │ │ ├── RequiredPartsBuilder.java │ │ │ │ ├── SamlTokenBuilder.java │ │ │ │ ├── SecureConversationTokenBuilder.java │ │ │ │ ├── SecurityContextTokenBuilder.java │ │ │ │ ├── SignedElementsBuilder.java │ │ │ │ ├── SignedPartsBuilder.java │ │ │ │ ├── SpnegoContextTokenBuilder.java │ │ │ │ ├── SupportingTokens12Builder.java │ │ │ │ ├── SupportingTokensBuilder.java │ │ │ │ ├── SymmetricBindingBuilder.java │ │ │ │ ├── TransportBindingBuilder.java │ │ │ │ ├── TransportTokenBuilder.java │ │ │ │ ├── Trust10Builder.java │ │ │ │ ├── Trust13Builder.java │ │ │ │ ├── UsernameTokenBuilder.java │ │ │ │ ├── WSS10Builder.java │ │ │ │ ├── WSS11Builder.java │ │ │ │ └── X509TokenBuilder.java │ │ │ ├── custom │ │ │ │ ├── AlgorithmSuiteLoader.java │ │ │ │ ├── DefaultAlgorithmSuiteLoader.java │ │ │ │ └── GCMAlgorithmSuite.java │ │ │ ├── interceptors │ │ │ │ ├── HttpsTokenInterceptorProvider.java │ │ │ │ ├── IssuedTokenInterceptorProvider.java │ │ │ │ ├── KerberosTokenInterceptorProvider.java │ │ │ │ ├── Messages.properties │ │ │ │ ├── NegotiationUtils.java │ │ │ │ ├── STSInvoker.java │ │ │ │ ├── SamlTokenInterceptorProvider.java │ │ │ │ ├── SecureConversationInInterceptor.java │ │ │ │ ├── SecureConversationOutInterceptor.java │ │ │ │ ├── SecureConversationTokenInterceptorProvider.java │ │ │ │ ├── SecurityVerificationOutInterceptor.java │ │ │ │ ├── SpnegoContextTokenInInterceptor.java │ │ │ │ ├── SpnegoContextTokenOutInterceptor.java │ │ │ │ ├── SpnegoTokenInterceptorProvider.java │ │ │ │ ├── UsernameTokenInterceptorProvider.java │ │ │ │ ├── WSSecurityInterceptorProvider.java │ │ │ │ └── WSSecurityPolicyInterceptorProvider.java │ │ │ └── model │ │ │ │ ├── AbstractSecurityAssertion.java │ │ │ │ ├── AlgorithmSuite.java │ │ │ │ ├── AlgorithmWrapper.java │ │ │ │ ├── AsymmetricBinding.java │ │ │ │ ├── Binding.java │ │ │ │ ├── ContentEncryptedElements.java │ │ │ │ ├── EncryptionToken.java │ │ │ │ ├── Header.java │ │ │ │ ├── HttpsToken.java │ │ │ │ ├── InitiatorEncryptionToken.java │ │ │ │ ├── InitiatorSignatureToken.java │ │ │ │ ├── InitiatorToken.java │ │ │ │ ├── IssuedToken.java │ │ │ │ ├── KerberosToken.java │ │ │ │ ├── KeyValueToken.java │ │ │ │ ├── Layout.java │ │ │ │ ├── Messages.properties │ │ │ │ ├── ProtectionToken.java │ │ │ │ ├── RecipientEncryptionToken.java │ │ │ │ ├── RecipientSignatureToken.java │ │ │ │ ├── RecipientToken.java │ │ │ │ ├── RequiredElements.java │ │ │ │ ├── RequiredParts.java │ │ │ │ ├── SamlToken.java │ │ │ │ ├── SecureConversationToken.java │ │ │ │ ├── SecurityContextToken.java │ │ │ │ ├── SignatureToken.java │ │ │ │ ├── SignedEncryptedElements.java │ │ │ │ ├── SignedEncryptedParts.java │ │ │ │ ├── SpnegoContextToken.java │ │ │ │ ├── SupportingToken.java │ │ │ │ ├── SymmetricAsymmetricBindingBase.java │ │ │ │ ├── SymmetricBinding.java │ │ │ │ ├── Token.java │ │ │ │ ├── TokenWrapper.java │ │ │ │ ├── TransportBinding.java │ │ │ │ ├── TransportToken.java │ │ │ │ ├── Trust10.java │ │ │ │ ├── Trust13.java │ │ │ │ ├── UsernameToken.java │ │ │ │ ├── Wss10.java │ │ │ │ ├── Wss11.java │ │ │ │ └── X509Token.java │ │ │ ├── sts │ │ │ └── provider │ │ │ │ ├── STSException.java │ │ │ │ ├── SecurityTokenService.java │ │ │ │ ├── SecurityTokenServiceImpl.java │ │ │ │ ├── SecurityTokenServiceProvider.java │ │ │ │ └── operation │ │ │ │ ├── CancelOperation.java │ │ │ │ ├── IssueOperation.java │ │ │ │ ├── IssueSingleOperation.java │ │ │ │ ├── KeyExchangeTokenOperation.java │ │ │ │ ├── RenewOperation.java │ │ │ │ ├── RequestCollectionOperation.java │ │ │ │ └── ValidateOperation.java │ │ │ ├── tokenstore │ │ │ ├── EHCacheTokenStore.java │ │ │ ├── EHCacheTokenStoreFactory.java │ │ │ ├── MemoryTokenStore.java │ │ │ ├── MemoryTokenStoreFactory.java │ │ │ ├── SecurityToken.java │ │ │ ├── TokenStore.java │ │ │ └── TokenStoreFactory.java │ │ │ ├── trust │ │ │ ├── AbstractSTSClient.java │ │ │ ├── AuthPolicyValidatingInterceptor.java │ │ │ ├── Messages.properties │ │ │ ├── STSClient.java │ │ │ ├── STSSamlAssertionValidator.java │ │ │ ├── STSTokenValidator.java │ │ │ ├── STSUtils.java │ │ │ ├── TrustException.java │ │ │ ├── claims │ │ │ │ └── ClaimsCallback.java │ │ │ └── delegation │ │ │ │ ├── DelegationCallback.java │ │ │ │ ├── ReceivedTokenCallbackHandler.java │ │ │ │ └── WSSUsernameCallbackHandler.java │ │ │ └── wss4j │ │ │ ├── AbstractUsernameTokenAuthenticatingInterceptor.java │ │ │ ├── AbstractWSS4JInterceptor.java │ │ │ ├── CryptoCoverageChecker.java │ │ │ ├── CryptoCoverageUtil.java │ │ │ ├── DefaultCryptoCoverageChecker.java │ │ │ ├── DelegatingCallbackHandler.java │ │ │ ├── Messages.properties │ │ │ ├── PolicyBasedWSS4JInInterceptor.java │ │ │ ├── PolicyBasedWSS4JOutInterceptor.java │ │ │ ├── SAMLUtils.java │ │ │ ├── SamlTokenInterceptor.java │ │ │ ├── UsernameTokenInterceptor.java │ │ │ ├── WSS4JInInterceptor.java │ │ │ ├── WSS4JOutInterceptor.java │ │ │ ├── WSS4JTokenConverter.java │ │ │ ├── WSS4JUtils.java │ │ │ ├── policyhandlers │ │ │ ├── AbstractBindingBuilder.java │ │ │ ├── AsymmetricBindingHandler.java │ │ │ ├── SymmetricBindingHandler.java │ │ │ ├── TransportBindingHandler.java │ │ │ └── WSSecurityTokenHolder.java │ │ │ └── policyvalidators │ │ │ ├── AbstractBindingPolicyValidator.java │ │ │ ├── AbstractSamlPolicyValidator.java │ │ │ ├── AbstractSupportingTokenPolicyValidator.java │ │ │ ├── AbstractTokenPolicyValidator.java │ │ │ ├── AsymmetricBindingPolicyValidator.java │ │ │ ├── BindingPolicyValidator.java │ │ │ ├── ClaimsPolicyValidator.java │ │ │ ├── ConcreteSupportingTokenPolicyValidator.java │ │ │ ├── DefaultClaimsPolicyValidator.java │ │ │ ├── EncryptedTokenPolicyValidator.java │ │ │ ├── EndorsingEncryptedTokenPolicyValidator.java │ │ │ ├── EndorsingTokenPolicyValidator.java │ │ │ ├── IssuedTokenPolicyValidator.java │ │ │ ├── KerberosTokenPolicyValidator.java │ │ │ ├── SamlTokenPolicyValidator.java │ │ │ ├── SecurityContextTokenPolicyValidator.java │ │ │ ├── SignedEncryptedTokenPolicyValidator.java │ │ │ ├── SignedEndorsingEncryptedTokenPolicyValidator.java │ │ │ ├── SignedEndorsingTokenPolicyValidator.java │ │ │ ├── SignedTokenPolicyValidator.java │ │ │ ├── SupportingTokenPolicyValidator.java │ │ │ ├── SymmetricBindingPolicyValidator.java │ │ │ ├── TokenPolicyValidator.java │ │ │ ├── TransportBindingPolicyValidator.java │ │ │ ├── UsernameTokenPolicyValidator.java │ │ │ ├── WSS11PolicyValidator.java │ │ │ └── X509TokenPolicyValidator.java │ │ └── test │ │ └── java │ │ └── org │ │ └── apache │ │ └── cxf │ │ └── ws │ │ └── security │ │ ├── sts │ │ ├── STSClientTest.java │ │ └── provider │ │ │ ├── SecurityTokenServiceImplTest.java │ │ │ └── SecurityTokenServiceProviderTest.java │ │ ├── tokenstore │ │ ├── EHCacheTokenStoreTest.java │ │ └── MemoryTokenStoreTest.java │ │ ├── trust │ │ └── AuthPolicyValidatingInterceptorTest.java │ │ └── wss4j │ │ ├── AbstractPolicySecurityTest.java │ │ ├── AbstractSecurityTest.java │ │ ├── CryptoCoverageCheckerTest.java │ │ ├── CustomProcessor.java │ │ ├── DefaultCryptoCoverageCheckerTest.java │ │ ├── Echo.java │ │ ├── EchoImpl.java │ │ ├── KeystorePasswordCallback.java │ │ ├── PolicyBasedWss4JInOutTest.java │ │ ├── RoundTripTest.java │ │ ├── SecurityVerificationOutTest.java │ │ ├── SignatureConfirmationTest.java │ │ ├── SimpleSubjectCreatingInterceptor.java │ │ ├── TestPwdCallback.java │ │ ├── UserNameTokenAuthorizationTest.java │ │ ├── WSS4JFaultCodeTest.java │ │ ├── WSS4JInOutTest.java │ │ ├── WSS4JOutInterceptorTest.java │ │ └── saml │ │ ├── AbstractSAMLCallbackHandler.java │ │ ├── CustomSamlValidator.java │ │ ├── PolicyBasedSamlTest.java │ │ ├── SAML1CallbackHandler.java │ │ ├── SAML2CallbackHandler.java │ │ └── SamlTokenTest.java │ └── ws_security_1438424 │ └── src │ ├── main │ └── java │ │ └── org │ │ └── apache │ │ └── cxf │ │ └── ws │ │ └── security │ │ ├── SecurityConstants.java │ │ ├── cache │ │ ├── CacheCleanupListener.java │ │ ├── EHCacheManagerHolder.java │ │ ├── EHCacheReplayCache.java │ │ ├── EHCacheReplayCacheFactory.java │ │ ├── MemoryReplayCacheFactory.java │ │ └── ReplayCacheFactory.java │ │ ├── kerberos │ │ ├── KerberosClient.java │ │ └── KerberosUtils.java │ │ ├── policy │ │ ├── SP11Constants.java │ │ ├── SP12Constants.java │ │ ├── SP13Constants.java │ │ ├── SPConstants.java │ │ ├── WSSPolicyException.java │ │ ├── WSSecurityPolicyLoader.java │ │ ├── builders │ │ │ ├── AlgorithmSuiteBuilder.java │ │ │ ├── AsymmetricBindingBuilder.java │ │ │ ├── ContentEncryptedElementsBuilder.java │ │ │ ├── EncryptedElementsBuilder.java │ │ │ ├── EncryptedPartsBuilder.java │ │ │ ├── HttpsTokenBuilder.java │ │ │ ├── InitiatorEncryptionTokenBuilder.java │ │ │ ├── InitiatorSignatureTokenBuilder.java │ │ │ ├── InitiatorTokenBuilder.java │ │ │ ├── IssuedTokenBuilder.java │ │ │ ├── KerberosTokenBuilder.java │ │ │ ├── KeyValueTokenBuilder.java │ │ │ ├── LayoutBuilder.java │ │ │ ├── ProtectionTokenBuilder.java │ │ │ ├── RecipientEncryptionTokenBuilder.java │ │ │ ├── RecipientSignatureTokenBuilder.java │ │ │ ├── RecipientTokenBuilder.java │ │ │ ├── RequiredElementsBuilder.java │ │ │ ├── RequiredPartsBuilder.java │ │ │ ├── SamlTokenBuilder.java │ │ │ ├── SecureConversationTokenBuilder.java │ │ │ ├── SecurityContextTokenBuilder.java │ │ │ ├── SignedElementsBuilder.java │ │ │ ├── SignedPartsBuilder.java │ │ │ ├── SpnegoContextTokenBuilder.java │ │ │ ├── SupportingTokens12Builder.java │ │ │ ├── SupportingTokensBuilder.java │ │ │ ├── SymmetricBindingBuilder.java │ │ │ ├── TransportBindingBuilder.java │ │ │ ├── TransportTokenBuilder.java │ │ │ ├── Trust10Builder.java │ │ │ ├── Trust13Builder.java │ │ │ ├── UsernameTokenBuilder.java │ │ │ ├── WSS10Builder.java │ │ │ ├── WSS11Builder.java │ │ │ └── X509TokenBuilder.java │ │ ├── custom │ │ │ ├── AlgorithmSuiteLoader.java │ │ │ ├── DefaultAlgorithmSuiteLoader.java │ │ │ └── GCMAlgorithmSuite.java │ │ ├── interceptors │ │ │ ├── HttpsTokenInterceptorProvider.java │ │ │ ├── IssuedTokenInterceptorProvider.java │ │ │ ├── KerberosTokenInterceptorProvider.java │ │ │ ├── Messages.properties │ │ │ ├── NegotiationUtils.java │ │ │ ├── STSInvoker.java │ │ │ ├── SamlTokenInterceptorProvider.java │ │ │ ├── SecureConversationInInterceptor.java │ │ │ ├── SecureConversationOutInterceptor.java │ │ │ ├── SecureConversationTokenInterceptorProvider.java │ │ │ ├── SecurityVerificationOutInterceptor.java │ │ │ ├── SpnegoContextTokenInInterceptor.java │ │ │ ├── SpnegoContextTokenOutInterceptor.java │ │ │ ├── SpnegoTokenInterceptorProvider.java │ │ │ ├── UsernameTokenInterceptorProvider.java │ │ │ ├── WSSecurityInterceptorProvider.java │ │ │ └── WSSecurityPolicyInterceptorProvider.java │ │ └── model │ │ │ ├── AbstractSecurityAssertion.java │ │ │ ├── AlgorithmSuite.java │ │ │ ├── AlgorithmWrapper.java │ │ │ ├── AsymmetricBinding.java │ │ │ ├── Binding.java │ │ │ ├── ContentEncryptedElements.java │ │ │ ├── EncryptionToken.java │ │ │ ├── Header.java │ │ │ ├── HttpsToken.java │ │ │ ├── InitiatorEncryptionToken.java │ │ │ ├── InitiatorSignatureToken.java │ │ │ ├── InitiatorToken.java │ │ │ ├── IssuedToken.java │ │ │ ├── KerberosToken.java │ │ │ ├── KeyValueToken.java │ │ │ ├── Layout.java │ │ │ ├── Messages.properties │ │ │ ├── ProtectionToken.java │ │ │ ├── RecipientEncryptionToken.java │ │ │ ├── RecipientSignatureToken.java │ │ │ ├── RecipientToken.java │ │ │ ├── RequiredElements.java │ │ │ ├── RequiredParts.java │ │ │ ├── SamlToken.java │ │ │ ├── SecureConversationToken.java │ │ │ ├── SecurityContextToken.java │ │ │ ├── SignatureToken.java │ │ │ ├── SignedEncryptedElements.java │ │ │ ├── SignedEncryptedParts.java │ │ │ ├── SpnegoContextToken.java │ │ │ ├── SupportingToken.java │ │ │ ├── SymmetricAsymmetricBindingBase.java │ │ │ ├── SymmetricBinding.java │ │ │ ├── Token.java │ │ │ ├── TokenWrapper.java │ │ │ ├── TransportBinding.java │ │ │ ├── TransportToken.java │ │ │ ├── Trust10.java │ │ │ ├── Trust13.java │ │ │ ├── UsernameToken.java │ │ │ ├── Wss10.java │ │ │ ├── Wss11.java │ │ │ └── X509Token.java │ │ ├── sts │ │ └── provider │ │ │ ├── STSException.java │ │ │ ├── SecurityTokenService.java │ │ │ ├── SecurityTokenServiceImpl.java │ │ │ ├── SecurityTokenServiceProvider.java │ │ │ └── operation │ │ │ ├── CancelOperation.java │ │ │ ├── IssueOperation.java │ │ │ ├── IssueSingleOperation.java │ │ │ ├── KeyExchangeTokenOperation.java │ │ │ ├── RenewOperation.java │ │ │ ├── RequestCollectionOperation.java │ │ │ └── ValidateOperation.java │ │ ├── tokenstore │ │ ├── EHCacheTokenStore.java │ │ ├── EHCacheTokenStoreFactory.java │ │ ├── MemoryTokenStore.java │ │ ├── MemoryTokenStoreFactory.java │ │ ├── SecurityToken.java │ │ ├── TokenStore.java │ │ └── TokenStoreFactory.java │ │ ├── trust │ │ ├── AbstractSTSClient.java │ │ ├── AuthPolicyValidatingInterceptor.java │ │ ├── Messages.properties │ │ ├── STSClient.java │ │ ├── STSSamlAssertionValidator.java │ │ ├── STSTokenValidator.java │ │ ├── STSUtils.java │ │ ├── TrustException.java │ │ ├── claims │ │ │ └── ClaimsCallback.java │ │ └── delegation │ │ │ ├── DelegationCallback.java │ │ │ ├── ReceivedTokenCallbackHandler.java │ │ │ └── WSSUsernameCallbackHandler.java │ │ └── wss4j │ │ ├── AbstractUsernameTokenAuthenticatingInterceptor.java │ │ ├── AbstractWSS4JInterceptor.java │ │ ├── CryptoCoverageChecker.java │ │ ├── CryptoCoverageUtil.java │ │ ├── DefaultCryptoCoverageChecker.java │ │ ├── DelegatingCallbackHandler.java │ │ ├── Messages.properties │ │ ├── PolicyBasedWSS4JInInterceptor.java │ │ ├── PolicyBasedWSS4JOutInterceptor.java │ │ ├── SAMLUtils.java │ │ ├── SamlTokenInterceptor.java │ │ ├── UsernameTokenInterceptor.java │ │ ├── WSS4JInInterceptor.java │ │ ├── WSS4JOutInterceptor.java │ │ ├── WSS4JTokenConverter.java │ │ ├── WSS4JUtils.java │ │ ├── policyhandlers │ │ ├── AbstractBindingBuilder.java │ │ ├── AsymmetricBindingHandler.java │ │ ├── SymmetricBindingHandler.java │ │ ├── TransportBindingHandler.java │ │ └── WSSecurityTokenHolder.java │ │ └── policyvalidators │ │ ├── AbstractBindingPolicyValidator.java │ │ ├── AbstractSamlPolicyValidator.java │ │ ├── AbstractSupportingTokenPolicyValidator.java │ │ ├── AbstractTokenPolicyValidator.java │ │ ├── AsymmetricBindingPolicyValidator.java │ │ ├── BindingPolicyValidator.java │ │ ├── ClaimsPolicyValidator.java │ │ ├── ConcreteSupportingTokenPolicyValidator.java │ │ ├── DefaultClaimsPolicyValidator.java │ │ ├── EncryptedTokenPolicyValidator.java │ │ ├── EndorsingEncryptedTokenPolicyValidator.java │ │ ├── EndorsingTokenPolicyValidator.java │ │ ├── IssuedTokenPolicyValidator.java │ │ ├── KerberosTokenPolicyValidator.java │ │ ├── SamlTokenPolicyValidator.java │ │ ├── SecurityContextTokenPolicyValidator.java │ │ ├── SignedEncryptedTokenPolicyValidator.java │ │ ├── SignedEndorsingEncryptedTokenPolicyValidator.java │ │ ├── SignedEndorsingTokenPolicyValidator.java │ │ ├── SignedTokenPolicyValidator.java │ │ ├── SupportingTokenPolicyValidator.java │ │ ├── SymmetricBindingPolicyValidator.java │ │ ├── TokenPolicyValidator.java │ │ ├── TransportBindingPolicyValidator.java │ │ ├── UsernameTokenPolicyValidator.java │ │ ├── WSS11PolicyValidator.java │ │ └── X509TokenPolicyValidator.java │ └── test │ └── java │ └── org │ └── apache │ └── cxf │ └── ws │ └── security │ ├── sts │ ├── STSClientTest.java │ └── provider │ │ ├── SecurityTokenServiceImplTest.java │ │ └── SecurityTokenServiceProviderTest.java │ ├── tokenstore │ ├── EHCacheTokenStoreTest.java │ └── MemoryTokenStoreTest.java │ ├── trust │ └── AuthPolicyValidatingInterceptorTest.java │ └── wss4j │ ├── AbstractPolicySecurityTest.java │ ├── AbstractSecurityTest.java │ ├── CryptoCoverageCheckerTest.java │ ├── CustomProcessor.java │ ├── DefaultCryptoCoverageCheckerTest.java │ ├── Echo.java │ ├── EchoImpl.java │ ├── KeystorePasswordCallback.java │ ├── PolicyBasedWss4JInOutTest.java │ ├── RoundTripTest.java │ ├── SecurityVerificationOutTest.java │ ├── SignatureConfirmationTest.java │ ├── SimpleSubjectCreatingInterceptor.java │ ├── TestPwdCallback.java │ ├── UserNameTokenAuthorizationTest.java │ ├── WSS4JFaultCodeTest.java │ ├── WSS4JInOutTest.java │ ├── WSS4JOutInterceptorTest.java │ └── saml │ ├── AbstractSAMLCallbackHandler.java │ ├── CustomSamlValidator.java │ ├── PolicyBasedSamlTest.java │ ├── SAML1CallbackHandler.java │ ├── SAML2CallbackHandler.java │ └── SamlTokenTest.java ├── patch-lib-analyzer ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── patcheval │ │ │ ├── BugLibAnalyzer.java │ │ │ ├── BugLibManager.java │ │ │ ├── ByteCodeComparator.java │ │ │ ├── BytecodeAnalyzer.java │ │ │ ├── LibraryAnalyzerThread2.java │ │ │ ├── Main.java │ │ │ ├── PE_Run.java │ │ │ ├── representation │ │ │ ├── ArtifactLibrary.java │ │ │ ├── ArtifactResult2.java │ │ │ ├── ConstructPathAssessment2.java │ │ │ ├── ConstructPathLibResult2.java │ │ │ ├── Intersection2.java │ │ │ ├── LidResult2.java │ │ │ ├── OrderedCCperConstructPath2.java │ │ │ ├── OverallConstructChange.java │ │ │ └── ReleaseTree.java │ │ │ └── utils │ │ │ ├── CSVHelper2.java │ │ │ └── PEConfiguration.java │ └── resources │ │ ├── log4j.properties │ │ └── steady-patch-lib-analyzer.properties │ └── test │ └── java │ └── org │ └── eclipse │ └── steady │ └── patcheval │ ├── CiaTest.java │ ├── VersionTest.java │ └── package-info.java ├── plugin-gradle ├── README.md ├── build.gradle ├── gradle │ └── wrapper │ │ ├── gradle-wrapper.jar │ │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── pom.xml ├── settings.gradle └── src │ ├── main │ ├── groovy │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── gradle │ │ │ └── DependencyResolver.groovy │ └── java │ │ └── org │ │ └── eclipse │ │ └── steady │ │ └── java │ │ └── gradle │ │ ├── AbstractVulasTask.java │ │ ├── GradlePluginA2C.java │ │ ├── GradlePluginApp.java │ │ ├── GradlePluginClean.java │ │ ├── GradlePluginReport.java │ │ ├── GradleProjectUtilities.java │ │ ├── VulasPlugin.java │ │ └── VulasPluginCommon.java │ └── test │ ├── java │ └── org │ │ └── eclipse │ │ └── steady │ │ └── java │ │ └── gradle │ │ ├── AndroidLibsTest.java │ │ ├── GradleTestProject.java │ │ ├── JavaLibTest.java │ │ └── VulasBaseTest.java │ └── resources │ ├── android-libs │ ├── android-lib1 │ │ ├── build.gradle │ │ └── src │ │ │ └── main │ │ │ ├── AndroidManifest.xml │ │ │ ├── java │ │ │ └── com │ │ │ │ └── sap │ │ │ │ └── mobile │ │ │ │ └── android │ │ │ │ └── validationlib │ │ │ │ └── Greeter.java │ │ │ └── res │ │ │ └── values │ │ │ └── strings.xml │ ├── android-lib2 │ │ ├── build.gradle │ │ └── src │ │ │ └── main │ │ │ ├── AndroidManifest.xml │ │ │ ├── java │ │ │ └── com │ │ │ │ └── sap │ │ │ │ └── mobile │ │ │ │ └── android │ │ │ │ └── validationlib │ │ │ │ └── Greeter.java │ │ │ └── res │ │ │ └── values │ │ │ └── strings.xml │ ├── build.gradle │ ├── gradle.properties │ └── settings.gradle │ └── java-lib │ ├── build.gradle │ ├── gradle.properties │ ├── settings.gradle │ └── src │ ├── main │ └── java │ │ └── Library.java │ └── test │ └── java │ └── LibraryTest.java ├── plugin-maven ├── pom.xml └── src │ ├── it │ ├── java │ │ ├── StubServerSetup.java │ │ └── VulasMavenPluginTests.java │ ├── settings.xml │ └── simple-it │ │ ├── pom.xml │ │ └── verify.groovy │ ├── main │ ├── java │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── java │ │ │ └── mvn │ │ │ ├── AbstractVulasMojo.java │ │ │ ├── AbstractVulasSpaceMojo.java │ │ │ ├── MvnPluginA2C.java │ │ │ ├── MvnPluginBom.java │ │ │ ├── MvnPluginCheckBytecode.java │ │ │ ├── MvnPluginClean.java │ │ │ ├── MvnPluginInstr.java │ │ │ ├── MvnPluginReport.java │ │ │ ├── MvnPluginSpaceClean.java │ │ │ ├── MvnPluginT2C.java │ │ │ ├── MvnPluginUpload.java │ │ │ └── VulasAgentMojo.java │ └── resources │ │ └── steady-plugin-maven.properties │ └── test │ ├── java │ └── org │ │ └── eclipse │ │ └── steady │ │ └── java │ │ └── mvn │ │ ├── AbstractVulasMojoTest.java │ │ ├── TestProjectStub.java │ │ └── VulasAgentOptionsTests.java │ └── resources │ ├── testproject │ ├── backwardComppom.xml │ ├── mixedpom.xml │ ├── pom.xml │ └── src │ │ ├── main │ │ └── java │ │ │ └── com │ │ │ └── acme │ │ │ └── Simple.java │ │ └── test │ │ └── java │ │ └── SimpleTest.java │ └── unitTestPom │ ├── pom.xml │ └── pom2.xml ├── pom.xml ├── repo-client ├── pom.xml └── src │ ├── main │ └── java │ │ └── org │ │ └── eclipse │ │ └── steady │ │ ├── git │ │ ├── GitClient.java │ │ └── MyProxySelector.java │ │ ├── package-info.java │ │ ├── svn │ │ └── SvnClient.java │ │ └── vcs │ │ ├── FileChange.java │ │ ├── IVCSClient.java │ │ ├── NoRepoClientException.java │ │ └── RepoMismatchException.java │ └── test │ └── java │ └── org │ └── eclipse │ └── steady │ └── git │ └── GitTest.java ├── requirements.txt ├── rest-backend ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── backend │ │ │ ├── component │ │ │ ├── ApplicationExporter.java │ │ │ ├── ApplicationExporterThread.java │ │ │ └── StatisticsContributor.java │ │ │ ├── cve │ │ │ ├── Cve.java │ │ │ └── CveReader2.java │ │ │ ├── model │ │ │ ├── AffectedConstructChange.java │ │ │ ├── AffectedLibrary.java │ │ │ ├── Application.java │ │ │ ├── Bug.java │ │ │ ├── ConstructChange.java │ │ │ ├── ConstructChangeInDependency.java │ │ │ ├── ConstructChangeType.java │ │ │ ├── ConstructId.java │ │ │ ├── ConstructIdFilter.java │ │ │ ├── ConstructSearchResult.java │ │ │ ├── Dependency.java │ │ │ ├── DependencyIntersection.java │ │ │ ├── DependencyUpdate.java │ │ │ ├── GoalExecution.java │ │ │ ├── Library.java │ │ │ ├── LibraryId.java │ │ │ ├── PackageStatistics.java │ │ │ ├── Path.java │ │ │ ├── PathNode.java │ │ │ ├── Property.java │ │ │ ├── Space.java │ │ │ ├── Tenant.java │ │ │ ├── TouchPoint.java │ │ │ ├── Trace.java │ │ │ ├── V_AppVulndep.java │ │ │ ├── VulnerableDependency.java │ │ │ └── view │ │ │ │ └── Views.java │ │ │ ├── package-info.java │ │ │ ├── repo │ │ │ ├── AffectedLibraryRepository.java │ │ │ ├── AffectedLibraryRepositoryCustom.java │ │ │ ├── AffectedLibraryRepositoryImpl.java │ │ │ ├── ApplicationRepository.java │ │ │ ├── ApplicationRepositoryCustom.java │ │ │ ├── ApplicationRepositoryImpl.java │ │ │ ├── BugRepository.java │ │ │ ├── BugRepositoryCustom.java │ │ │ ├── BugRepositoryImpl.java │ │ │ ├── ConstructChangeRepository.java │ │ │ ├── ConstructIdRepository.java │ │ │ ├── DependencyRepository.java │ │ │ ├── DependencyRepositoryCustom.java │ │ │ ├── DependencyRepositoryImpl.java │ │ │ ├── GoalExecutionRepository.java │ │ │ ├── GoalExecutionRepositoryCustom.java │ │ │ ├── GoalExecutionRepositoryImpl.java │ │ │ ├── LibraryIdRepository.java │ │ │ ├── LibraryRepository.java │ │ │ ├── LibraryRepositoryCustom.java │ │ │ ├── LibraryRepositoryImpl.java │ │ │ ├── PathRepository.java │ │ │ ├── PathRepositoryCustom.java │ │ │ ├── PathRepositoryImpl.java │ │ │ ├── PropertyRepository.java │ │ │ ├── SpaceRepository.java │ │ │ ├── SpaceRepositoryCustom.java │ │ │ ├── SpaceRepositoryImpl.java │ │ │ ├── TenantRepository.java │ │ │ ├── TenantRepositoryCustom.java │ │ │ ├── TenantRepositoryImpl.java │ │ │ ├── TracesRepository.java │ │ │ ├── TracesRepositoryCustom.java │ │ │ ├── TracesRepositoryImpl.java │ │ │ └── V_AppVulndepRepository.java │ │ │ ├── rest │ │ │ ├── ApplicationController.java │ │ │ ├── BugController.java │ │ │ ├── ConfigurationController.java │ │ │ ├── CoverageController.java │ │ │ ├── CveController.java │ │ │ ├── HubIntegrationController.java │ │ │ ├── LibraryController.java │ │ │ ├── LibraryIdController.java │ │ │ ├── MainController.java │ │ │ ├── SpaceController.java │ │ │ └── TenantController.java │ │ │ └── util │ │ │ ├── ArtifactMaps.java │ │ │ ├── CacheFilter.java │ │ │ ├── ConnectionUtil.java │ │ │ ├── DependencyUtil.java │ │ │ ├── DigestVerifier.java │ │ │ ├── DigestVerifierEnumerator.java │ │ │ ├── MavenCentralVerifier.java │ │ │ ├── Message.java │ │ │ ├── PyPiVerifier.java │ │ │ ├── ReferenceUpdater.java │ │ │ ├── ResultSetFilter.java │ │ │ ├── ServiceWrapper.java │ │ │ ├── SmtpClient.java │ │ │ ├── TokenUtil.java │ │ │ └── VerificationException.java │ └── resources │ │ ├── META-INF │ │ └── services │ │ │ └── org.eclipse.steady.backend.util.DigestVerifier │ │ ├── application-docker.properties │ │ ├── application-localhost.properties │ │ ├── application-test.properties │ │ ├── application.properties │ │ ├── db │ │ ├── count_vulndeps_unknown_libs.sql │ │ ├── delete_unused_libs.sql │ │ ├── migration │ │ │ ├── V20161207.1200__create.sql │ │ │ ├── V20170302.1025__appversionlength.sql │ │ │ ├── V20170321.0850__token.sql │ │ │ ├── V20170322.1137__patchevalresults.sql │ │ │ ├── V20170414.1536__exceptiontype.sql │ │ │ ├── V20170419.1800__primarykey.sql │ │ │ ├── V20170424.2200__missingprimarykeys.sql │ │ │ ├── V20170824.1650__altercolumnhibernate5.sql │ │ │ ├── V20170825.1420__createviews.sql │ │ │ ├── V20170925.1530__bugrefsdeppath.sql │ │ │ ├── V20171016.1530__sameBytecode.sql │ │ │ ├── V20171019.1630__vulas3.sql │ │ │ ├── V20180518.0817__bugandspace.sql │ │ │ ├── V20180525.1115__bugdescriptionalt.sql │ │ │ ├── V20180525.1400__qnamesize.sql │ │ │ ├── V20180612.0915__recreateSomeViews.sql │ │ │ ├── V20180614.1100__addConditionToViews.sql │ │ │ ├── V20180629.1500__bugaffectedCCIndex.sql │ │ │ ├── V20180629.1520__addPropManualAndSpaceInViews.sql │ │ │ ├── V20180705.1100__libConstructsIndex.sql │ │ │ ├── V20180824.1600__updateView.sql │ │ │ ├── V20180828.1730__depParent.sql │ │ │ ├── V20181029.1330__depParentFK.sql │ │ │ ├── V20181108.1400__recreateVulnDepViews.sql │ │ │ ├── V20181211.0949__modifiedAtAffLib.sql │ │ │ ├── V20190304.1430__spaceReadOnly.sql │ │ │ ├── V20190425.1400__libDigestTimestamp.sql │ │ │ ├── V20190613.1700__bundledLibraryIds.sql │ │ │ └── V20200219.1130__dropDepIndexes.sql │ │ ├── repo_apps_bugs.sql │ │ ├── stats.sql │ │ ├── user.sql │ │ └── view.sql │ │ └── steady-rest-backend.properties │ └── test │ ├── java │ └── org │ │ └── eclipse │ │ └── steady │ │ └── backend │ │ ├── component │ │ └── ApplicationExporterTest.java │ │ ├── cve │ │ ├── CveReader2Test.java │ │ ├── CveTest.java │ │ └── NvdRestServiceMockup.java │ │ ├── rest │ │ ├── ApplicationControllerTest.java │ │ ├── BugControllerTest.java │ │ ├── HubIntegrationControllerTest.java │ │ ├── IT02_CoverageControllerIT.java │ │ ├── LibraryControllerTest.java │ │ ├── SpaceControllerTest.java │ │ └── TenantControllerTest.java │ │ └── util │ │ ├── ArtifactMapsTest.java │ │ ├── ConnectionUtilTest.java │ │ ├── PyPiVerifierTest.java │ │ ├── SmtpClientTest.java │ │ └── package-info.java │ └── resources │ ├── cves │ ├── CVE-2014-0050-new.json │ ├── CVE-2018-0123-new.json │ ├── CVE-2018-1000865-new.json │ ├── CVE-2019-0047-new.json │ └── CVE-2019-17531-new.json │ ├── dependencytree.postman_collection.json │ ├── dummy_app │ ├── app.json │ ├── app_parent.json │ ├── bug_afflib_CVE-2014-0050_CHECK_VERSION.json │ ├── bug_afflib_CVE-2014-0050_MANUAL.json │ ├── bug_afflib_CVE-2014-0050_PRE_COMMIT_POM.json │ ├── bug_bar.json │ ├── bug_foo.json │ ├── goal_execution.json │ ├── lib.json │ ├── lib_bar.json │ ├── path.json │ └── trace.json │ ├── jira-search-cve-2014-0050.json │ ├── pypi_flask.json │ ├── real_examples │ ├── affectedLib-propagate.json │ ├── apps-testapp-fileupload-1.2.2.json │ ├── bug_2015-5262.json │ ├── bug_CVE-2014-0050.json │ ├── bug_CVE-2014-0050_alt.json │ ├── bug_CVE-2018-12023.json │ ├── bugs-CVE-2012-2098.json │ ├── commons-fileupload-1.3.1.jar │ ├── lib_Jinja2-2.9.6.json │ ├── lib_bundledLibIds.json │ ├── lib_commons-fileupload-1.2.2.json │ ├── lib_commons-fileupload-1.3.1.json │ ├── lib_http-client-4.1.3.json │ └── lib_jackson-databind-2.9.5.json │ ├── select_stmts.sql │ ├── update_postman_target.sh │ └── vulas3.postman_collection.json ├── rest-lib-utils ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── eclipse │ │ │ └── steady │ │ │ └── cia │ │ │ ├── dependencyfinder │ │ │ ├── ClassDiffVisitor.java │ │ │ ├── JarDiffCmd.java │ │ │ └── JarDiffVisitor.java │ │ │ ├── model │ │ │ ├── nexus │ │ │ │ ├── NexusArtifact.java │ │ │ │ ├── NexusArtifactInfoResourceResponse.java │ │ │ │ ├── NexusArtifactResolution.java │ │ │ │ ├── NexusData.java │ │ │ │ ├── NexusDescribeInfo.java │ │ │ │ ├── NexusLibId.java │ │ │ │ ├── NexusNGData.java │ │ │ │ ├── NexusResolvedArtifact.java │ │ │ │ ├── NexusResponse.java │ │ │ │ ├── NexusSearch.java │ │ │ │ └── NexusSearchNGResponse.java │ │ │ └── pypi │ │ │ │ ├── PypiInfo.java │ │ │ │ ├── PypiRelease.java │ │ │ │ └── PypiResponse.java │ │ │ ├── package-info.java │ │ │ ├── rest │ │ │ ├── ArtifactController.java │ │ │ ├── ClassController.java │ │ │ ├── ConfigurationController.java │ │ │ ├── ConstructController.java │ │ │ └── MainController.java │ │ │ └── util │ │ │ ├── ArtifactDownloader.java │ │ │ ├── CacheFilter.java │ │ │ ├── ClassDownloader.java │ │ │ ├── FileAnalyzerFetcher.java │ │ │ ├── HeaderEcho.java │ │ │ ├── MavenCentralWrapper.java │ │ │ ├── NexusWrapper.java │ │ │ ├── PypiWrapper.java │ │ │ ├── RepoException.java │ │ │ ├── RepositoryDispatcher.java │ │ │ └── RepositoryWrapper.java │ └── resources │ │ ├── META-INF │ │ └── services │ │ │ └── org.eclipse.steady.cia.util.RepositoryWrapper │ │ ├── application.properties │ │ └── steady-rest-lib-utils.properties │ └── test │ ├── java │ └── org │ │ └── eclipse │ │ └── steady │ │ └── cia │ │ ├── dependencyfinder │ │ └── JarDiffCmdTest.java │ │ ├── model │ │ └── maven │ │ │ └── ArtifactTest.java │ │ └── rest │ │ ├── IT01_ArtifactControllerTest.java │ │ ├── IT02_SpringControllerTest.java │ │ ├── IT03_ClassControllerTest.java │ │ └── IT04_ConstructControllerTest.java │ └── resources │ ├── META-INF │ └── services │ │ └── org.eclipse.steady.cia.util.RepositoryWrapper │ ├── commons-fileupload-1.1.1.jar │ ├── commons-fileupload-1.1.jar │ ├── commons-fileupload-1.2.2.jar │ ├── commons-fileupload-1.3.1.jar │ └── commons-fileupload-1.3.jar └── shared ├── pom.xml └── src ├── main ├── java │ └── org │ │ └── eclipse │ │ └── steady │ │ └── shared │ │ ├── cache │ │ ├── Cache.java │ │ ├── CacheException.java │ │ └── ObjectFetcher.java │ │ ├── connectivity │ │ ├── PathBuilder.java │ │ ├── Service.java │ │ ├── ServiceConnectionException.java │ │ └── package-info.java │ │ ├── enums │ │ ├── AffectedVersionSource.java │ │ ├── BugOrigin.java │ │ ├── ConstructChangeType.java │ │ ├── ConstructType.java │ │ ├── ContentMaturityLevel.java │ │ ├── CoverageStatus.java │ │ ├── DependencyOrigin.java │ │ ├── DigestAlgorithm.java │ │ ├── ExportConfiguration.java │ │ ├── ExportFormat.java │ │ ├── GoalClient.java │ │ ├── GoalType.java │ │ ├── PathSource.java │ │ ├── ProgrammingLanguage.java │ │ ├── PropertySource.java │ │ ├── Scope.java │ │ ├── VulnDepOrigin.java │ │ └── package-info.java │ │ ├── json │ │ ├── JacksonUtil.java │ │ ├── JsonBuilder.java │ │ ├── JsonReader.java │ │ ├── JsonSyntaxException.java │ │ ├── JsonWriter.java │ │ └── model │ │ │ ├── AffectedConstructChange.java │ │ │ ├── AffectedLibrary.java │ │ │ ├── Application.java │ │ │ ├── Artifact.java │ │ │ ├── Bug.java │ │ │ ├── ConstructChange.java │ │ │ ├── ConstructChangeInDependency.java │ │ │ ├── ConstructId.java │ │ │ ├── ConstructIdFilter.java │ │ │ ├── Dependency.java │ │ │ ├── ExemptionBug.java │ │ │ ├── ExemptionScope.java │ │ │ ├── ExemptionSet.java │ │ │ ├── ExemptionUnassessed.java │ │ │ ├── FileChange.java │ │ │ ├── IExemption.java │ │ │ ├── KeyValue.java │ │ │ ├── Library.java │ │ │ ├── LibraryId.java │ │ │ ├── PathNode.java │ │ │ ├── Property.java │ │ │ ├── Space.java │ │ │ ├── Tenant.java │ │ │ ├── Trace.java │ │ │ ├── Version.java │ │ │ ├── VulnerableDependency.java │ │ │ ├── diff │ │ │ ├── ClassDiffResult.java │ │ │ ├── ClassModification.java │ │ │ └── JarDiffResult.java │ │ │ ├── mavenCentral │ │ │ ├── MavenSearchResponse.java │ │ │ ├── MavenVersionsSearch.java │ │ │ └── ResponseDoc.java │ │ │ ├── metrics │ │ │ ├── AbstractMetric.java │ │ │ ├── Counter.java │ │ │ ├── Metrics.java │ │ │ ├── Percentage.java │ │ │ ├── Ratio.java │ │ │ └── package-info.java │ │ │ ├── package-info.java │ │ │ └── view │ │ │ └── Views.java │ │ ├── package-info.java │ │ └── util │ │ ├── AbstractFileSearch.java │ │ ├── CollectionUtil.java │ │ ├── Constants.java │ │ ├── ConstructIdUtil.java │ │ ├── DependencyUtil.java │ │ ├── DigestUtil.java │ │ ├── DirUtil.java │ │ ├── DirWithFileSearch.java │ │ ├── DirnamePatternSearch.java │ │ ├── FileSearch.java │ │ ├── FileUtil.java │ │ ├── FilenamePatternSearch.java │ │ ├── MemoryMonitor.java │ │ ├── ProgressTracker.java │ │ ├── StopWatch.java │ │ ├── StringList.java │ │ ├── StringUtil.java │ │ ├── ThreadUtil.java │ │ ├── VulasConfiguration.java │ │ └── package-info.java └── resources │ ├── log4j2.xml │ ├── steady-shared.properties │ └── steady-version.properties └── test ├── java └── org │ └── eclipse │ └── steady │ └── shared │ ├── cache │ └── CacheTest.java │ ├── categories │ ├── Integrated.java │ ├── RequiresNetwork.java │ └── Slow.java │ ├── enums │ └── ScopeTest.java │ ├── json │ ├── JacksonUtilTest.java │ ├── JsonBuilderTest.java │ ├── VulnerableDependencyJsonTest.java │ └── model │ │ └── metrics │ │ └── MetricsTest.java │ ├── model │ ├── ApplicationTest.java │ ├── IExemptionTest.java │ └── generic │ │ └── VersionTest.java │ └── util │ ├── DigestUtilTest.java │ ├── DirUtilTest.java │ ├── FileSearchTest.java │ ├── FileUtilTest.java │ ├── StopWatchTest.java │ ├── StringListTest.java │ ├── StringUtilTest.java │ ├── TestDirWithFileSearch.java │ └── VulasConfigurationTest.java └── resources ├── Outer.jar ├── foo.txt ├── foo └── bar │ ├── bar.baz │ ├── foo.bar │ └── readme.txt ├── steady-test.properties ├── vulndep.json └── vulndepJsonExpected.json /.dockerignore: -------------------------------------------------------------------------------- 1 | Dockerfile 2 | docker 3 | !docker/run.sh 4 | **/target 5 | docs 6 | .travis 7 | .github 8 | .git 9 | .vscode 10 | findbugs-exclude.xml 11 | .gradle 12 | .gradle_home 13 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | 5 | --- 6 | 7 | **Is your feature request related to a problem? Please describe.** 8 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 9 | 10 | **Describe the solution you'd like** 11 | A clear and concise description of what you want to happen. 12 | 13 | **Describe alternatives you've considered** 14 | A clear and concise description of any alternative solutions or features you've considered. 15 | 16 | **Additional context** 17 | Add any other context or screenshots about the feature request here. 18 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | #### `TODO`s 6 | 7 | - [ ] Tests 8 | - [ ] Documentation -------------------------------------------------------------------------------- /.github/main.workflow: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/*.log 2 | **/*.swp 3 | **/target 4 | **/.classpath 5 | **/.settings 6 | **/.project 7 | **/dependency-reduced-pom.xml 8 | .flattened-pom.xml 9 | .factorypath 10 | tags 11 | *.classpath 12 | *.project 13 | *.pydevproject 14 | .gradle 15 | .gradle_home 16 | build/ 17 | .idea 18 | *.iml 19 | bin/ 20 | **/pom.xml.versionsBackup 21 | /.metadata/ 22 | out/ 23 | gradle.zip 24 | /.vscode 25 | lang-java-reach-soot-init/lib/*.jar 26 | docs/site 27 | docs/.merged 28 | docs/.tmp 29 | /*/src/main/webapp/model/Version.js 30 | values_dev.yaml 31 | test.yaml 32 | .DS_Store 33 | **/*.buildinfo 34 | 35 | # Created by the generator Docker container (/docker/Dockerfile and /docker/run.sh) 36 | /docker/**/*.*ar 37 | /docker/client-components 38 | /docker/all-components 39 | 40 | # Environment and data folders when running the Docker Compose app in the cloned repo 41 | /docker/.env 42 | /docker/*/data 43 | /docker/kb-importer/conf/kaybeeconf.yaml 44 | 45 | # Files created by .travis/check_code_style.sh 46 | google-java-format-*.jar 47 | java-files.txt 48 | non-compliant-files.txt 49 | -------------------------------------------------------------------------------- /.travis/.env: -------------------------------------------------------------------------------- 1 | # Eclipse Steady 2 | VULAS_RELEASE=3.2.6-SNAPSHOT 3 | VULAS_ENV=dev 4 | 5 | # PostgreSQL 6 | POSTGRES_USER=postgres 7 | POSTGRES_PASSWORD=default 8 | 9 | # Jira (optional) 10 | JIRA_USER= 11 | JIRA_PASSWORD= 12 | 13 | # Proxy 14 | HTTP_PROXY_HOST= 15 | HTTPS_PROXY_HOST= 16 | HTTP_PROXY_PORT= 17 | HTTPS_PROXY_PORT= 18 | NON_PROXY_HOSTS= 19 | 20 | # Proxy (you should not need to modify this) 21 | http_proxy= 22 | https_proxy= 23 | no_proxy= 24 | 25 | # Spring (you should not need to modify this) 26 | SPRING_DATASOURCE_USERNAME=postgres 27 | SPRING_DATASOURCE_PASSWORD=default 28 | 29 | # HAProxy 30 | HAPROXY_STATS_USER=travis 31 | HAPROXY_STATS_PASSWORD=travis 32 | 33 | # Frontend Bugs Frontend 34 | FRONTEND_BUGS_USER=travis 35 | FRONTEND_BUGS_PASSWORD=travis 36 | -------------------------------------------------------------------------------- /.travis/check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | set -x 5 | 6 | sleep 15 7 | 8 | N_CONTAINERS_RUNNING=$(docker ps --filter "status=running" | grep steady | awk '{print $1}' | wc -l) 9 | REST_BACKEND_CREATED=$(docker images | grep steady-rest-backend | awk '{print $1}' | wc -l) 10 | STEADY_PIPELINE_CREATED=$(docker images | grep steady-pipeline | awk '{print $1}' | wc -l) 11 | 12 | if [ "${N_CONTAINERS_RUNNING}" -eq 9 ] && [ "${REST_BACKEND_CREATED}" -eq 1 ] && [ "${STEADY_PIPELINE_CREATED}" -eq 1 ] 13 | then 14 | exit 0 15 | else 16 | exit 1 17 | fi 18 | -------------------------------------------------------------------------------- /.travis/check_dockerfile_location.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | SERVICES='frontend-apps frontend-bugs patch-lib-analyzer rest-backend rest-lib-utils' 4 | ERROR=false 5 | FAILED="" 6 | 7 | for service in $SERVICES ; do 8 | if ! { [ -f "./docker/$service/Dockerfile" ] || [ -f "./$service/Dockerfile" ]; }; then 9 | ERROR=true 10 | FAILED="$FAILED$service " 11 | fi 12 | done 13 | 14 | if [ "$ERROR" = "true" ]; then 15 | echo "[-] The following Dockerfiles are not present anymore: docker/$FAILED/Dockerfile" 16 | exit 1 17 | fi 18 | -------------------------------------------------------------------------------- /.travis/docker_hub_push_release.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Should be run from repository's root 3 | # Usage: bash .travis/docker_hub_push_releases.sh 4 | 5 | 6 | if [ "$VULAS_RELEASE" != "$TRAVIS_TAG" ]; then 7 | echo '[-] VULAS_RELEASE and Git tag mismatch' 8 | echo " VULAS_RELEASE: ${VULAS_RELEASE}" 9 | echo " Git tag: ${TRAVIS_TAG}" 10 | exit 1 11 | fi 12 | 13 | echo "$DOCKER_HUB_SUMEET_PASSWORD" | docker login -u "$DOCKER_HUB_SUMEET_USERNAME" --password-stdin 14 | if [ -z "$JIB" ]; then 15 | (cd docker && bash push-images.sh -r docker.io -p eclipse -v "$TRAVIS_TAG") 16 | else 17 | ./.travis/skaffold build -f ./.travis/skaffold.yaml 18 | fi 19 | -------------------------------------------------------------------------------- /.travis/docker_hub_push_snapshot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Should be run from repository's root 3 | # Usage: bash .travis/docker_hub_push_snapshot.sh 4 | 5 | if [[ $VULAS_RELEASE =~ ^([0-9]+\.[0-9]+\.[0-9]+-SNAPSHOT)$ ]]; then 6 | echo "$DOCKER_HUB_SUMEET_PASSWORD" | docker login -u "$DOCKER_HUB_SUMEET_USERNAME" --password-stdin 7 | if [ -z "$JIB" ]; then 8 | (cd docker && bash push-images.sh -r docker.io -p eclipse -v "${VULAS_RELEASE}") 9 | else 10 | ./.travis/skaffold build -f ./.travis/skaffold.yaml 11 | fi 12 | else 13 | echo '[!] Refusing to push non-snapshot version' 14 | echo " VULAS_RELEASE: $VULAS_RELEASE" 15 | fi 16 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Follow the [guide](https://eclipse.github.io/steady/contributor/) in our Documentation 4 | -------------------------------------------------------------------------------- /CONTRIBUTORS.md: -------------------------------------------------------------------------------- 1 | # Contributors 2 | 3 | SAP Security Research team 4 | 5 | - [Henrik Plate](https://github.com/henrikplate) 6 | - [Serena Ponta](https://github.com/serenaponta) 7 | - [Antonino Sabetta](https://github.com/copernico) 8 | 9 | SAP Security Testing team 10 | 11 | - [Alessandro Pezzé](https://github.com/Naramsim) 12 | - Cedric Dangremont 13 | - [HOANG Quoc Trung](https://github.com/ichbinfrog) 14 | - [Sumeet Patil](https://github.com/sumeetpatil) 15 | 16 | University of Paderborn 17 | 18 | - [Andreas Dann](https://github.com/anddann) 19 | 20 | NAIST 21 | 22 | - [Bodin Chinthanet](https://github.com/gotzillaz) 23 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Supported Versions 4 | 5 | The following versions of Eclipse Steady are 6 | currently being supported with security updates. 7 | 8 | | Version | Supported | 9 | | ------- | ------------------ | 10 | | 3.2.x | :white_check_mark: | 11 | | < 3.2 | :x: | 12 | 13 | ## Reporting a Vulnerability 14 | 15 | If you find a security issue, please act responsibly and do NOT report it in the public issue tracker. 16 | 17 | Instead, [open a ticket](https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community&component=Vulnerability+Reports&keywords=security&groups=Security_Advisories) in the Eclipse Bugzilla instance. 18 | 19 | More information about Eclipse's vulnerability reporting guidelines can be found in the [Eclipse Project Handbook](https://www.eclipse.org/projects/handbook/#vulnerability-reporting). 20 | 21 | 24 | -------------------------------------------------------------------------------- /cli-scanner/src/main/java/org/eclipse/steady/cli/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | /** 20 | * 21 | */ 22 | /** 23 | * 24 | */ 25 | package org.eclipse.steady.cli; 26 | -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/appfolder with space/ClassWithoutPackage.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/appfolder with space/ClassWithoutPackage.class -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/appfolder/com/acme/ArchivePrinter$1$1Bar.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/appfolder/com/acme/ArchivePrinter$1$1Bar.class -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/appfolder/com/acme/ArchivePrinter$1.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/appfolder/com/acme/ArchivePrinter$1.class -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/appfolder/com/acme/ArchivePrinter$2.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/appfolder/com/acme/ArchivePrinter$2.class -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/appfolder/com/acme/ArchivePrinter$InnerNonStaticClass.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/appfolder/com/acme/ArchivePrinter$InnerNonStaticClass.class -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/appfolder/com/acme/ArchivePrinter$InnerStaticClass.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/appfolder/com/acme/ArchivePrinter$InnerStaticClass.class -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/appfolder/com/acme/ArchivePrinter.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/appfolder/com/acme/ArchivePrinter.class -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/appfolder/com/acme/ArchiveServlet.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/appfolder/com/acme/ArchiveServlet.class -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/appfolder/com/acme/HelloWorldAction.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/appfolder/com/acme/HelloWorldAction.class -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/appfolder/com/acme/MessageStore$1$1Bar.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/appfolder/com/acme/MessageStore$1$1Bar.class -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/appfolder/com/acme/MessageStore$1.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/appfolder/com/acme/MessageStore$1.class -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/appfolder/com/acme/MessageStore.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/appfolder/com/acme/MessageStore.class -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/cf-helloworld/helloworld/app.py: -------------------------------------------------------------------------------- 1 | from flask import Flask 2 | 3 | 4 | app = Flask(__name__) 5 | 6 | @app.route('/') 7 | def hello_world(): 8 | return 'Hello, World!\n' 9 | -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/cf-helloworld/setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup, find_packages 2 | 3 | 4 | setup( 5 | name='cf-helloworld', 6 | version='1.0', 7 | description='Minimalistic CF python application', 8 | author='Roman Kindruk', 9 | author_email='roman.kindruk@sap.com', 10 | install_requires=[ 11 | 'flask>=0.11', 12 | 'gunicorn>=19.0'], 13 | packages=find_packages() 14 | ) 15 | -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/depfolder with space/commons-compress-1.12.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/depfolder with space/commons-compress-1.12.jar -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/depfolder/commons-codec-1.6.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/depfolder/commons-codec-1.6.jar -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/depfolder/commons-collections-3.2.2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/depfolder/commons-collections-3.2.2.jar -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/file.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/file.java -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/file.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/file.py -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/foo/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/foo/__init__.py -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/foo/class_hw.py: -------------------------------------------------------------------------------- 1 | print("before") 2 | 3 | def hello_world(arg): 4 | print('Funky hello world', arg) 5 | return 6 | 7 | print("after") 8 | 9 | def good_bye(arg): 10 | print('Good bye', arg) 11 | return 12 | 13 | def good_bye_dude(): 14 | print("Good bye dude") 15 | 16 | def func_with_class(arg): 17 | 18 | class class_in_func: 19 | var0 = -1 20 | def __init__(self, number): 21 | self.var0 = number 22 | 23 | def method_of_class_in_func(self, something): 24 | print("My number, dear", something,", is", self.var0) 25 | 26 | c = class_in_func(42) 27 | c.method_of_class_in_func("honk") 28 | return 29 | 30 | func_with_class("hola") 31 | good_bye("bar") 32 | 33 | class class0: 34 | var0 = '' 35 | 36 | def __init__(self, name): 37 | print("Class constructor called with arg [", name, ']') 38 | self.var0 = name 39 | 40 | def hello_world(self): 41 | print("Classy hello world", self.var0) 42 | 43 | x = class0('test') 44 | x.hello_world() 45 | -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/foo/func_hw.py: -------------------------------------------------------------------------------- 1 | print("before") 2 | 3 | def hello_world(arg): 4 | print('Hello world', arg) 5 | return 6 | 7 | print("after") 8 | 9 | def good_bye(arg): 10 | print('Good bye', arg) 11 | return 12 | 13 | good_bye("bar") 14 | 15 | if __name__ == '__main__': 16 | if len(sys.argv) > 1: 17 | dirname = sys.argv[1] 18 | else: 19 | dirname = '' 20 | for filename in listfiles(dirname): 21 | try: 22 | print(compose(filename)) 23 | except UnicodeEncodeError: 24 | print(repr(filename)[1:-1]) -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/foo/hello_world.py: -------------------------------------------------------------------------------- 1 | print('Hello world') 2 | #print 'hello world' 3 | -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/java-app/cf1.2.2-cc1.4-xz1.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/cli-scanner/src/test/resources/java-app/cf1.2.2-cc1.4-xz1.0.jar -------------------------------------------------------------------------------- /cli-scanner/src/test/resources/java-app/com/acme/HelloWorldAction.java: -------------------------------------------------------------------------------- 1 | package com.acme; 2 | 3 | import com.opensymphony.xwork2.ActionSupport; 4 | 5 | /** 6 | * Taken from: http://struts.apache.org/docs/hello-world-using-struts-2.html 7 | * 8 | */ 9 | public class HelloWorldAction extends ActionSupport { 10 | 11 | private static final long serialVersionUID = 1L; 12 | 13 | private MessageStore messageStore; 14 | 15 | public String execute() throws Exception { 16 | 17 | messageStore = new MessageStore() ; 18 | return SUCCESS; 19 | } 20 | 21 | public MessageStore getMessageStore() { 22 | return messageStore; 23 | } 24 | 25 | public void setMessageStore(MessageStore messageStore) { 26 | this.messageStore = messageStore; 27 | } 28 | 29 | } -------------------------------------------------------------------------------- /copyright-license-header-template.txt: -------------------------------------------------------------------------------- 1 | This file is part of ${project.name}. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | 15 | SPDX-License-Identifier: Apache-2.0 16 | SPDX-FileCopyrightText: Copyright (c) 2018-2020 ${owner} -------------------------------------------------------------------------------- /docker/.env.sample: -------------------------------------------------------------------------------- 1 | # Eclipse Steady 2 | VULAS_RELEASE=3.2.5 3 | VULAS_ENV=prod 4 | 5 | # *** MANDATORY SETTINGS *** 6 | # PostgreSQL 7 | POSTGRES_USER=postgres 8 | POSTGRES_PASSWORD=changeme 9 | 10 | # HAProxy 11 | HAPROXY_STATS_USER=haproxy 12 | HAPROXY_STATS_PASSWORD=changeme 13 | 14 | # Frontend Bugs Frontend 15 | FRONTEND_BUGS_USER=vulas 16 | FRONTEND_BUGS_PASSWORD=changeme 17 | 18 | # Token for updating(PUT) or creating(POST) bugs 19 | BACKEND_BUGS_TOKEN=FD262258-9E0E-494F-AB98-10352914D7A6 20 | 21 | # *** OPTIONAL SETTINGS *** 22 | # Jira (optional) 23 | JIRA_USER= 24 | JIRA_PASSWORD= 25 | 26 | # Proxy 27 | HTTP_PROXY_HOST= 28 | HTTPS_PROXY_HOST= 29 | HTTP_PROXY_PORT= 30 | HTTPS_PROXY_PORT= 31 | NON_PROXY_HOSTS= 32 | http_proxy= 33 | https_proxy= 34 | no_proxy= 35 | 36 | # kb-importer update cron expression 37 | KB_IMPORTER_CRON_HOUR=0 38 | KB_IMPORTER_STATEMENTS_FOLDER=statements 39 | KB_IMPORTER_STATEMENTS_REPO=https://github.com/sap/project-kb 40 | KB_IMPORTER_STATEMENTS_BRANCH=vulnerability-data 41 | KB_IMPORTER_SKIP_CLONE=True 42 | KB_IMPORTER_CLONE_FOLDER=repo-clones 43 | -------------------------------------------------------------------------------- /docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM maven:3-adoptopenjdk-11 2 | 3 | LABEL maintainer="steady-dev@eclipse.org" 4 | 5 | WORKDIR /vulas 6 | 7 | ARG http_proxy 8 | ARG https_proxy 9 | 10 | RUN apt-get update 11 | 12 | RUN apt-get install -y ca-certificates wget && update-ca-certificates 13 | 14 | RUN apt-get install -y python3 python3-pip git 15 | 16 | RUN python3 -m pip install --upgrade pip setuptools && \ 17 | python3 -m pip install requests virtualenv 18 | 19 | RUN if [ ! -e /usr/local/bin/pip ]; then ln -s pip3 /usr/local/bin/pip ; fi && \ 20 | if [ ! -e /usr/bin/python ]; then ln -s python3 /usr/bin/python; fi 21 | 22 | ENV ANT_OPTS="-Dhttp.proxyHost=${HTTP_PROXY_HOST} -Dhttp.proxyPort=${HTTP_PROXY_PORT}" 23 | 24 | RUN pip install requests virtualenv 25 | 26 | COPY . . 27 | 28 | COPY docker/run.sh run.sh 29 | 30 | RUN chmod +x run.sh 31 | 32 | CMD ./run.sh 33 | -------------------------------------------------------------------------------- /docker/README.md: -------------------------------------------------------------------------------- 1 | Read more here: https://eclipse.github.io/steady/admin/ 2 | -------------------------------------------------------------------------------- /docker/frontend-apps/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM jetty:9.4.49-jdk11-eclipse-temurin 2 | 3 | LABEL maintainer="steady-dev@eclipse.org" 4 | 5 | ARG VULAS_RELEASE 6 | 7 | COPY frontend-apps-${VULAS_RELEASE}.war $JETTY_BASE/webapps/apps.war 8 | -------------------------------------------------------------------------------- /docker/frontend-bugs/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM jetty:9.4.49-jdk11-eclipse-temurin 2 | 3 | LABEL maintainer="steady-dev@eclipse.org" 4 | 5 | ARG VULAS_RELEASE 6 | 7 | COPY frontend-bugs-${VULAS_RELEASE}.war $JETTY_BASE/webapps/bugs.war 8 | -------------------------------------------------------------------------------- /docker/kb-importer/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM eclipse-temurin:11.0.16.1_1-jre 2 | 3 | LABEL maintainer="steady-dev@eclipse.org" 4 | 5 | ARG VULAS_RELEASE 6 | 7 | RUN apt-get update \ 8 | && apt-get install -y --no-install-recommends \ 9 | openssl wget tar git cron bash gettext\ 10 | && rm -rf /var/lib/apt/lists/* \ 11 | && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false 12 | 13 | WORKDIR /kb-importer 14 | 15 | RUN wget https://github.com/SAP/project-kb/releases/download/v0.6.18/kaybee-0.6.18_linux-amd64 -O kaybee 16 | RUN chmod +x kaybee 17 | 18 | COPY kb-importer-$VULAS_RELEASE-jar-with-dependencies.jar kb-importer.jar 19 | RUN chmod +x kb-importer.jar 20 | 21 | COPY kb-importer.sh start.sh /kb-importer/ 22 | RUN chmod +x /kb-importer/kb-importer.sh /kb-importer/start.sh 23 | 24 | ENTRYPOINT ["sh","/kb-importer/start.sh"] 25 | -------------------------------------------------------------------------------- /docker/kb-importer/certs/readme.txt: -------------------------------------------------------------------------------- 1 | This folder contains certs which are needed to connect with your backend or cia URL 2 | Certs can be downloaded with the following command - 3 | echo yes | openssl s_client -connect domain_name:port_number | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' 4 | -------------------------------------------------------------------------------- /docker/patch-lib-analyzer/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM eclipse-temurin:11.0.16.1_1-jre 2 | 3 | LABEL maintainer="steady-dev@eclipse.org" 4 | 5 | ARG VULAS_RELEASE 6 | 7 | RUN apt-get update \ 8 | && apt-get install -y --no-install-recommends \ 9 | bash \ 10 | && rm -rf /var/lib/apt/lists/* \ 11 | && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false 12 | 13 | COPY patch-lib-analyzer-${VULAS_RELEASE}-jar-with-dependencies.jar /steady/patch-lib-analyzer.jar 14 | COPY run.sh /steady/run.sh 15 | 16 | RUN chmod +x /steady/run.sh 17 | 18 | CMD ["/steady/run.sh"] 19 | -------------------------------------------------------------------------------- /docker/patch-lib-analyzer/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Wait for backend to start and kb-importer to insert data 4 | sleep 300 5 | 6 | java \ 7 | -Dhttp.nonProxyHosts=$NON_PROXY_HOSTS \ 8 | -Dhttp.proxyHost=$HTTP_PROXY_HOST \ 9 | -Dhttp.proxyPort=$HTTP_PROXY_PORT \ 10 | -Dhttps.proxyHost=$HTTPS_PROXY_HOST \ 11 | -Dhttps.proxyPort=$HTTPS_PROXY_PORT \ 12 | -Dspring.profiles.active=docker \ 13 | -jar /steady/patch-lib-analyzer.jar $PATCHEVAL_OPTS 14 | -------------------------------------------------------------------------------- /docker/pipeline/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM maven:3-adoptopenjdk-11 2 | 3 | LABEL maintainer="steady-dev@eclipse.org" 4 | 5 | RUN apt-get update && \ 6 | apt-get install -y python3 python3-pip 7 | 8 | RUN python3 -m pip install --upgrade pip setuptools && \ 9 | python3 -m pip install requests virtualenv reuse 10 | 11 | RUN if [ ! -e /usr/local/bin/pip ]; then ln -s pip3 /usr/local/bin/pip ; fi && \ 12 | if [ ! -e /usr/bin/python ]; then ln -s python3 /usr/bin/python; fi 13 | 14 | ENTRYPOINT ["/usr/local/bin/mvn-entrypoint.sh"] 15 | 16 | CMD ["mvn"] 17 | -------------------------------------------------------------------------------- /docker/pipeline/README.md: -------------------------------------------------------------------------------- 1 | This Dockerfile is used for building and releasing Steady on Eclipse CI/CD infrastructure. -------------------------------------------------------------------------------- /docker/postgresql/conf/10-vulas-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ -z ${POSTGRES_PASSWORD} ] || [ -z ${POSTGRES_USER} ] 5 | then 6 | echo 'POSTGRES_USER or POSTGRES_PASSWORD cannot be empty' 7 | exit 1 8 | fi 9 | 10 | psql --dbname=vulas -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL_B 11 | CREATE TABLE schema_version ( 12 | installed_rank integer NOT NULL, 13 | version character varying(50), 14 | description character varying(200) NOT NULL, 15 | type character varying(20) NOT NULL, 16 | script character varying(1000) NOT NULL, 17 | checksum integer, 18 | installed_by character varying(100) NOT NULL, 19 | installed_on timestamp without time zone DEFAULT now() NOT NULL, 20 | execution_time integer NOT NULL, 21 | success boolean NOT NULL 22 | ); 23 | ALTER TABLE schema_version OWNER TO ${POSTGRES_USER}; 24 | INSERT INTO schema_version VALUES (1, '20161206.1800', 'Base version', 'BASELINE', 'Base version', NULL, 'postgres', '2016-12-06 18:00:00.000000', 0, true); 25 | EOSQL_B 26 | -------------------------------------------------------------------------------- /docker/readme-pages/Help.md: -------------------------------------------------------------------------------- 1 | Please proceed in the following order to have your question answered or problem solved: 2 | 3 | 1. Check the [FAQs](Troubleshooting) to see whether your question has been answered already. Alternatively, check [Stack Overflow](https://stackoverflow.com/questions/tagged/vulas) to search for FAQs or to request help. 4 | 5 | 2. **Only if your question has not been answered yet**: Get into contact with the team operating Steady in your organization. 6 | 7 | 3. **Only if you believe that you experience a new bug in Steady**: Create a [GitHub issue]() with as much information as possible in order to let the developers reproduce the problem in their environment. 8 | -------------------------------------------------------------------------------- /docker/readme-pages/dep-tree.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docker/readme-pages/dep-tree.png -------------------------------------------------------------------------------- /docker/rest-backend/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM eclipse-temurin:11.0.16.1_1-jre 2 | 3 | LABEL maintainer="steady-dev@eclipse.org" 4 | 5 | ARG VULAS_RELEASE 6 | 7 | RUN apt-get update \ 8 | && apt-get install -y --no-install-recommends \ 9 | bash \ 10 | && rm -rf /var/lib/apt/lists/* \ 11 | && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false 12 | 13 | COPY rest-backend-$VULAS_RELEASE.jar /steady/rest-backend.jar 14 | COPY run.sh /steady/run.sh 15 | RUN touch /$VULAS_RELEASE 16 | 17 | EXPOSE 8091 18 | 19 | RUN chmod +x /steady/run.sh 20 | 21 | CMD ["/steady/run.sh"] 22 | -------------------------------------------------------------------------------- /docker/rest-backend/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | FLYWAY_OPTS="-Dflyway.skipDefaultCallbacks=true" 4 | 5 | if [ "x$DELAY_STARTUP" != "x" ]; 6 | then 7 | echo "Delaying startup by $DELAY_STARTUP seconds to avoid race with other backend instances" 8 | sleep $DELAY_STARTUP 9 | else 10 | echo "Starting with no delay" 11 | fi 12 | 13 | java \ 14 | -Dhttp.nonProxyHosts=$NON_PROXY_HOSTS \ 15 | -Dhttp.proxyHost=$HTTP_PROXY_HOST \ 16 | -Dhttp.proxyPort=$HTTP_PROXY_PORT \ 17 | -Dhttps.proxyHost=$HTTPS_PROXY_HOST \ 18 | -Dhttps.proxyPort=$HTTPS_PROXY_PORT \ 19 | -Dvulas.jira.usr=$JIRA_USER \ 20 | -Dvulas.jira.pwd=$JIRA_PASSWORD \ 21 | $FLYWAY_OPTS \ 22 | $DEBUG_OPTS \ 23 | -Dspring.profiles.active=docker \ 24 | -jar /steady/rest-backend.jar 25 | -------------------------------------------------------------------------------- /docker/rest-lib-utils/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM eclipse-temurin:11.0.16.1_1-jre 2 | 3 | LABEL maintainer="steady-dev@eclipse.org" 4 | 5 | ARG VULAS_RELEASE 6 | 7 | COPY rest-lib-utils-${VULAS_RELEASE}.jar /steady/rest-lib-utils.jar 8 | RUN touch /$VULAS_RELEASE 9 | 10 | EXPOSE 8092 11 | 12 | CMD java -Dhttp.nonProxyHosts=${NON_PROXY_HOSTS} -Dhttps.nonProxyHosts=${NON_PROXY_HOSTS} -Dhttps.proxyHost=${HTTPS_PROXY_HOST} -Dhttps.proxyPort=${HTTP_PROXY_PORT} -Dhttp.proxyHost=${HTTP_PROXY_HOST} -Dhttp.proxyPort=${HTTP_PROXY_PORT} -jar /steady/rest-lib-utils.jar 13 | -------------------------------------------------------------------------------- /docs/.editorconfig: -------------------------------------------------------------------------------- 1 | # editorconfig.org 2 | root = true 3 | 4 | [*.md] 5 | indent_style = space 6 | indent_size = 4 7 | tab_width = 4 8 | end_of_line = lf 9 | charset = utf-8 10 | trim_trailing_whitespace = true 11 | insert_final_newline = true 12 | -------------------------------------------------------------------------------- /docs/Dockerfile: -------------------------------------------------------------------------------- 1 | # Image built on top of python:3.6.8-alpine3.9 2 | # with git, (pip) Markdown, mkdocs, mkdocs-material, pip 3 | FROM squidfunk/mkdocs-material:4.4.3 4 | 5 | WORKDIR /tmp 6 | COPY . . 7 | 8 | RUN pip install -r requirements.txt 9 | EXPOSE 8000 10 | 11 | ENTRYPOINT ["python", "docs.py"] 12 | CMD ["public", "--mkserve", "--dev_addr", "docs:8000"] 13 | -------------------------------------------------------------------------------- /docs/checklinks.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Scrapes a URL in order to find broken links. Used on our generated docs to find broken links. 4 | # below -e parameter is used to add regex exclusions. 5 | # You need GoLang and Muffet in order to run this script 6 | 7 | if [ -z $URL ]; then 8 | URL=${1:-127.0.0.1:8000} 9 | fi 10 | 11 | ./muffet -e .*/edit/.* \ 12 | -e .*/f2895a6e-ca7c-0010-82c7-eda71af511fa.html \ 13 | -e .*exploit-db\.com \ 14 | -e .*corp[/:].* \ 15 | -e .*:8033/.* \ 16 | -e .*/apps.* \ 17 | -e .*/bugs.* \ 18 | -e .*maven\.apache\.org.* \ 19 | -e .*docs\.oracle\.com.* \ 20 | -e .*wala\.sourceforge\.net.* \ 21 | -e .*stackoverflow\.com.* \ 22 | -e .*github\.com/kubernetes/ingress-nginx.* \ 23 | -e .*\.apache\.org.* \ 24 | -t 80 http://$URL 25 | 26 | -------------------------------------------------------------------------------- /docs/guidelines.md: -------------------------------------------------------------------------------- 1 | # Development Conventions and Guidelines 2 | 3 | To keep the Steady code readable and maintainable, please follow these rules, even if you find them violated somewhere. Note that this list is not complete. When a file is consistently not following these rules and adhering to the rules would make the code worse, follow the local style. 4 | 5 | **TODO: Complete guidelines, see [here](https://github.com/SAP/openui5/blob/master/docs/guidelines.md) for a comprehensive example** 6 | -------------------------------------------------------------------------------- /docs/public.properties: -------------------------------------------------------------------------------- 1 | PROJECT_NAME=Eclipse Steady 2 | PROJECT_VERSION=3.2.5 3 | PROJECT_TAG=vulnerability-assessment-tool 4 | PROJECT_URL=https://github.com/eclipse/steady 5 | ADDRESS=http://localhost:8033 6 | CLI_ZIP_LOCATION=[Releases](https://github.com/eclipse/steady/releases) 7 | PACKAGE_REPO= 8 | PROXY_HOST=none 9 | CUSTOM_PROXY_HOST=custom_proxy 10 | -------------------------------------------------------------------------------- /docs/public/content/admin/img/components.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/admin/img/components.png -------------------------------------------------------------------------------- /docs/public/content/admin/index.md: -------------------------------------------------------------------------------- 1 | # DevOps 2 | 3 | @@PROJECT_NAME@@ is meant to run within the **internal** network of software development organizations, and this tutorial is meant to facilitate the operation of @@PROJECT_NAME@@ using **local** Docker repositories. 4 | 5 | **Important**: Because @@PROJECT_NAME@@ does not currently implement authorization functionality, it is not advised to expose an instance of @@PROJECT_NAME@@ to the public Internet. 6 | 7 | - [Deploy on Docker](./tutorials/docker/) 8 | - [Build JAVA archives and local Docker images](./tutorials/build/) 9 | - [Push Docker images to a registry](./tutorials/registry/) 10 | -------------------------------------------------------------------------------- /docs/public/content/admin/manuals/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/admin/manuals/index.md -------------------------------------------------------------------------------- /docs/public/content/admin/support/faq.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/admin/support/faq.md -------------------------------------------------------------------------------- /docs/public/content/admin/support/getting_help.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/admin/support/getting_help.md -------------------------------------------------------------------------------- /docs/public/content/blog/2018/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/blog/2018/index.md -------------------------------------------------------------------------------- /docs/public/content/contributor/manuals/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/contributor/manuals/index.md -------------------------------------------------------------------------------- /docs/public/content/contributor/manuals/languages.md: -------------------------------------------------------------------------------- 1 | # ANTLR grammar 2 | 3 | @@PROJECT_NAME@@ uses ANTLR to parse Java and Python source code. 4 | 5 | Grammars are downloaded from https://github.com/antlr/grammars-v4 and put into directory `src/main/antlr4` (in subdirectories matching the target Java package namespace of the generated parsers, e.g., `org/eclipse/steady/java/antlr` for Java). 6 | 7 | The actual Java classes are generated by the ANTLR plugin `org.antlr:antlr4-maven-plugin`. 8 | 9 | ## Python 10 | 11 | Grammars https://github.com/antlr/grammars-v4/tree/master/... and https://github.com/antlr/grammars-v4/tree/master/python3 are put into the modules `lang-python`, folder `src/main/antlr4/org/eclipse/steady/python/antlr/python3` and `python355`. 12 | 13 | The default parser has been generated from the Python 3.3.5 grammar, including for Python 2 source code. 14 | 15 | Which parser is taken at runtime depends on the presence of language features specific to Python 2 (e.g., `raw_input`) and Python 3.5 (e.g., `async`), see Java class `PythonFileAnalyzer` in module `lang-python`. 16 | -------------------------------------------------------------------------------- /docs/public/content/contributor/support/faq.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/contributor/support/faq.md -------------------------------------------------------------------------------- /docs/public/content/contributor/support/getting_help.md: -------------------------------------------------------------------------------- 1 | # Getting help -------------------------------------------------------------------------------- /docs/public/content/contributor/tutorials/img/vulas-mvn-modules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/contributor/tutorials/img/vulas-mvn-modules.png -------------------------------------------------------------------------------- /docs/public/content/css/scrollTop.css: -------------------------------------------------------------------------------- 1 | .custom-scroll-top { 2 | display: none 3 | } 4 | 5 | @media only screen and (min-width: 60em) { 6 | .custom-scroll-top { 7 | display: block; 8 | position: fixed; 9 | float: right; 10 | bottom: 100px; 11 | right: 255px; 12 | max-width: 30px; 13 | width: 100%; 14 | height: 30px; 15 | cursor: pointer; 16 | font-size: 12px; 17 | text-align: center; 18 | line-height: 30px; 19 | border-color: rgba(85, 85, 85, 0.2); 20 | background-color: rgb(131, 131, 131); 21 | padding: .5px; 22 | border-radius: 9px; 23 | color: rgba(0, 0, 0, 0.87); 24 | background-color: rgba(187,239,253,0.3); 25 | } 26 | 27 | .custom-scroll-top:before { 28 | color: #8b8b8b; 29 | content: "\e5d8"; 30 | } 31 | 32 | .custom-scroll-top:hover { 33 | background-color: rgba(187,239,253,0.5); 34 | } 35 | } 36 | 37 | @media only screen and (min-width: 76.25em) { 38 | .custom-scroll-top { 39 | right: 259px; 40 | } 41 | } -------------------------------------------------------------------------------- /docs/public/content/images/ES-favicon-48-transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/images/ES-favicon-48-transparent.png -------------------------------------------------------------------------------- /docs/public/content/images/ES-logo-152-black-normal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/images/ES-logo-152-black-normal.png -------------------------------------------------------------------------------- /docs/public/content/images/ES-logo-152-transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/images/ES-logo-152-transparent.png -------------------------------------------------------------------------------- /docs/public/content/images/ES-logo-152-white-normal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/images/ES-logo-152-white-normal.png -------------------------------------------------------------------------------- /docs/public/content/images/Es-favicon-32-transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/images/Es-favicon-32-transparent.png -------------------------------------------------------------------------------- /docs/public/content/images/components-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/images/components-2.png -------------------------------------------------------------------------------- /docs/public/content/images/eclipse-incubation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/images/eclipse-incubation.png -------------------------------------------------------------------------------- /docs/public/content/images/helm_architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/images/helm_architecture.png -------------------------------------------------------------------------------- /docs/public/content/images/helm_database_change.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/images/helm_database_change.png -------------------------------------------------------------------------------- /docs/public/content/images/helm_db_benchmark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/images/helm_db_benchmark.png -------------------------------------------------------------------------------- /docs/public/content/images/helm_postgres.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/images/helm_postgres.png -------------------------------------------------------------------------------- /docs/public/content/index.md: -------------------------------------------------------------------------------- 1 | 4 | 5 | # @@PROJECT_NAME@@ 6 | 7 | **General** 8 | 9 | * [What is @@PROJECT_NAME@@?](about/) 10 | 11 | **Users** 12 | 13 | * [Quickstart](user/tutorials/) 14 | * [Frequently Asked Questions/Troubleshooting](user/support/faq/) 15 | * [User Manual](user/manuals/) 16 | * [Get support](user/support/) 17 | 18 | **Admins** 19 | 20 | * [Operating your own @@PROJECT_NAME@@ servers](admin/tutorials/docker/) 21 | 22 | **Vulnerabilities** 23 | 24 | * [Learn about @@PROJECT_NAME@@'s vulnerability database](vuln_db/) 25 | -------------------------------------------------------------------------------- /docs/public/content/js/scrollTop.js: -------------------------------------------------------------------------------- 1 | var docEl = document.documentElement 2 | var scrollTopEl = document.getElementsByClassName('custom-scroll-top')[0] 3 | 4 | function scrollTop() { 5 | document.body.scrollTop = document.documentElement.scrollTop = 0 6 | } 7 | 8 | scrollTopEl.onclick = function () { 9 | scrollTop() 10 | } 11 | 12 | window.onscroll = function() { 13 | var sTop = (this.pageYOffset || docEl.scrollTop) - (docEl.clientTop || 0) 14 | if ( sTop < 100 ) { 15 | scrollTopEl.classList.add('hidden') 16 | } else { 17 | scrollTopEl.classList.remove('hidden') 18 | } 19 | }; -------------------------------------------------------------------------------- /docs/public/content/user/index.md: -------------------------------------------------------------------------------- 1 | # User Guide 2 | 3 | __Step by step tutorials__ 4 | 5 | : Here you can find detailed, hands-on guidance on how to setup and use @@PROJECT_NAME@@, starting 6 | from your very first scan, through the use of the advanced features (such as reachability analysis and mitigation support/. 7 | We also have tutorials dedicated to automating @@PROJECT_NAME@@ scans with Jenkins or other continuous integration systems, 8 | and more are coming. 9 | 10 | : [Go to the Tutorials page](./tutorials/) 11 | 12 | __User Manual__ 13 | 14 | : The manual contains a comprehensive description of all aspects of @@PROJECT_NAME@@ from the perspective of users. If you followed the tutorials and still have questions on some specific topic, this is where you will most likely find your answers. 15 | 16 | : [Go to the User Manual](./manuals/) 17 | 18 | __Getting Help__ 19 | 20 | : If the tutorials and the manual could not help you with a specific problem you are facing, the support pages are what you should check out next. 21 | 22 | : [Go to the User Support page](./support/) 23 | -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/dep-tree.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/dep-tree.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/frontend_callers_to_be_modified.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/frontend_callers_to_be_modified.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/frontend_dependencies_details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/frontend_dependencies_details.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/frontend_dependencies_details_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/frontend_dependencies_details_2.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/frontend_dependencies_overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/frontend_dependencies_overview.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/frontend_history_details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/frontend_history_details.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/frontend_history_overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/frontend_history_overview.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/frontend_mitigation_overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/frontend_mitigation_overview.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/frontend_search.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/frontend_search.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/frontend_start_page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/frontend_start_page.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/frontend_statistics.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/frontend_statistics.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/frontend_vulnerabilities.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/frontend_vulnerabilities.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/frontend_vulnerabilities_details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/frontend_vulnerabilities_details.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/frontend_vulnerabilities_graph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/frontend_vulnerabilities_graph.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/manual_assessment.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/manual_assessment.jpg -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/report_core.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/report_core.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/report_header.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/report_header.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/trace_alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/trace_alert.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/trace_ok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/trace_ok.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/transparent.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/version_alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/version_alert.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/version_ok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/version_ok.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/img/version_qmark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/manuals/img/version_qmark.png -------------------------------------------------------------------------------- /docs/public/content/user/manuals/index.md: -------------------------------------------------------------------------------- 1 | # User Manual 2 | 3 | ## Configuration 4 | 5 | This section of the manual explains in detail how to setup @@PROJECT_NAME@@ and how to configure it. 6 | 7 | ## Analysis 8 | 9 | This section covers all the commands (a.k.a, *goals*) offered by @@PROJECT_NAME@@, including those related to the analysis (`app`, `a2c`, `t2c`, `instr`, `test`) and the data management and reporting (`upload`, `report`, `clean`, `cleanspace`) 10 | 11 | ## Frontend 12 | 13 | Here you will find a detailed description (including annotated screenshots) of all the functionality exposed by the different 14 | views of the @@PROJECT_NAME@@ web frontend. 15 | 16 | ## Report 17 | 18 | *Coming soon!* 19 | 20 | ## Impact Assessment and Mitigation 21 | 22 | This section explains in detail how to assess the findings of @@PROJECT_NAME@@ and how to proceed to mitigate them. 23 | 24 | ## Library Assessment 25 | 26 | This section documents the process to determine whether a given artifact contains the vulnerable or the fixed version of a construct that is known to be related to some vulnerability. 27 | -------------------------------------------------------------------------------- /docs/public/content/user/support/img/vulas_report_jenkins.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/support/img/vulas_report_jenkins.png -------------------------------------------------------------------------------- /docs/public/content/user/support/img/vuln_rebundles.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/support/img/vuln_rebundles.jpg -------------------------------------------------------------------------------- /docs/public/content/user/support/img/vuln_references.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/support/img/vuln_references.jpg -------------------------------------------------------------------------------- /docs/public/content/user/tutorials/img/frontend_low_left.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/tutorials/img/frontend_low_left.jpg -------------------------------------------------------------------------------- /docs/public/content/user/tutorials/img/frontend_toolbar_choose_workspace.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/tutorials/img/frontend_toolbar_choose_workspace.png -------------------------------------------------------------------------------- /docs/public/content/user/tutorials/img/frontend_toolbar_create_workspace.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/tutorials/img/frontend_toolbar_create_workspace.png -------------------------------------------------------------------------------- /docs/public/content/user/tutorials/img/jenkins.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/tutorials/img/jenkins.jpg -------------------------------------------------------------------------------- /docs/public/content/user/tutorials/img/vulas_report_jenkins.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/docs/public/content/user/tutorials/img/vulas_report_jenkins.jpg -------------------------------------------------------------------------------- /docs/public/content/user/tutorials/partials/create_workspace.md: -------------------------------------------------------------------------------- 1 | !!! info "Workspace creation" 2 | If you do not have a workspace yet, you can easily create one by going on the application frontend and clicking on 3 | the third button in the lower left corner: 4 | 5 |
![Setup workspace button](../../tutorials/img/frontend_toolbar_create_workspace.png)
6 | 7 | For a detailed description of workspaces and of the inputs you have to provide in the form that is displayed when you click that button, 8 | please see [this section of the manual](../../manuals/setup/#workspace). 9 | -------------------------------------------------------------------------------- /docs/public/content/user/tutorials/reports.md: -------------------------------------------------------------------------------- 1 | # Reports comprehension 2 | 3 | !!! info "Coming soon" 4 | This is being written, please come back later. 5 | -------------------------------------------------------------------------------- /docs/public/content/user/tutorials/workspace_howto_advanced.md: -------------------------------------------------------------------------------- 1 | # Workspaces 2 | 3 | If an application has been already released to customers and, at the same time, new releases are under development, you may want to setup workspaces as follows: 4 | 5 | * One workspace for the development branch, to prevent that vulnerable dependencies are introduced at development time 6 | * One workspace for every release branch, to monitor whether there are new vulnerabilities for dependencies of production releases 7 | -------------------------------------------------------------------------------- /docs/requirements.txt: -------------------------------------------------------------------------------- 1 | mkdocs==1.2.3 2 | pymdown-extensions==6.1 3 | mkdocs-material==4.4.3 4 | markdown-include==0.5.1 5 | GitPython 6 | fire 7 | pathlib 8 | -------------------------------------------------------------------------------- /findbugs-exclude.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /findbugs-include.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /frontend-apps/src/main/Version.js: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | jQuery.sap.declare("model.Version"); 20 | 21 | // Placeholders replaced during Maven build 22 | model.Version = { 23 | version:"$version$", 24 | buildTimestamp:"$buildTimestamp$", 25 | buildNumber:"$buildNumber$", 26 | buildBranch:"$buildScmBranch$" 27 | }; 28 | -------------------------------------------------------------------------------- /frontend-apps/src/main/exempted.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/exempted.png -------------------------------------------------------------------------------- /frontend-apps/src/main/icons.xcf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/icons.xcf -------------------------------------------------------------------------------- /frontend-apps/src/main/legend.xcf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/legend.xcf -------------------------------------------------------------------------------- /frontend-apps/src/main/loading.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/loading.png -------------------------------------------------------------------------------- /frontend-apps/src/main/reach_legend.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/reach_legend.png -------------------------------------------------------------------------------- /frontend-apps/src/main/trace_alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/trace_alert.png -------------------------------------------------------------------------------- /frontend-apps/src/main/trace_legend.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/trace_legend.png -------------------------------------------------------------------------------- /frontend-apps/src/main/trace_ok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/trace_ok.png -------------------------------------------------------------------------------- /frontend-apps/src/main/transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/transparent.png -------------------------------------------------------------------------------- /frontend-apps/src/main/version_alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/version_alert.png -------------------------------------------------------------------------------- /frontend-apps/src/main/version_legend.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/version_legend.png -------------------------------------------------------------------------------- /frontend-apps/src/main/version_ok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/version_ok.png -------------------------------------------------------------------------------- /frontend-apps/src/main/version_qmark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/version_qmark.png -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/.xsaccess: -------------------------------------------------------------------------------- 1 | { 2 | "exposed": true, 3 | "authentication": [{"method":"Basic"}], 4 | "cors" : { 5 | "enabled" : true 6 | } 7 | } -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/.xsapp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/.xsapp -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/img/exempted.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/img/exempted.png -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/img/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/img/icon.png -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/img/loading.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/img/loading.png -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/img/reach_legend.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/img/reach_legend.png -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/img/touch_point.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/img/touch_point.gif -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/img/trace_alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/img/trace_alert.png -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/img/trace_legend.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/img/trace_legend.png -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/img/trace_ok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/img/trace_ok.png -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/img/transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/img/transparent.png -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/img/version_alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/img/version_alert.png -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/img/version_legend.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/img/version_legend.png -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/img/version_ok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/img/version_ok.png -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/img/version_qmark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-apps/src/main/webapp/img/version_qmark.png -------------------------------------------------------------------------------- /frontend-apps/src/main/webapp/view/App.controller.js: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | // This is the top level controller which manages the page navigation and history handling. 20 | sap.ui.controller("vulasfrontend.view.App", { 21 | 22 | }); 23 | -------------------------------------------------------------------------------- /frontend-bugs/src/main/webapp/.xsaccess: -------------------------------------------------------------------------------- 1 | { 2 | "exposed": true, 3 | "authentication": [{"method":"Basic"}], 4 | "cors" : { 5 | "enabled" : true 6 | } 7 | } -------------------------------------------------------------------------------- /frontend-bugs/src/main/webapp/.xsapp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-bugs/src/main/webapp/.xsapp -------------------------------------------------------------------------------- /frontend-bugs/src/main/webapp/img/alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-bugs/src/main/webapp/img/alert.png -------------------------------------------------------------------------------- /frontend-bugs/src/main/webapp/img/att1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-bugs/src/main/webapp/img/att1.png -------------------------------------------------------------------------------- /frontend-bugs/src/main/webapp/img/att2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-bugs/src/main/webapp/img/att2.png -------------------------------------------------------------------------------- /frontend-bugs/src/main/webapp/img/att3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-bugs/src/main/webapp/img/att3.png -------------------------------------------------------------------------------- /frontend-bugs/src/main/webapp/img/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-bugs/src/main/webapp/img/icon.png -------------------------------------------------------------------------------- /frontend-bugs/src/main/webapp/img/linkimage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-bugs/src/main/webapp/img/linkimage.png -------------------------------------------------------------------------------- /frontend-bugs/src/main/webapp/img/maven.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-bugs/src/main/webapp/img/maven.png -------------------------------------------------------------------------------- /frontend-bugs/src/main/webapp/img/notmaven.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-bugs/src/main/webapp/img/notmaven.png -------------------------------------------------------------------------------- /frontend-bugs/src/main/webapp/img/ok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-bugs/src/main/webapp/img/ok.png -------------------------------------------------------------------------------- /frontend-bugs/src/main/webapp/img/q.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/frontend-bugs/src/main/webapp/img/q.png -------------------------------------------------------------------------------- /frontend-bugs/src/main/webapp/view/App.controller.js: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | // This is the top level controller which manages the page navigation and history handling. 20 | sap.ui.controller("vulasbugfrontend.view.App", { 21 | }); 22 | -------------------------------------------------------------------------------- /kb-importer/src/main/java/org/eclipse/steady/kb/task/Task.java: -------------------------------------------------------------------------------- 1 | package org.eclipse.steady.kb.task; 2 | 3 | import java.util.HashMap; 4 | import org.eclipse.steady.backend.BackendConnector; 5 | import org.eclipse.steady.kb.command.Command; 6 | import org.eclipse.steady.kb.model.Vulnerability; 7 | 8 | /** 9 | * Execute Command tasks 10 | */ 11 | public interface Task { 12 | /** 13 | * command name the task belongs to 14 | * 15 | * @return name of command 16 | */ 17 | Command.NAME getCommandName(); 18 | 19 | /** 20 | * Task Executor 21 | * 22 | * @param vuln a {@link org.eclipse.steady.kb.model.Vulnerability} object 23 | * @param args a {@link java.util.HashMap} object 24 | * @param backendConnector a {@link org.eclipse.steady.backend.BackendConnector} object 25 | * @throws java.lang.Exception if any. 26 | */ 27 | void execute(Vulnerability vuln, HashMap args, BackendConnector backendConnector) 28 | throws Exception; 29 | } 30 | -------------------------------------------------------------------------------- /kb-importer/src/main/resources/META-INF/services/org.eclipse.steady.kb.command.Command: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.kb.command.Import 2 | org.eclipse.steady.kb.command.Help 3 | org.eclipse.steady.kb.command.Version -------------------------------------------------------------------------------- /kb-importer/src/main/resources/META-INF/services/org.eclipse.steady.kb.task.Task: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.kb.task.ImportVulnerability 2 | org.eclipse.steady.kb.task.ImportAffectedLibraries -------------------------------------------------------------------------------- /kb-importer/src/test/resources/COLLECTIONS-580.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/kb-importer/src/test/resources/COLLECTIONS-580.zip -------------------------------------------------------------------------------- /kb-importer/src/test/resources/CVE-2014-0094.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/kb-importer/src/test/resources/CVE-2014-0094.zip -------------------------------------------------------------------------------- /kb-importer/src/test/resources/CVE-2016-2048.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/kb-importer/src/test/resources/CVE-2016-2048.zip -------------------------------------------------------------------------------- /kb-importer/src/test/resources/CVE-2017-2617.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/kb-importer/src/test/resources/CVE-2017-2617.zip -------------------------------------------------------------------------------- /kb-importer/src/test/resources/commitDir1/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "branch": "master", 3 | "commit_id": "b2b8f4adc557e4ef1ee2fe5e0ab46866c06ec55b", 4 | "timestamp": "1447974481000", 5 | "repository": "https://github.com/apache/commons-collections" 6 | } -------------------------------------------------------------------------------- /kb-importer/src/test/resources/testRootDir3/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "vulnerability_id": "COLLECTIONS-580" 3 | } -------------------------------------------------------------------------------- /kb-importer/src/test/resources/testRootDir5/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "vulnerability_id": "CVE-2018-1258", 3 | "aliases": [], 4 | "affected_artifacts": [ 5 | { 6 | "id": "pkg:maven://org.springframework.security/spring-security-config@5.1.1.RELEASE", 7 | "reason": "Manual review(frontend)", 8 | "affected": false 9 | } 10 | ], 11 | "notes": [ 12 | { 13 | "links": [ 14 | "https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-31651", 15 | "https://spring.io/blog/2018/05/09/spring-project-vulnerability-reports-published" 16 | ], 17 | "text": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted." 18 | } 19 | ] 20 | } -------------------------------------------------------------------------------- /lang-java-reach-soot/src/main/resources/META-INF/services/org.eclipse.steady.cg.spi.ICallgraphConstructor: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.cg.soot.SootCallgraphConstructor -------------------------------------------------------------------------------- /lang-java-reach-soot/src/test/resources/empty.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java-reach-soot/src/test/resources/empty.jar -------------------------------------------------------------------------------- /lang-java-reach-soot/src/test/resources/examples.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java-reach-soot/src/test/resources/examples.jar -------------------------------------------------------------------------------- /lang-java-reach-wala/src/main/resources/META-INF/services/org.eclipse.steady.cg.spi.ICallgraphConstructor: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.cg.wala.WalaCallgraphConstructor -------------------------------------------------------------------------------- /lang-java-reach-wala/src/test/resources/empty.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java-reach-wala/src/test/resources/empty.jar -------------------------------------------------------------------------------- /lang-java-reach-wala/src/test/resources/examples.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java-reach-wala/src/test/resources/examples.jar -------------------------------------------------------------------------------- /lang-java-reach-wala/src/test/resources/examplesJdk17.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java-reach-wala/src/test/resources/examplesJdk17.jar -------------------------------------------------------------------------------- /lang-java-reach/src/test/resources/dummy-service.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java-reach/src/test/resources/dummy-service.jar -------------------------------------------------------------------------------- /lang-java/src/main/java/org/eclipse/steady/java/sign/gson/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | /** 20 | * 21 | */ 22 | /** 23 | * 24 | */ 25 | package org.eclipse.steady.java.sign.gson; 26 | -------------------------------------------------------------------------------- /lang-java/src/main/java/org/eclipse/steady/java/sign/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | /** 20 | * 21 | */ 22 | package org.eclipse.steady.java.sign; 23 | -------------------------------------------------------------------------------- /lang-java/src/main/java/org/eclipse/steady/java/tasks/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | /** 20 | * 21 | */ 22 | /** 23 | * 24 | */ 25 | package org.eclipse.steady.java.tasks; 26 | -------------------------------------------------------------------------------- /lang-java/src/main/resources/META-INF/services/org.eclipse.steady.FileAnalyzer: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.java.JarAnalyzer 2 | org.eclipse.steady.java.AarAnalyzer 3 | org.eclipse.steady.java.WarAnalyzer 4 | org.eclipse.steady.java.SpringBootAnalyzer 5 | org.eclipse.steady.java.ClassFileAnalyzer 6 | org.eclipse.steady.java.JavaFileAnalyzer2 -------------------------------------------------------------------------------- /lang-java/src/main/resources/META-INF/services/org.eclipse.steady.sign.SignatureFactory: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.java.sign.JavaSignatureFactory -------------------------------------------------------------------------------- /lang-java/src/main/resources/META-INF/services/org.eclipse.steady.tasks.BomTask: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.java.tasks.JavaBomTask -------------------------------------------------------------------------------- /lang-java/src/test/java/ClassWithoutPackage.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | import org.eclipse.steady.java.JavaFileAnalyzer2; 20 | 21 | /** 22 | * Test class for {@link JavaFileAnalyzer2}. 23 | */ 24 | public class ClassWithoutPackage { 25 | public ClassWithoutPackage() {} 26 | 27 | public void foo() {} 28 | } 29 | -------------------------------------------------------------------------------- /lang-java/src/test/java/org/eclipse/steady/java/test/EnumTest.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | package org.eclipse.steady.java.test; 20 | 21 | public enum EnumTest {} 22 | -------------------------------------------------------------------------------- /lang-java/src/test/java/org/eclipse/steady/java/test/OuterClass.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | package org.eclipse.steady.java.test; 20 | 21 | public class OuterClass { 22 | class InnerClass {} 23 | } 24 | -------------------------------------------------------------------------------- /lang-java/src/test/java/org/eclipse/steady/java/test/TestClass$NoNestedClass.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | package org.eclipse.steady.java.test; 20 | 21 | public class TestClass$NoNestedClass {} 22 | -------------------------------------------------------------------------------- /lang-java/src/test/java/org/eclipse/steady/java/test/TestInterface.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | package org.eclipse.steady.java.test; 20 | 21 | public interface TestInterface {} 22 | -------------------------------------------------------------------------------- /lang-java/src/test/resources/AbstractVerifier.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/AbstractVerifier.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/ArchivePrinter$InnerNonStaticClass.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/ArchivePrinter$InnerNonStaticClass.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/ArchivePrinter.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/ArchivePrinter.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/Callgraph.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/Callgraph.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/DumpArchiveEntry.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/DumpArchiveEntry.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/FileUploadBase$InvalidContentTypeException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/FileUploadBase$InvalidContentTypeException.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/FileUploadBase$InvalidContentTypeException.java: -------------------------------------------------------------------------------- 1 | package org.apache.commons.fileupload; 2 | 3 | public static class InvalidContentTypeException extends FileUploadException 4 | { 5 | private static final long serialVersionUID = -9073026332015646668L; 6 | 7 | public InvalidContentTypeException() { 8 | super(); 9 | } 10 | 11 | public InvalidContentTypeException(final String message) { 12 | super(message); 13 | } 14 | 15 | public InvalidContentTypeException(final String msg, final Throwable cause) { 16 | super(msg, cause); 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /lang-java/src/test/resources/FileUploadBase.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/FileUploadBase.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/MultipartStream.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/MultipartStream.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/OuterClass$InnerClass.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/OuterClass$InnerClass.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/OuterClass.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/OuterClass.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/ShortFileException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/ShortFileException.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/TarUtils.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/TarUtils.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/boot-app.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/boot-app.jar -------------------------------------------------------------------------------- /lang-java/src/test/resources/classpath/BasicClass.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/classpath/BasicClass.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/classpath/OuterClass$InnerClass.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/classpath/OuterClass$InnerClass.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/classpath/OuterClass.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/classpath/OuterClass.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/classpath/StaticBlock.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/classpath/StaticBlock.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/classpath/StaticFields.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/classpath/StaticFields.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/classpath/StaticFinal.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/classpath/StaticFinal.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/classpath/StaticMethod.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/classpath/StaticMethod.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/com/sap/psr/vulas/java/test/OuterClass$InnerClass.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/com/sap/psr/vulas/java/test/OuterClass$InnerClass.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/com/sap/psr/vulas/java/test/OuterClass.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/com/sap/psr/vulas/java/test/OuterClass.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/commons-compress-1.10.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/commons-compress-1.10.jar -------------------------------------------------------------------------------- /lang-java/src/test/resources/commons-fileupload-1.3.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/commons-fileupload-1.3.1.jar -------------------------------------------------------------------------------- /lang-java/src/test/resources/cucumber-android-4.3.0.aar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/cucumber-android-4.3.0.aar -------------------------------------------------------------------------------- /lang-java/src/test/resources/diverse.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/diverse.jar -------------------------------------------------------------------------------- /lang-java/src/test/resources/examples.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/examples.jar -------------------------------------------------------------------------------- /lang-java/src/test/resources/examples.war: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/examples.war -------------------------------------------------------------------------------- /lang-java/src/test/resources/junit-4.12.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/junit-4.12.jar -------------------------------------------------------------------------------- /lang-java/src/test/resources/log4j-core-2.14.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/log4j-core-2.14.0.jar -------------------------------------------------------------------------------- /lang-java/src/test/resources/logback-android-1.1.1-11.aar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/logback-android-1.1.1-11.aar -------------------------------------------------------------------------------- /lang-java/src/test/resources/methodBody/AbstractCommonHostnameVerifier.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/methodBody/AbstractCommonHostnameVerifier.java -------------------------------------------------------------------------------- /lang-java/src/test/resources/methodBody/AbstractVerifier.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/methodBody/AbstractVerifier.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/methodBody/BZip2CompressorOutputStream.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/methodBody/BZip2CompressorOutputStream.class -------------------------------------------------------------------------------- /lang-java/src/test/resources/methodBody/C_MultipartStream_F: -------------------------------------------------------------------------------- 1 | public MultipartStream(InputStream input, 2 | byte [] boundary, 3 | int bufSize, 4 | ProgressNotifier pNotifier) { 5 | this.input = input; 6 | this.bufSize = bufSize; 7 | this.buffer = new byte[bufSize]; 8 | this.notifier = pNotifier; 9 | 10 | 11 | this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length; 12 | if (bufSize < this.boundaryLength + 1) { 13 | throw new IllegalArgumentException( 14 | "The buffer size specified for the MultipartStream is too small"); 15 | } 16 | this.boundary = new byte[this.boundaryLength]; 17 | this.keepRegion = this.boundary.length; 18 | 19 | System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0, 20 | BOUNDARY_PREFIX.length); 21 | System.arraycopy(boundary, 0, this.boundary, BOUNDARY_PREFIX.length, 22 | boundary.length); 23 | 24 | head = 0; 25 | tail = 0; 26 | } 27 | -------------------------------------------------------------------------------- /lang-java/src/test/resources/methodBody/C_MultipartStream_V: -------------------------------------------------------------------------------- 1 | 2 | public MultipartStream(InputStream input, 3 | byte[] boundary, 4 | int bufSize, 5 | ProgressNotifier pNotifier) { 6 | this.input = input; 7 | this.bufSize = bufSize; 8 | this.buffer = new byte[bufSize]; 9 | this.notifier = pNotifier; 10 | 11 | 12 | this.boundary = new byte[boundary.length + BOUNDARY_PREFIX.length]; 13 | this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length; 14 | this.keepRegion = this.boundary.length; 15 | System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0, 16 | BOUNDARY_PREFIX.length); 17 | System.arraycopy(boundary, 0, this.boundary, BOUNDARY_PREFIX.length, 18 | boundary.length); 19 | 20 | head = 0; 21 | tail = 0; 22 | } 23 | -------------------------------------------------------------------------------- /lang-java/src/test/resources/methodBody/M_getCNs_F: -------------------------------------------------------------------------------- 1 | 2 | 3 | public static String[] getCNs(final X509Certificate cert) { 4 | final String subjectPrincipal = cert.getSubjectX500Principal().toString(); 5 | try { 6 | return extractCNs(subjectPrincipal); 7 | } catch (SSLException ex) { 8 | return null; 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /lang-java/src/test/resources/methodBody/M_getCNs_V: -------------------------------------------------------------------------------- 1 | 2 | public static String[] getCNs(final X509Certificatecert) { 3 | 4 | final LinkedList cnList = new LinkedList(); 5 | final String subjectPrincipal = cert.getSubjectX500Principal().toString(); 6 | final StringTokenizer st = new StringTokenizer(subjectPrincipal, ",+"); 7 | 8 | while(st.hasMoreTokens()) { 9 | final String tok = st.nextToken().trim(); 10 | if (tok.length() > 3) { 11 | if (tok.substring(0, 3).equalsIgnoreCase("CN=")) { 12 | cnList.add(tok.substring(3)); 13 | } 14 | } 15 | } 16 | if(!cnList.isEmpty()) { 17 | finalString[]cns= new String[cnList.size()]; 18 | cnList.toArray(cns); 19 | returncns; 20 | } else { 21 | return null; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /lang-java/src/test/resources/methodBody/Test.java: -------------------------------------------------------------------------------- 1 | package com.sap.psr.test.nested; 2 | 3 | /** 4 | * Test class for generating AST of constructs inside a Nested class 5 | */ 6 | public class Test { 7 | 8 | public class NestedTestClass{ 9 | 10 | public NestedTestClass(){ 11 | int a = 0 ; 12 | int b = 1; 13 | } 14 | 15 | public void test(){ 16 | int a = 2; 17 | int b = 3; 18 | 19 | while(true) 20 | { 21 | int a = 2; 22 | } 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /lang-java/src/test/resources/methodBody/deserialize/signatureUnknown.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/methodBody/deserialize/signatureUnknown.json -------------------------------------------------------------------------------- /lang-java/src/test/resources/org.apache.servicemix.bundles.jaxb-xjc-2.2.4_1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/org.apache.servicemix.bundles.jaxb-xjc-2.2.4_1.jar -------------------------------------------------------------------------------- /lang-java/src/test/resources/org.eclipse.equinox.cm_1.0.400.v20120319-2029.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/org.eclipse.equinox.cm_1.0.400.v20120319-2029.jar -------------------------------------------------------------------------------- /lang-java/src/test/resources/poi-ooxml-schemas-3.11-beta1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/poi-ooxml-schemas-3.11-beta1.jar -------------------------------------------------------------------------------- /lang-java/src/test/resources/small.war: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-java/src/test/resources/small.war -------------------------------------------------------------------------------- /lang-java/src/test/resources/vulndepJsonExpected.json: -------------------------------------------------------------------------------- 1 | { 2 | "dep": { 3 | "lib": { 4 | "sha1": "C621B54583719AC0310404463D6D99DB27E1052C", 5 | "createdAt": "2016-06-30T15:05:55.750+0000", 6 | "libraryId": { 7 | "artifact": "commons-fileupload", 8 | "version": "1.3.1", 9 | "group": "commons-fileupload" 10 | }, 11 | "wellknownSha1": true 12 | }, 13 | "declared": true, 14 | "traced": false, 15 | "scope": "COMPILE", 16 | "transitive": false, 17 | "filename": "commons-fileupload-1.3.1.jar", 18 | "tracedExecConstructsCounter": null, 19 | "reachableConstructTypeCounters": { 20 | "ENUM": 0, 21 | "INIT": 0, 22 | "CONS": 0, 23 | "METH": 0, 24 | "countExecutable": 0, 25 | "countTotal": 0, 26 | "CLASS": 0, 27 | "PACK": 0 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /lang-java/src/test/resources/ws_security_1438423/src/main/java/org/apache/cxf/ws/security/policy/interceptors/Messages.properties: -------------------------------------------------------------------------------- 1 | # 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # 20 | # 21 | HTTPS_NOT_ASSERTED: Token {0} was not asserted: {1} -------------------------------------------------------------------------------- /lang-java/src/test/resources/ws_security_1438423/src/main/java/org/apache/cxf/ws/security/policy/model/Messages.properties: -------------------------------------------------------------------------------- 1 | # 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # 20 | # 21 | INVALID_ALGORITHM=Invalid algorithm suite {} -------------------------------------------------------------------------------- /lang-java/src/test/resources/ws_security_1438424/src/main/java/org/apache/cxf/ws/security/policy/interceptors/Messages.properties: -------------------------------------------------------------------------------- 1 | # 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # 20 | # 21 | HTTPS_NOT_ASSERTED: Token {0} was not asserted: {1} -------------------------------------------------------------------------------- /lang-java/src/test/resources/ws_security_1438424/src/main/java/org/apache/cxf/ws/security/policy/model/Messages.properties: -------------------------------------------------------------------------------- 1 | # 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # 20 | # 21 | INVALID_ALGORITHM=Invalid algorithm suite {} -------------------------------------------------------------------------------- /lang-python/src/main/java/org/eclipse/steady/python/pip/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | /** 20 | * 21 | */ 22 | package org.eclipse.steady.python.pip; 23 | -------------------------------------------------------------------------------- /lang-python/src/main/java/org/eclipse/steady/python/tasks/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | /** 20 | * 21 | */ 22 | /** 23 | * 24 | */ 25 | package org.eclipse.steady.python.tasks; 26 | -------------------------------------------------------------------------------- /lang-python/src/main/java/org/eclipse/steady/python/virtualenv/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | /** 20 | * 21 | */ 22 | package org.eclipse.steady.python.virtualenv; 23 | -------------------------------------------------------------------------------- /lang-python/src/main/resources/META-INF/services/org.eclipse.steady.FileAnalyzer: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.python.PythonArchiveAnalyzer 2 | org.eclipse.steady.python.PythonFileAnalyzer -------------------------------------------------------------------------------- /lang-python/src/main/resources/META-INF/services/org.eclipse.steady.sign.SignatureFactory: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.python.sign.PythonSignatureFactory -------------------------------------------------------------------------------- /lang-python/src/main/resources/META-INF/services/org.eclipse.steady.tasks.BomTask: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.python.tasks.PythonBomTask -------------------------------------------------------------------------------- /lang-python/src/test/resources/async.py: -------------------------------------------------------------------------------- 1 | import asyncio 2 | 3 | 4 | # From https://docs.python.org/3/whatsnew/3.5.html#whatsnew-pep-492 5 | async def http_get(domain): 6 | reader, writer = await asyncio.open_connection(domain, 80) 7 | 8 | writer.write(b'\r\n'.join([ 9 | b'GET / HTTP/1.1', 10 | b'Host: %b' % domain.encode('latin-1'), 11 | b'Connection: close', 12 | b'', b'' 13 | ])) 14 | 15 | async for line in reader: 16 | print('>>>', line) 17 | 18 | writer.close() 19 | 20 | loop = asyncio.get_event_loop() 21 | try: 22 | loop.run_until_complete(http_get('example.com')) 23 | finally: 24 | loop.close() -------------------------------------------------------------------------------- /lang-python/src/test/resources/cf-helloworld/helloworld/app.py: -------------------------------------------------------------------------------- 1 | from flask import Flask 2 | 3 | app = Flask(__name__) 4 | 5 | @app.route('/') 6 | def hello_world(): 7 | return 'Hello, World!\n' 8 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/cf-helloworld/setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup, find_packages 2 | 3 | setup( 4 | name='cf-helloworld', 5 | version='1.0', 6 | description='CF Python Hello World', 7 | install_requires=[ 8 | 'flask>=0.11', 9 | 'gunicorn>=19.0'], 10 | packages=find_packages() 11 | ) 12 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/gevent-1.2.2-cp35-cp35m-win_amd64.whl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-python/src/test/resources/gevent-1.2.2-cp35-cp35m-win_amd64.whl -------------------------------------------------------------------------------- /lang-python/src/test/resources/gunicorn-19.7.1-py2.py3-none-any.whl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-python/src/test/resources/gunicorn-19.7.1-py2.py3-none-any.whl -------------------------------------------------------------------------------- /lang-python/src/test/resources/itsdangerous-0.24-monotonic-1.3.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-python/src/test/resources/itsdangerous-0.24-monotonic-1.3.tar.gz -------------------------------------------------------------------------------- /lang-python/src/test/resources/itsdangerous-0.24.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-python/src/test/resources/itsdangerous-0.24.tar.gz -------------------------------------------------------------------------------- /lang-python/src/test/resources/monotonic-1.3-py2.py3-none-any.whl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-python/src/test/resources/monotonic-1.3-py2.py3-none-any.whl -------------------------------------------------------------------------------- /lang-python/src/test/resources/pandas-0.22.0-cp36-cp36m-win_amd64.whl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-python/src/test/resources/pandas-0.22.0-cp36-cp36m-win_amd64.whl -------------------------------------------------------------------------------- /lang-python/src/test/resources/pip-list-new.json: -------------------------------------------------------------------------------- 1 | [{"name": "aniso8601", "version": "3.0.0", "installer": "foo", "location": "bar"}, {"name": "asn1crypto", "version": "0.24.0", "installer": "foo", "location": "bar"}] -------------------------------------------------------------------------------- /lang-python/src/test/resources/pip-list-old.json: -------------------------------------------------------------------------------- 1 | [{"name": "aniso8601", "version": "3.0.0"}, {"name": "asn1crypto", "version": "0.24.0"}] -------------------------------------------------------------------------------- /lang-python/src/test/resources/python2_syntax.py: -------------------------------------------------------------------------------- 1 | # Useless imports 2 | import os 3 | 4 | # Function raw_input does not exist in Python 3 5 | i = raw_input("Provide some input: ") 6 | 7 | # Print statement became a function in Python 3 8 | print "Provided input: " + i 9 | 10 | 11 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/setuptools_git-1.2-py3.6.egg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-python/src/test/resources/setuptools_git-1.2-py3.6.egg -------------------------------------------------------------------------------- /lang-python/src/test/resources/testapp/foo/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-python/src/test/resources/testapp/foo/__init__.py -------------------------------------------------------------------------------- /lang-python/src/test/resources/testapp/foo/func_hw.py: -------------------------------------------------------------------------------- 1 | print("before") 2 | 3 | def hello_world(arg): 4 | print('Hello world', arg) 5 | return 6 | 7 | print("after") 8 | 9 | def good_bye(arg): 10 | print('Good bye', arg) 11 | return 12 | 13 | good_bye("bar") 14 | 15 | if __name__ == '__main__': 16 | if len(sys.argv) > 1: 17 | dirname = sys.argv[1] 18 | else: 19 | dirname = '' 20 | for filename in listfiles(dirname): 21 | try: 22 | print(compose(filename)) 23 | except UnicodeEncodeError: 24 | print(repr(filename)[1:-1]) -------------------------------------------------------------------------------- /lang-python/src/test/resources/testapp/foo/hello_world.py: -------------------------------------------------------------------------------- 1 | print('Hello world') 2 | #print 'hello world' 3 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup, find_packages 2 | 3 | setup( 4 | name='TinyPy Interpreter', 5 | version='0.4', 6 | author='Max Malysh', 7 | author_email='iam@maxmalysh.com', 8 | description='Interpreter of a small Python subset I have made as a coursework. ', 9 | #long_description=open('README.md').read(), 10 | classifiers=[ 11 | "Development Status :: 3 - Alpha", 12 | 'Intended Audience :: Developers', 13 | 'Programming Language :: Python :: 3.5', 14 | ], 15 | install_requires = [ 'setuptools-git' ], 16 | include_package_data = True, 17 | packages=find_packages(), 18 | entry_points = { 19 | 'console_scripts' : [ 'tinypy = tinypy.tinypyapp:main'] 20 | }, 21 | test_suite = 'tinypy.run_tests.get_suite', 22 | 23 | ) 24 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/test_entryp.py: -------------------------------------------------------------------------------- 1 | # This script is needed for subprocess launched during tests; 2 | # this way subprocess will not use tinypy package from the site-packages directory 3 | from tinypy.tinypyapp import main 4 | if __name__ == '__main__': 5 | main() 6 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/AST/__init__.py: -------------------------------------------------------------------------------- 1 | from . import expr 2 | from . import stmt 3 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/AST/builder/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-python/src/test/resources/tiny_py_interpreter/tinypy/__init__.py -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/parser/Utils.py: -------------------------------------------------------------------------------- 1 | from tinypy.parser.TinyPyParser import TinyPyParser 2 | 3 | # 4 | # Converts Lisp-style s-expression string to python dictionary. 5 | # Pretty-printing this helps to get a more meaningful representation of a parse tree 6 | # 7 | def sExprToDict(string): 8 | sexp = [[]] 9 | word = '' 10 | in_str = False 11 | for c in string: 12 | if c == '(' and not in_str: 13 | sexp.append([]) 14 | elif c == ')' and not in_str: 15 | if(len(word) > 0): 16 | sexp[-1].append(word) 17 | word = '' 18 | temp = sexp.pop() 19 | sexp[-1].append(temp) 20 | elif c in (' ', '\n', '\t') and not in_str: 21 | sexp[-1].append(word) 22 | word = '' 23 | elif c == '\"': 24 | in_str = not in_str 25 | else: 26 | word = word + c 27 | return sexp[0] 28 | 29 | 30 | def nameFor(tokenType:int): 31 | if tokenType == -1: 32 | return 'EOF' 33 | return TinyPyParser.symbolicNames[tokenType] 34 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/parser/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'Max Malysh' 2 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/runtime/Errors.py: -------------------------------------------------------------------------------- 1 | 2 | 3 | class BaseRuntimeException(BaseException): 4 | def __init__(self, message): 5 | super().__init__(message) 6 | 7 | class MemoryError(BaseRuntimeException): 8 | pass 9 | 10 | class NameError(MemoryError): 11 | pass 12 | 13 | class TypeError(BaseRuntimeException): 14 | pass 15 | 16 | class ArithmeticError(BaseRuntimeException): 17 | pass 18 | 19 | class ZeroDivisionError(ArithmeticError): 20 | def __init__(self): 21 | super().__init__("division by zero") 22 | 23 | class SyntaxError(BaseRuntimeException): 24 | pass 25 | 26 | 27 | class AttributeError(BaseRuntimeException): 28 | pass 29 | 30 | 31 | class KeyError(BaseRuntimeException): 32 | pass 33 | 34 | 35 | class IndexError(BaseRuntimeException): 36 | pass 37 | 38 | 39 | class NotImplementedError(BaseRuntimeException): 40 | pass 41 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/runtime/__init__.py: -------------------------------------------------------------------------------- 1 | from . import Errors 2 | from . import Memory -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/shell/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'Max Malysh' 2 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/binarysearch.py: -------------------------------------------------------------------------------- 1 | def binary_search1(l, value): 2 | low = 0 3 | high = len(l)-1 4 | while low <= high: 5 | mid = int((low+high)/2) 6 | if l[mid] > value: high = mid-1 7 | elif l[mid] < value: low = mid+1 8 | else: return mid 9 | return -1 10 | 11 | a = [-31, 0, 1, 2, 4, 65, 83, 99, 782] 12 | 13 | print("False:") 14 | print(binary_search1(a, 1234)) 15 | print(binary_search1(a, -123)) 16 | print(binary_search1(a, -1)) 17 | print(binary_search1(a, 44)) 18 | 19 | print('True:') 20 | for x in a: 21 | print(binary_search1(a, x)) 22 | 23 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/ethiopian.py: -------------------------------------------------------------------------------- 1 | tutor = True 2 | 3 | def halve(x): 4 | return int(x / 2) 5 | 6 | def double(x): 7 | return x * 2 8 | 9 | def even(x): 10 | return not x % 2 11 | 12 | def ethiopian(multiplier, multiplicand): 13 | if tutor: 14 | print("Ethiopian multiplication of ", multiplier, "and", multiplicand) 15 | 16 | result = 0 17 | while multiplier >= 1: 18 | mtierString = "%4i" % multiplier 19 | mcandString = "%6i" % multiplicand 20 | 21 | if even(multiplier): 22 | if tutor: 23 | print(mtierString, mcandString, "STRUCK") 24 | else: 25 | if tutor: 26 | print(mtierString, mcandString, "KEPT") 27 | 28 | result += multiplicand 29 | multiplier = halve(multiplier) 30 | multiplicand = double(multiplicand) 31 | if tutor: 32 | print() 33 | return result 34 | 35 | print(ethiopian(17, 34)) -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/euler04.py: -------------------------------------------------------------------------------- 1 | def reverse(text): 2 | if len(text) <= 1: 3 | return text 4 | 5 | return reverse(text[1:]) + text[0] 6 | 7 | 8 | def is_palindrome(num): 9 | return str(num) == reverse(str(num)) 10 | 11 | 12 | x = 999 13 | y = 990 # largest 3-digit multiple of 11 14 | maximum = 0 15 | while x >= 100: 16 | while y >= 100: 17 | product = x*y 18 | if is_palindrome(product) and product > maximum: 19 | maximum = product 20 | y -= 11 # decrement by 11 instead of 1 21 | y = 990 22 | x -= 1 23 | 24 | print(maximum) # prints 906609 25 | 26 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/euler38.py: -------------------------------------------------------------------------------- 1 | def is_pandigital(num): 2 | num = str(num) 3 | if len(num) != 9: 4 | return False 5 | for digit in range(1, 10): 6 | if str(digit) not in num: 7 | return False 8 | return True 9 | 10 | maximum = 123456789 11 | best_num = 0 12 | 13 | # biggest starting number is 4 digits 14 | for i in range(1, 10000): 15 | collection_of_digits = '' 16 | seed = 0 17 | while len(collection_of_digits) < 10: 18 | seed += 1 19 | collection_of_digits += str(i * seed) 20 | if is_pandigital(collection_of_digits): 21 | if int(collection_of_digits) > maximum: 22 | maximum = int(collection_of_digits) 23 | best_num = i 24 | 25 | print(best_num, " : ", maximum) -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/factorial.py: -------------------------------------------------------------------------------- 1 | def factorial(n): 2 | if n == 0: 3 | return 1 4 | elif n < 0: 5 | return 0 6 | return n*factorial(n-1) 7 | 8 | for i in range(0, 10): 9 | print(i, "|", factorial(i)) -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/fibo1.py: -------------------------------------------------------------------------------- 1 | def fibMemo(): 2 | pad = {0:0, 1:1} 3 | def func(n): 4 | if n not in pad: 5 | pad[n] = func(n-1) + func(n-2) 6 | return pad[n] 7 | return func 8 | 9 | fm = fibMemo() 10 | for i in range(1,31): 11 | print(fm(i)) -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/fibo2.py: -------------------------------------------------------------------------------- 1 | def fibFastRec(n): 2 | def fib(prvprv, prv, c): 3 | if c < 1: return prvprv 4 | else: return fib(prv, prvprv + prv, c - 1) 5 | return fib(0, 1, n) 6 | 7 | for i in range(1,31): 8 | print(fibFastRec(i)) -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/fibo3.py: -------------------------------------------------------------------------------- 1 | 2 | def prevPowTwo(n): 3 | 'Gets the power of two that is less than or equal to the given input' 4 | if ((n & -n) == n): 5 | return n 6 | else: 7 | n -= 1 8 | n |= n >> 1 9 | n |= n >> 2 10 | n |= n >> 4 11 | n |= n >> 8 12 | n |= n >> 16 13 | n += 1 14 | return (n/2) 15 | 16 | def crazyFib(n): 17 | 'Crazy fast fibonacci number calculation' 18 | powTwo = prevPowTwo(n) 19 | 20 | q = 1; r = 1; i = 1 21 | s = 0 22 | 23 | while(i < powTwo): 24 | i *= 2 25 | qn = q*q + r*r 26 | rn = r * (q + s) 27 | sn = (r*r + s*s) 28 | q = qn; r = rn; s = sn 29 | 30 | while(i < n): 31 | i += 1 32 | qn = q+r; rn = q; sn = r 33 | q = qn; r = rn; s = sn 34 | 35 | return q 36 | 37 | for i in range(1,31): 38 | print(crazyFib(i)) -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/file.py: -------------------------------------------------------------------------------- 1 | # This file is launched automatically from the outer folder 2 | f = open('tinypy/tests/file.py') 3 | for line in f: 4 | print(line) 5 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/fizzbuzz.py: -------------------------------------------------------------------------------- 1 | num = 0 2 | while num < 101: 3 | msg = '' 4 | if num % 3 == 0: 5 | msg += 'Fizz' 6 | if num % 5 == 0: # no more elif 7 | msg += 'Buzz' 8 | if not msg: # check if msg is an empty string 9 | msg += str(num) 10 | print(msg) 11 | num += 1 12 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/fizzbuzz2.py: -------------------------------------------------------------------------------- 1 | count = 0 2 | while count < 101: 3 | if count % 5 == 0 and count % 3 == 0: 4 | print("FizzBuzz") 5 | elif count % 3 == 0: 6 | print("Fizz") 7 | elif count % 5 == 0: 8 | print("Buzz") 9 | else: 10 | print(count) 11 | 12 | count += 1 13 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/flow1.py: -------------------------------------------------------------------------------- 1 | a = 0 2 | 3 | while a < 5: 4 | a+=1 5 | print(a) 6 | if True: 7 | if True: 8 | if True: 9 | if True: 10 | if True: 11 | if a == 3: break 12 | while True: 13 | print("HI") 14 | break 15 | print("no") 16 | 17 | while True: 18 | while True: 19 | while True: 20 | print('hello') 21 | break 22 | break 23 | break 24 | 25 | # should be 26 | # 1 27 | # 2 28 | # 3 29 | # HI 30 | # hello -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/gcd.py: -------------------------------------------------------------------------------- 1 | #x = int(input("x = ")) 2 | #y = int(input("y = ")) 3 | 4 | x = 12 5 | y = 8 6 | 7 | while y != 0: 8 | hey = x 9 | x = y 10 | y = hey % y 11 | 12 | print("GCD is %d" % x) 13 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/logic.py: -------------------------------------------------------------------------------- 1 | a = 4 2 | b = 10 3 | 4 | if a != b or ((a == b and True) or False): 5 | while False and -3 < 5: 6 | print(1337 | 12345) 7 | 8 | a = (1,2,3,4,5) 9 | for x in a: 10 | if x not in a or x > 5: 11 | print("bazqux") 12 | 13 | print(a + (4,5)) 14 | print(a + (6, -3, (123))) 15 | 16 | print(a is (1,2,3,4,5)) 17 | print(a is not a) 18 | print(3 is (not a)) 19 | print(a is not (1,2)) 20 | print( 21 | not a is not a 22 | ) 23 | 24 | print(4 not in a) 25 | print(not 4 not in a) 26 | print(not not 4 not in a) 27 | 28 | print(3 is 3) 29 | print(3 is 4) 30 | print(3 is not 3) 31 | print(3 is not 4) 32 | print(3 is (not 3)) 33 | print(4 is (not 4)) 34 | print(not 3 is not (1,2,3)) 35 | print(3 in (1,2) * 3) 36 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/mergesort1.py: -------------------------------------------------------------------------------- 1 | def mergeSort(alist): 2 | print("Splitting ", alist) 3 | if len(alist) > 1: 4 | mid = int(len(alist) / 2) 5 | lefthalf = alist[:mid] 6 | righthalf = alist[mid:] 7 | 8 | mergeSort(lefthalf) 9 | mergeSort(righthalf) 10 | 11 | i=0 12 | j=0 13 | k=0 14 | 15 | while i < len(lefthalf) and j < len(righthalf): 16 | if lefthalf[i] < righthalf[j]: 17 | alist[k]=lefthalf[i] 18 | i=i+1 19 | else: 20 | alist[k]=righthalf[j] 21 | j=j+1 22 | k=k+1 23 | 24 | while i < len(lefthalf): 25 | alist[k]=lefthalf[i] 26 | i=i+1 27 | k=k+1 28 | 29 | while j < len(righthalf): 30 | alist[k]=righthalf[j] 31 | j=j+1 32 | k=k+1 33 | print("Merging ",alist) 34 | 35 | alist = [54,26,93,17,77,31,44,55,20] 36 | mergeSort(alist) 37 | print(alist) 38 | 39 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/numbers1.py: -------------------------------------------------------------------------------- 1 | print(0xA, 0o10, 10, 0b10) 2 | print(0xa, 0O10, 10, 0B10) 3 | 4 | # should be 5 | # 10 8 10 2 6 | # 10 8 10 2 7 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/parenbalance.py: -------------------------------------------------------------------------------- 1 | if True: 2 | a = ( 3 | 3 + 4 * 2 4 | ) 5 | 6 | print(a) 7 | 8 | # should be 11 -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/parens.py: -------------------------------------------------------------------------------- 1 | test = { 2 | 'first' : 1, 3 | 'second' : 2, 4 | 'third' : 'dsfasdf', 5 | } 6 | 7 | hey = [ 8 | 999, 9 | 888, 10 | 777, 11 | 666, # 'test test' "comment"" test '''''''' 12 | 555, 13 | 444 14 | ] 15 | 16 | print(test['first']) 17 | print(test['third']) 18 | print(len(test), len(hey)) 19 | 20 | for x in hey: 21 | print(x) 22 | 23 | i = 0 24 | while i < len(hey): 25 | print(hey[i]) 26 | i += 1 27 | 28 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/quicksort.py: -------------------------------------------------------------------------------- 1 | def quickSort(arr): 2 | less = [] 3 | pivotList = [] 4 | more = [] 5 | if len(arr) <= 1: 6 | return arr 7 | else: 8 | pivot = arr[0] 9 | for i in arr: 10 | if i < pivot: 11 | less.append(i) 12 | elif i > pivot: 13 | more.append(i) 14 | else: 15 | pivotList.append(i) 16 | less = quickSort(less) 17 | more = quickSort(more) 18 | return less + pivotList + more 19 | 20 | a = [4, 65, 2, -31, 0, 99, 83, 782, 1] 21 | print(a) 22 | 23 | a = quickSort(a) 24 | print(a) -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/scope1.py: -------------------------------------------------------------------------------- 1 | var = 'foo' 2 | def ex2(): 3 | var = 'bar' 4 | print('inside the function var is ', var) 5 | 6 | ex2() 7 | print('outside the function var is ', var) 8 | 9 | # should be bar, foo 10 | 11 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/scope2.py: -------------------------------------------------------------------------------- 1 | def test1(foo, bar): 2 | foo = 3 3 | def test2(quix): 4 | foo = 4 5 | test2(123) 6 | print(foo) 7 | # Should be 3 8 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/shell/assignment.py: -------------------------------------------------------------------------------- 1 | a = 4 2 | a = a 3 | a 4 | print(a) 5 | 6 | b = [4,5,a] 7 | b = b 8 | b 9 | print(b) 10 | 11 | a = b 12 | [a, b] 13 | print([a,b]) 14 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/shell/control_flow.py: -------------------------------------------------------------------------------- 1 | 2 | x = [1, 2, 3] 3 | 4 | def test(): 5 | y = [] 6 | z = {0} 7 | for i in range(0, 100): 8 | if i == 50: 9 | print(y) 10 | y 11 | break 12 | pass 13 | print(x) 14 | x 15 | if i % 3 == 0: 16 | y.append(i) 17 | continue 18 | print('test', [x, y]) 19 | print([x, y]) 20 | print([y, x]) 21 | for value in x: 22 | print(y) 23 | z.update({value+100}) 24 | print([y, x]) 25 | if True: 26 | return x 27 | 28 | print(test()) 29 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/shell/debug.py: -------------------------------------------------------------------------------- 1 | if True: 2 | foobar = 3*4 + 2 3 | pass 4 | 5 | 6 | if True: 7 | 2 8 | if True: 9 | 3 10 | if True: 11 | 4 12 | 13 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/shell/dedents.py: -------------------------------------------------------------------------------- 1 | while True: 2 | if True: 3 | if True: 4 | print('hey!') 5 | break 6 | print('foobar') 7 | print('test') 8 | 9 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/shell/lcm.py: -------------------------------------------------------------------------------- 1 | 2 | x = 48 3 | y = 180 4 | 5 | def gcd(x, y): 6 | while y != 0: 7 | hey = x 8 | x = y 9 | y = hey % y 10 | return x 11 | 12 | def lcm(a, b): 13 | return (a * b / gcd(a, b)) 14 | 15 | gcd(x, lcm(x,y)) 16 | 17 | print("GCD is %d" % gcd(x,y)) 18 | print("LCM is %d" % lcm(x,y)) 19 | 20 | gcd(gcd(y,x), lcm(x,y)) 21 | 22 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/shell/statement_lists.py: -------------------------------------------------------------------------------- 1 | for i in range(0, 5): 2 | i 3 | 4 | x = 0; i = 3 5 | skipped = False 6 | while x < 100: 7 | x 8 | if x % 2 == 0: 9 | i = x 10 | while i > 0: 11 | if i in [1,2,5,9,30,60]: 12 | [i, x] 13 | x 14 | i -= 1 15 | elif x % 3 == 0: 16 | # comment 17 | 'hey' 18 | pass 19 | elif x % 5 == 0: 20 | [x << 3, x >> 4] 21 | [x ^ 1, [[i], x^2 + 30^2]] 22 | elif x % 13 == 0 and not skipped: 23 | skipped = True 24 | continue 25 | else: 26 | x*x 27 | x += 1 28 | 29 | 30 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/trailing_dedents.py: -------------------------------------------------------------------------------- 1 | while True: 2 | pass 3 | if True: 4 | if True: 5 | print('hey world!') 6 | break -------------------------------------------------------------------------------- /lang-python/src/test/resources/tiny_py_interpreter/tinypy/tests/unicode1.py: -------------------------------------------------------------------------------- 1 | привет = 'привет!' 2 | if привет: 3 | print('Однако, %s' % привет) -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/manage.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import os 3 | import sys 4 | 5 | if __name__ == "__main__": 6 | os.environ.setdefault("DJANGO_SETTINGS_MODULE", "vulas_python_testapp.settings") 7 | 8 | from django.core.management import execute_from_command_line 9 | 10 | execute_from_command_line(sys.argv) 11 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup, find_packages 2 | 3 | setup( 4 | name='Vulas Python Test App', 5 | version='0.2', 6 | author='John Doe', 7 | author_email='john.doe@foo.bar', 8 | description='Steady Test App for Python', 9 | #long_description=open('README.md').read(), 10 | classifiers=[ 11 | "Development Status :: 1 - Alpha", 12 | 'Intended Audience :: Developers', 13 | 'Programming Language :: Python :: 2.7', 14 | ], 15 | install_requires = [ 'django==1.8.1' ], 16 | include_package_data = True, 17 | packages=find_packages(), 18 | entry_points = { 19 | #'console_scripts' : [ 'testapp = testapp:main'] 20 | }, 21 | #test_suite = 'testapp.run_tests.get_suite', 22 | 23 | ) 24 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/testapp/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-python/src/test/resources/vulas_python_testapp/testapp/__init__.py -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/testapp/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | # Register your models here. 4 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/testapp/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-python/src/test/resources/vulas_python_testapp/testapp/migrations/__init__.py -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/testapp/models.py: -------------------------------------------------------------------------------- 1 | from django.db import models 2 | 3 | # Create your models here. 4 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/testapp/testinput/subdir/test3.py: -------------------------------------------------------------------------------- 1 | class class0: 2 | var0 = '' 3 | 4 | def __init__(self): 5 | var1 = 0 6 | 7 | def fun1(): 8 | return var0 9 | 10 | def fun2(): 11 | print('useless print') 12 | return var1 -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/testapp/testinput/test.py: -------------------------------------------------------------------------------- 1 | class class0: 2 | var0 = '' 3 | 4 | def __init__(self, arg1): 5 | var1 = 0 6 | 7 | def fun1(self, arg2): 8 | return var0 9 | 10 | def fun2(): 11 | print('useless print') 12 | return var1 13 | 14 | class class1: 15 | def fun3(): 16 | return var0 17 | 18 | def fun4(self, arg3): 19 | print('useless print') 20 | return var1 21 | 22 | class class3: 23 | def fun5(): 24 | print('useless print') 25 | return var1 26 | 27 | class class4: 28 | def fun6(): 29 | print('useless print') 30 | return var1 31 | 32 | 33 | class class5: 34 | def fun7(): 35 | print('useless print') 36 | return "" -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/testapp/testinput/test2.py: -------------------------------------------------------------------------------- 1 | #comment 2 | 3 | var8 = 8 4 | var9 = 0 5 | 6 | print('useless print 1') 7 | print('useless print 2') 8 | 9 | def outFunc(): 10 | return var8 11 | 12 | var10 = None 13 | var11 = var10 14 | 15 | var12 = '' 16 | var13 = var12 17 | 18 | class class0: 19 | var0 = '' 20 | 21 | def __init__(self): 22 | var1 = 0 23 | 24 | def fun1(): 25 | return var0 26 | 27 | def fun2(): 28 | print('useless print 3') 29 | return var1 30 | 31 | class class3: 32 | def fun1(): 33 | return var0 34 | 35 | class class2: 36 | var0 = '' 37 | 38 | def __init__(self): 39 | var1 = 0 40 | 41 | def fun1(): 42 | return var0 43 | 44 | def fun2(): 45 | print('useless print 4') 46 | return var1 47 | 48 | print('useless print 5') 49 | print('useless print 6') 50 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/testapp/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/testapp/urls.py: -------------------------------------------------------------------------------- 1 | 2 | from django.conf.urls import url 3 | 4 | from . import views 5 | 6 | urlpatterns = [ 7 | url(r'^$', views.index, name='index'), 8 | ] 9 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/testapp/views.py: -------------------------------------------------------------------------------- 1 | from django.shortcuts import render 2 | from django.http import HttpResponse 3 | from django.contrib.sessions.backends.cache import SessionStore as CacheSession 4 | 5 | from testinput import test2 6 | 7 | import uuid 8 | 9 | def index(request): 10 | class0() 11 | 12 | backend = CacheSession 13 | 14 | while(True): 15 | session_uuid = uuid.uuid4() 16 | 17 | session = backend(session_uuid) 18 | session.load() 19 | 20 | print(session_uuid) 21 | print(session.exists(session.session_key)) 22 | print(session.session_key == session_uuid) 23 | 24 | return HttpResponse("Hello, world. You're at the testapp index.") 25 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/vulas_python_testapp/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang-python/src/test/resources/vulas_python_testapp/vulas_python_testapp/__init__.py -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/vulas_python_testapp/urls.py: -------------------------------------------------------------------------------- 1 | from django.conf.urls import include, url 2 | from django.contrib import admin 3 | 4 | urlpatterns = [ 5 | url(r'^polls/', include('testapp.urls')), 6 | url(r'^admin/', admin.site.urls), 7 | ] 8 | -------------------------------------------------------------------------------- /lang-python/src/test/resources/vulas_python_testapp/vulas_python_testapp/wsgi.py: -------------------------------------------------------------------------------- 1 | """ 2 | WSGI config for vulas_python_testapp project. 3 | 4 | It exposes the WSGI callable as a module-level variable named ``application``. 5 | 6 | For more information on this file, see 7 | https://docs.djangoproject.com/en/1.8/howto/deployment/wsgi/ 8 | """ 9 | 10 | import os 11 | 12 | from django.core.wsgi import get_wsgi_application 13 | 14 | os.environ.setdefault("DJANGO_SETTINGS_MODULE", "vulas_python_testapp.settings") 15 | 16 | application = get_wsgi_application() 17 | -------------------------------------------------------------------------------- /lang/src/main/java/org/eclipse/steady/backend/requests/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | /** 20 | * 21 | */ 22 | /** 23 | * 24 | */ 25 | package org.eclipse.steady.backend.requests; 26 | -------------------------------------------------------------------------------- /lang/src/main/java/org/eclipse/steady/goals/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | /** 20 | * 21 | */ 22 | package org.eclipse.steady.goals; 23 | -------------------------------------------------------------------------------- /lang/src/main/java/org/eclipse/steady/tasks/ReachTask.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | package org.eclipse.steady.tasks; 20 | 21 | /** 22 | *

ReachTask interface.

23 | */ 24 | public interface ReachTask {} 25 | -------------------------------------------------------------------------------- /lang/src/main/java/org/eclipse/steady/tasks/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | /** 20 | * 21 | */ 22 | /** 23 | * 24 | */ 25 | package org.eclipse.steady.tasks; 26 | -------------------------------------------------------------------------------- /lang/src/main/resources/META-INF/services/org.eclipse.steady.FileAnalyzer: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.DirAnalyzer -------------------------------------------------------------------------------- /lang/src/main/resources/META-INF/services/org.eclipse.steady.malice.MaliciousnessAnalyzer: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.malice.ZipSlipAnalyzer -------------------------------------------------------------------------------- /lang/src/main/resources/steady-tenant.properties: -------------------------------------------------------------------------------- 1 | # 2 | # This file is part of Eclipse Steady. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # SPDX-License-Identifier: Apache-2.0 17 | # SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | # 19 | 20 | # Identifies the backend tenant 21 | # Default (set if empty): - 22 | vulas.core.tenant.token = $tenant$ 23 | -------------------------------------------------------------------------------- /lang/src/test/resources/no-zip-slip.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang/src/test/resources/no-zip-slip.zip -------------------------------------------------------------------------------- /lang/src/test/resources/zip-slip-win.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang/src/test/resources/zip-slip-win.zip -------------------------------------------------------------------------------- /lang/src/test/resources/zip-slip.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang/src/test/resources/zip-slip.jar -------------------------------------------------------------------------------- /lang/src/test/resources/zip-slip.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lang/src/test/resources/zip-slip.zip -------------------------------------------------------------------------------- /lib/changedistiller-0.0.4-SNAPSHOT.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lib/changedistiller-0.0.4-SNAPSHOT.jar -------------------------------------------------------------------------------- /lib/dependency-finder-1.2.1-beta5-log4j.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/lib/dependency-finder-1.2.1-beta5-log4j.jar -------------------------------------------------------------------------------- /patch-analyzer/src/main/resources/steady-patcha.properties: -------------------------------------------------------------------------------- 1 | # 2 | # This file is part of Eclipse Steady. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # SPDX-License-Identifier: Apache-2.0 17 | # SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | # 19 | 20 | # Overrides patch information (all existing stuff will be deleted beforehand) 21 | collector.overridePatch = true 22 | 23 | # Implementations of IVCSClient 24 | vulas.patcha.vcs.clients = org.eclipse.steady.git.GitClient, org.eclipse.steady.svn.SvnClient -------------------------------------------------------------------------------- /patch-analyzer/src/test/resources/ws_security_1438423/src/main/java/org/apache/cxf/ws/security/policy/interceptors/Messages.properties: -------------------------------------------------------------------------------- 1 | # 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # 20 | # 21 | HTTPS_NOT_ASSERTED: Token {0} was not asserted: {1} -------------------------------------------------------------------------------- /patch-analyzer/src/test/resources/ws_security_1438423/src/main/java/org/apache/cxf/ws/security/policy/model/Messages.properties: -------------------------------------------------------------------------------- 1 | # 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # 20 | # 21 | INVALID_ALGORITHM=Invalid algorithm suite {} -------------------------------------------------------------------------------- /patch-analyzer/src/test/resources/ws_security_1438424/src/main/java/org/apache/cxf/ws/security/policy/interceptors/Messages.properties: -------------------------------------------------------------------------------- 1 | # 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # 20 | # 21 | HTTPS_NOT_ASSERTED: Token {0} was not asserted: {1} -------------------------------------------------------------------------------- /patch-analyzer/src/test/resources/ws_security_1438424/src/main/java/org/apache/cxf/ws/security/policy/model/Messages.properties: -------------------------------------------------------------------------------- 1 | # 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # 20 | # 21 | INVALID_ALGORITHM=Invalid algorithm suite {} -------------------------------------------------------------------------------- /patch-lib-analyzer/src/main/resources/log4j.properties: -------------------------------------------------------------------------------- 1 | log4j.rootLogger=INFO, consoleAppender 2 | 3 | log4j.appender.consoleAppender=org.apache.log4j.ConsoleAppender 4 | log4j.appender.consoleAppender.layout=org.apache.log4j.PatternLayout 5 | log4j.appender.consoleAppender.layout.ConversionPattern=[%t] %-5p %c %x - %m%n 6 | 7 | log4j.appender.fileAppender=org.apache.log4j.RollingFileAppender 8 | log4j.appender.fileAppender.layout=org.apache.log4j.PatternLayout 9 | log4j.appender.fileAppender.layout.ConversionPattern=[%t] %-5p %c %x - %m%n 10 | log4j.appender.fileAppender.File=demoApplication.log 11 | -------------------------------------------------------------------------------- /patch-lib-analyzer/src/test/java/org/eclipse/steady/patcheval/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | package org.eclipse.steady.patcheval; 20 | -------------------------------------------------------------------------------- /plugin-gradle/gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/plugin-gradle/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /plugin-gradle/gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-5.0-bin.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | -------------------------------------------------------------------------------- /plugin-gradle/settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = "plugin-gradle" -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/android-libs/android-lib1/build.gradle: -------------------------------------------------------------------------------- 1 | plugins { 2 | id 'vulas' 3 | } 4 | 5 | apply plugin: 'com.android.library' 6 | 7 | android { 8 | compileSdkVersion Integer.valueOf(androidCompileSdkVersion) 9 | buildToolsVersion androidBuildToolsVersion 10 | defaultConfig { 11 | minSdkVersion androidMinSdkVersion 12 | targetSdkVersion androidTargetSdkVersion 13 | } 14 | } 15 | 16 | dependencies { 17 | api "net.zetetic:android-database-sqlcipher:3.5.9" 18 | implementation "log4j:log4j:1.2.17" 19 | } -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/android-libs/android-lib1/src/main/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 3 | 4 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/android-libs/android-lib1/src/main/java/com/sap/mobile/android/validationlib/Greeter.java: -------------------------------------------------------------------------------- 1 | package com.sap.mobile.android.validationlib; 2 | 3 | public class Greeter { 4 | 5 | /** 6 | * Says hello! 7 | * @return Kind greeting 8 | */ 9 | public static String hello(){ 10 | return "Hello from ValidationLib!"; 11 | } 12 | 13 | } -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/android-libs/android-lib1/src/main/res/values/strings.xml: -------------------------------------------------------------------------------- 1 | 2 | ValiadationLib 3 | 4 | -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/android-libs/android-lib2/build.gradle: -------------------------------------------------------------------------------- 1 | plugins { 2 | id 'vulas' 3 | } 4 | 5 | apply plugin: 'com.android.library' 6 | 7 | android { 8 | compileSdkVersion Integer.valueOf(androidCompileSdkVersion) 9 | buildToolsVersion androidBuildToolsVersion 10 | defaultConfig { 11 | minSdkVersion androidMinSdkVersion 12 | targetSdkVersion androidTargetSdkVersion 13 | } 14 | } 15 | 16 | dependencies { 17 | api project(path: ":android-lib1") 18 | implementation("org.jdeferred:jdeferred-android-aar:1.2.6") 19 | } -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/android-libs/android-lib2/src/main/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 3 | 4 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/android-libs/android-lib2/src/main/java/com/sap/mobile/android/validationlib/Greeter.java: -------------------------------------------------------------------------------- 1 | package com.sap.mobile.android.validationlib; 2 | 3 | public class Greeter { 4 | 5 | /** 6 | * Says hello! 7 | * @return Kind greeting 8 | */ 9 | public static String hello(){ 10 | return "Hello from ValidationLib!"; 11 | } 12 | 13 | } -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/android-libs/android-lib2/src/main/res/values/strings.xml: -------------------------------------------------------------------------------- 1 | 2 | ValiadationLib 3 | 4 | -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/android-libs/build.gradle: -------------------------------------------------------------------------------- 1 | 2 | buildscript { 3 | repositories { 4 | mavenCentral() 5 | google() 6 | } 7 | dependencies { 8 | classpath 'com.android.tools.build:gradle:3.1.0' 9 | } 10 | } 11 | 12 | plugins { 13 | id 'steady' 14 | } 15 | 16 | allprojects { 17 | repositories { 18 | mavenCentral() 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/android-libs/gradle.properties: -------------------------------------------------------------------------------- 1 | group = com.sap.security.vulas.gradle.plugin.test 2 | version = 1.0.0 3 | 4 | androidBuildToolsVersion=26.0.2 5 | 6 | androidMinSdkVersion=19 7 | androidTargetSdkVersion=19 8 | androidCompileSdkVersion=26 9 | 10 | #workaround for IDEA 11 | #https://stackoverflow.com/a/46634881 12 | android.injected.build.model.only.versioned=3 13 | 14 | vulas.core.backendConnection=OFFLINE -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/android-libs/settings.gradle: -------------------------------------------------------------------------------- 1 | include 'android-lib1' 2 | include 'android-lib2' -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/java-lib/build.gradle: -------------------------------------------------------------------------------- 1 | plugins { 2 | id 'steady' 3 | } 4 | 5 | apply plugin: 'java-library' 6 | 7 | // In this section you declare where to find the dependencies of your project 8 | repositories { 9 | mavenCentral() 10 | } 11 | 12 | dependencies { 13 | // This dependency is exported to consumers, that is to say found on their compile classpath. 14 | api 'org.apache.commons:commons-math3:3.6.1' 15 | 16 | // This dependency is used internally, and not exposed to consumers on their own compile classpath. 17 | implementation 'com.google.guava:guava:23.0' 18 | 19 | // Use JUnit test framework 20 | testImplementation 'junit:junit:4.12' 21 | } 22 | 23 | -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/java-lib/gradle.properties: -------------------------------------------------------------------------------- 1 | group = com.sap.security.vulas.gradle.plugin.test 2 | version = 1.0.0 3 | 4 | vulas.core.backendConnection=OFFLINE -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/java-lib/settings.gradle: -------------------------------------------------------------------------------- 1 | /* 2 | * This settings file was generated by the Gradle 'init' task. 3 | * 4 | * The settings file is used to specify which projects to include in your build. 5 | * In a single project build this file can be empty or even removed. 6 | * 7 | * Detailed information about configuring a multi-project build in Gradle can be found 8 | * in the user guide at https://docs.gradle.org/4.3.1/userguide/multi_project_builds.html 9 | */ 10 | 11 | /* 12 | // To declare projects as part of a multi-project build use the 'include' method 13 | include 'shared' 14 | include 'api' 15 | include 'services:webservice' 16 | */ 17 | 18 | rootProject.name = 'java-lib' 19 | -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/java-lib/src/main/java/Library.java: -------------------------------------------------------------------------------- 1 | /* 2 | * This Java source file was generated by the Gradle 'init' task. 3 | */ 4 | public class Library { 5 | public boolean someLibraryMethod() { 6 | return true; 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /plugin-gradle/src/test/resources/java-lib/src/test/java/LibraryTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * This Java source file was generated by the Gradle 'init' task. 3 | */ 4 | import org.junit.Test; 5 | import static org.junit.Assert.*; 6 | 7 | public class LibraryTest { 8 | @Test public void testSomeLibraryMethod() { 9 | Library classUnderTest = new Library(); 10 | assertTrue("someLibraryMethod should return 'true'", classUnderTest.someLibraryMethod()); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /plugin-maven/src/it/simple-it/verify.groovy: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | File touchFile = new File( basedir, "target/touch.txt" ); 20 | 21 | assert touchFile.isFile() 22 | -------------------------------------------------------------------------------- /plugin-maven/src/test/resources/testproject/src/test/java/SimpleTest.java: -------------------------------------------------------------------------------- 1 | import static org.junit.Assert.assertEquals; 2 | 3 | import java.io.FileNotFoundException; 4 | import java.io.PrintStream; 5 | import java.nio.file.Paths; 6 | 7 | import org.junit.Test; 8 | 9 | import com.acme.Simple; 10 | 11 | public class SimpleTest { 12 | 13 | @Test 14 | public void callHttpClientTest() { 15 | Simple p = null; 16 | try { 17 | p = new Simple(); 18 | p.callHttpClient("https://example.com"); 19 | } catch (Exception e) { 20 | // TODO Auto-generated catch block 21 | e.printStackTrace(); 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /plugin-maven/src/test/resources/unitTestPom/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | foo.bar 7 | vulas-testpom 8 | 1.0.0 9 | pom 10 | 11 | 12 | 13 | 3.0.10-SNAPSHOT 14 | 15 | 16 | 17 | 18 | 19 | org.eclipse.steady 20 | plugin-maven 21 | ${vulas.version} 22 | 23 | 24 | 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /repo-client/src/main/java/org/eclipse/steady/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | package org.eclipse.steady; 20 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | pip 2 | setuptools 3 | virtualenv 4 | -------------------------------------------------------------------------------- /rest-backend/src/main/java/org/eclipse/steady/backend/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | package org.eclipse.steady.backend; 20 | -------------------------------------------------------------------------------- /rest-backend/src/main/resources/META-INF/services/org.eclipse.steady.backend.util.DigestVerifier: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.backend.util.MavenCentralVerifier 2 | org.eclipse.steady.backend.util.PyPiVerifier -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20170302.1025__appversionlength.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE app ALTER COLUMN version TYPE CHARACTER varying(96); -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20170321.0850__token.sql: -------------------------------------------------------------------------------- 1 | create table token (id int8 not null, created_at timestamp, scope varchar(255) not null, token varchar(64) not null, primary key (id)) ; 2 | alter table token drop constraint if exists UK_pddrhgwxnms2aceeku9s2ewy5 ; 3 | alter table token add constraint UK_pddrhgwxnms2aceeku9s2ewy5 unique (token) ; -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20170322.1137__patchevalresults.sql: -------------------------------------------------------------------------------- 1 | alter table bug_affected_construct_change add column fixed_body text; 2 | alter table bug_affected_construct_change add column path_group varchar(255); 3 | alter table bug_affected_construct_change add column qname_in_jar boolean; 4 | alter table bug_affected_construct_change add column vuln_body text; 5 | alter table bug_affected_library add column adfixed varchar(255); 6 | alter table bug_affected_library add column adpath_fixed varchar(255); 7 | alter table bug_affected_library add column overall_confidence varchar(255); 8 | alter table bug_affected_library add column path_confidence varchar(255); 9 | alter table bug_affected_library add column sources_available boolean; 10 | alter table bug_affected_library alter column affected DROP NOT NULL; 11 | -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20170414.1536__exceptiontype.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE app_goal_exe ALTER COLUMN exception TYPE text; -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20170419.1800__primarykey.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE app_dependency_reachable_construct_ids 2 | ADD PRIMARY KEY (app_dependency_id,reachable_construct_ids_id); -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20170424.2200__missingprimarykeys.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE lib_constructs 2 | ADD PRIMARY KEY (lib_id,constructs_id); 3 | ALTER TABLE app_constructs 4 | ADD PRIMARY KEY (app_id,constructs_id); 5 | ALTER TABLE app_goal_exe_configuration 6 | ADD PRIMARY KEY (app_goal_exe_id,configuration_id); 7 | ALTER TABLE app_goal_exe_system_info 8 | ADD PRIMARY KEY (app_goal_exe_id,system_info_id); 9 | ALTER TABLE lib_properties 10 | ADD PRIMARY KEY (lib_id,properties_id); -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20170824.1650__altercolumnhibernate5.sql: -------------------------------------------------------------------------------- 1 | --alter table app_goal_exe_statistics rename column goal_execution_id to app_goal_exe_id; 2 | alter table app_constructs rename column app_id to application_id; 3 | alter table app_dependency_reachable_construct_ids rename column app_dependency_id to dependency_id; 4 | 5 | alter table app_goal_exe_configuration rename column app_goal_exe_id to goal_execution_id; 6 | alter table app_goal_exe_system_info rename column app_goal_exe_id to goal_execution_id; 7 | 8 | alter table lib_constructs rename column lib_id to library_id; 9 | 10 | alter table lib_properties rename column lib_id to library_id; -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20170925.1530__bugrefsdeppath.sql: -------------------------------------------------------------------------------- 1 | create table bug_references (bug_id int8 not null, reference varchar(1024) not null, primary key (bug_id,reference)); 2 | alter table bug_references add constraint FKb05vl8sr4x7u4dsvrfupb79nh foreign key (bug_id) references bug; 3 | alter table app_dependency add column path text; 4 | 5 | INSERT INTO bug_references (bug_id,reference) SELECT id,url FROM bug where url is not null and not url=''; 6 | 7 | ALTER TABLE bug DROP COLUMN url; -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20171016.1530__sameBytecode.sql: -------------------------------------------------------------------------------- 1 | create table bug_affected_construct_change_same_bytecode_lids (affected_construct_change_id int8 not null, same_bytecode_lids_id int8 not null); 2 | alter table bug_affected_construct_change_same_bytecode_lids add constraint FKfirn9bju9powr15m6rd5883g3 foreign key (same_bytecode_lids_id) references library_id; 3 | alter table bug_affected_construct_change_same_bytecode_lids add constraint FK2j92tqd59rkb75xo97r70w465 foreign key (affected_construct_change_id) references bug_affected_construct_change; 4 | ALTER TABLE bug_affected_construct_change_same_bytecode_lids ADD PRIMARY KEY (affected_construct_change_id,same_bytecode_lids_id); 5 | alter table bug_affected_construct_change drop column ast_equal; -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20180518.0817__bugandspace.sql: -------------------------------------------------------------------------------- 1 | create table space_properties (space_id int8 not null, properties_id int8 not null); 2 | 3 | 4 | alter table bug add column bug_id_alt varchar(32); 5 | 6 | alter table bug add column cvss_score float4; 7 | alter table bug add column cvss_vector varchar(100); 8 | alter table bug add column cvss_version varchar(5); 9 | 10 | alter table bug add column maturity varchar(5) ; 11 | update bug set maturity='READY'; 12 | alter table bug alter column maturity SET NOT NULL; 13 | 14 | 15 | alter table bug add column origin varchar(6) ; 16 | update bug set origin='PUBLIC'; 17 | alter table bug alter column origin SET NOT NULL; 18 | 19 | 20 | ALTER TABLE bug DROP COLUMN source; -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20180525.1115__bugdescriptionalt.sql: -------------------------------------------------------------------------------- 1 | alter table bug add column description_alt text; 2 | 3 | update bug set description_alt=description; 4 | 5 | update bug set description=null; 6 | 7 | -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20180525.1400__qnamesize.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE construct_id ALTER COLUMN qname TYPE character varying(3072); -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20180629.1500__bugaffectedCCIndex.sql: -------------------------------------------------------------------------------- 1 | create index IF NOT EXISTS affected_lib_cc_index on bug_affected_construct_change (affected_lib); 2 | -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20180705.1100__libConstructsIndex.sql: -------------------------------------------------------------------------------- 1 | create index IF NOT EXISTS construct_index on lib_constructs (constructs_id); -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20180824.1600__updateView.sql: -------------------------------------------------------------------------------- 1 | --Affected libraries results after applying priority (MANUAL->AST_EQUALITY(and other patch eval results)) for libraries without GAV (only sha1 known) 2 | create or replace view v_affected_library_digest as 3 | select lid.lib,lid.bug_id,lid.affected from 4 | (select distinct bug_id,lib,affected from bug_affected_library where source='MANUAL' and library_id is null 5 | UNION 6 | select distinct al1.bug_id,al1.lib,al1.affected from bug_affected_library as al1 7 | where al1.library_id is null and (al1.source='AST_EQUALITY' OR al1.source='MINOR_EQUALITY'OR al1.source='MAJOR_EQUALITY' OR al1.source='GREATER_RELEASE' OR al1.source='INTERSECTION' OR al1.source='PROPAGATE_MANUAL') 8 | and not exists (select 1 from bug_affected_library as al2 where al2.source='MANUAL' and al1.bug_id=al2.bug_id and al1.lib=al2.lib)) as lid ; 9 | 10 | drop view v_affected_library_sha1; -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20180828.1730__depParent.sql: -------------------------------------------------------------------------------- 1 | alter table app_dependency add column origin varchar(255); 2 | alter table app_dependency add column relative_path text; 3 | alter table app_dependency add column parent int8; 4 | 5 | alter table app_dependency add constraint FK3q24nj7pisqslyss56g82t7n4 foreign key (parent) references app_dependency; 6 | 7 | alter table app_dependency drop constraint uk_bp7iv9k79w4galqwpris6yedl; -- unique (lib, app) 8 | 9 | create index IF NOT EXISTS app_dep_index on app_dependency (lib, app); 10 | 11 | CREATE UNIQUE INDEX IF NOT EXISTS dep_app_lib_index ON app_dependency (app,lib) where parent is NULL and relative_path is NULL; 12 | 13 | CREATE UNIQUE INDEX IF NOT EXISTS dep_app_lib_parent_index ON app_dependency (app,lib,parent) where relative_path is NULL; 14 | 15 | CREATE UNIQUE INDEX IF NOT EXISTS dep_app_lib_relpath_index ON app_dependency (app,lib,relative_path) where parent is NULL; -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20181029.1330__depParentFK.sql: -------------------------------------------------------------------------------- 1 | --Dropping FK for performance reasons (exp. on delete) 2 | alter table app_dependency drop constraint if exists fk3q24nj7pisqslyss56g82t7n4 ; -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20181211.0949__modifiedAtAffLib.sql: -------------------------------------------------------------------------------- 1 | alter table bug_affected_library add column modified_at timestamp; 2 | update bug_affected_library set modified_at = now(); 3 | alter table bug_affected_library alter column modified_at set not null; 4 | -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20190304.1430__spaceReadOnly.sql: -------------------------------------------------------------------------------- 1 | alter table space add column is_read_only boolean; 2 | 3 | update space set is_read_only=false; 4 | 5 | -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20190425.1400__libDigestTimestamp.sql: -------------------------------------------------------------------------------- 1 | alter table lib add column digest_timestamp timestamp; -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20190613.1700__bundledLibraryIds.sql: -------------------------------------------------------------------------------- 1 | create table lib_bundled_library_ids (library_id int8 not null, bundled_library_ids_id int8 not null); 2 | alter table lib_bundled_library_ids add constraint FKpfkpmqs18pra09mdrt5ln4qui foreign key (bundled_library_ids_id) references library_id; 3 | alter table lib_bundled_library_ids add constraint FK3nbep3t70cu9sc3ggoscnd96 foreign key (library_id) references lib; 4 | -------------------------------------------------------------------------------- /rest-backend/src/main/resources/db/migration/V20200219.1130__dropDepIndexes.sql: -------------------------------------------------------------------------------- 1 | DROP INDEX if exists public.dep_app_lib_index; 2 | DROP INDEX if exists public.dep_app_lib_parent_index; 3 | DROP INDEX if exists public.dep_app_lib_relpath_index; 4 | ALTER TABLE app_dependency ALTER COLUMN relative_path TYPE varchar(1024); 5 | ALTER TABLE app_dependency ADD CONSTRAINT UKnueog86fts45j2wcql6idbqwn UNIQUE (lib, app, parent, relative_path); -------------------------------------------------------------------------------- /rest-backend/src/test/java/org/eclipse/steady/backend/util/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | /** 20 | * 21 | */ 22 | /** 23 | * 24 | */ 25 | package org.eclipse.steady.backend.util; 26 | -------------------------------------------------------------------------------- /rest-backend/src/test/resources/dummy_app/app.json: -------------------------------------------------------------------------------- 1 | { 2 | "group": "com.acme", 3 | "artifact": "vulas", 4 | "version": "0.0.1", 5 | "dependencies": [ 6 | { 7 | "lib": "sha1", 8 | "scope": "COMPILE", 9 | "transitive": false, 10 | "declared": true, 11 | "traced": true, 12 | "filename": "commons-lib.jar", 13 | "path": null 14 | } 15 | ], 16 | "constructs": [ 17 | { 18 | "lang": "JAVA", 19 | "type": "CLAS", 20 | "qname": "com.acme.Vulas" 21 | }, 22 | { 23 | "lang": "JAVA", 24 | "type": "METH", 25 | "qname": "com.acme.Vulas.vulas()" 26 | } 27 | ] 28 | } -------------------------------------------------------------------------------- /rest-backend/src/test/resources/dummy_app/bug_afflib_CVE-2014-0050_CHECK_VERSION.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "lib": { 4 | "sha1": "1E48256A2341047E7D729217ADEEC8217F6E3A1A" 5 | }, 6 | "affectedcc": [{ 7 | "cc": { 8 | "repo": "http://svn.apache.org/repos/asf/commons/proper/fileupload", 9 | "commit": "1565143", 10 | "repoPath": "/commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/MultipartStream.java", 11 | "constructId": { 12 | "lang": "JAVA", 13 | "type": "CONS", 14 | "qname": "org.apache.commons.fileupload.MultipartStream(InputStream,byte[],int,ProgressNotifier)" 15 | } 16 | }, 17 | "affected": true, 18 | "inArchive":true, 19 | "classInArchive":true, 20 | "equalChangeType":true, 21 | "overall_chg":"MOD" 22 | }], 23 | "source": "CHECK_VERSION", 24 | "affected": true 25 | } 26 | ] -------------------------------------------------------------------------------- /rest-backend/src/test/resources/dummy_app/bug_afflib_CVE-2014-0050_MANUAL.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "libraryId": { 4 | "artifact": "foo", 5 | "version": "1.0.0", 6 | "group": "org.lib" 7 | }, 8 | "source": "MANUAL", 9 | "affected": true, 10 | "explanation": "Foo" 11 | }, 12 | { 13 | "libraryId": { 14 | "artifact": "foo", 15 | "version": "1.0.1", 16 | "group": "org.lib" 17 | }, 18 | "source": "MANUAL", 19 | "affected": false, 20 | "explanation": null 21 | } 22 | ] -------------------------------------------------------------------------------- /rest-backend/src/test/resources/dummy_app/bug_afflib_CVE-2014-0050_PRE_COMMIT_POM.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "libraryId": { 4 | "artifact": "foo", 5 | "version": "0.9", 6 | "group": "org.lib" 7 | }, 8 | "source": "PRE_COMMIT_POM", 9 | "affected": true, 10 | "explanation": "Foo" 11 | }, 12 | { 13 | "libraryId": { 14 | "artifact": "foo", 15 | "version": "1.0.0-GA", 16 | "group": "org.lib" 17 | }, 18 | "source": "PRE_COMMIT_POM", 19 | "affected": false, 20 | "explanation": null 21 | } 22 | ] -------------------------------------------------------------------------------- /rest-backend/src/test/resources/dummy_app/bug_bar.json: -------------------------------------------------------------------------------- 1 | { 2 | "bugId": "bug-bar", 3 | "source": "NVD", 4 | "description": "Bla", 5 | "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0051", 6 | "constructChanges": [ 7 | { 8 | "repo": "svn.apache.org", 9 | "commit": "1234567", 10 | "repoPath": "/branch/1.x/src/main/java/com/acme/Bar.java", 11 | "constructId": { 12 | "lang": "JAVA", 13 | "type": "CLAS", 14 | "qname": "com.acme.Bar" 15 | }, 16 | "committedAt": "2016-05-13T14:35:50.274+0000", 17 | "constructChangeType": "MOD" 18 | }, 19 | { 20 | "repo": "svn.apache.org", 21 | "commit": "1234567", 22 | "repoPath": "/trunk/src/main/java/com/acme/Bar.java", 23 | "constructId": { 24 | "lang": "JAVA", 25 | "type": "CLAS", 26 | "qname": "com.acme.Bar" 27 | }, 28 | "committedAt": "2016-05-13T14:35:50.274+0000", 29 | "constructChangeType": "MOD" 30 | } 31 | ] 32 | } -------------------------------------------------------------------------------- /rest-backend/src/test/resources/dummy_app/goal_execution.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": null, 3 | "goal": "APP", 4 | "createdAt": null, 5 | "startedAtClient": "2016-06-01T20:39:26.405+0000", 6 | "runtimeNano": 44444, 7 | "executionId": "APP-1234", 8 | "exception": "ExampleException", 9 | "memMax": 11111, 10 | "memUsedMax": 33333, 11 | "memUsedAvg": 22222, 12 | "clientVersion": "1.1.0-SNAPSHOT", 13 | "configuration": [ 14 | { 15 | "source": "GOAL_CONFIG", 16 | "name": "entry", 17 | "value": "value" 18 | } 19 | ], 20 | "systemInfo": [ 21 | { 22 | "source": "GOAL_CONFIG", 23 | "name": "entry", 24 | "value": "value" 25 | } 26 | ], 27 | "statistics": { 28 | "abc": 123 29 | } 30 | } -------------------------------------------------------------------------------- /rest-backend/src/test/resources/dummy_app/lib.json: -------------------------------------------------------------------------------- 1 | { 2 | "digest": "sha1", 3 | "digestAlgorithm": "SHA1", 4 | "properties": [ 5 | { 6 | "source": "JAVA_MANIFEST", 7 | "name": "entry", 8 | "value": "value" 9 | } 10 | ], 11 | "constructs": [ 12 | { 13 | "lang": "JAVA", 14 | "type": "CLAS", 15 | "qname": "org.lib.Foo" 16 | }, 17 | { 18 | "lang": "JAVA", 19 | "type": "CONS", 20 | "qname": "org.lib.Foo()" 21 | }, 22 | { 23 | "lang": "JAVA", 24 | "type": "METH", 25 | "qname": "org.lib.Foo.bar()" 26 | } 27 | ], 28 | "libraryId": { 29 | "group": "org.lib", 30 | "artifact": "foo", 31 | "version": "1.0.0" 32 | }, 33 | "wellknownDigest": true 34 | } -------------------------------------------------------------------------------- /rest-backend/src/test/resources/dummy_app/lib_bar.json: -------------------------------------------------------------------------------- 1 | { 2 | "digest": "123", 3 | "digestAlgorithm": "SHA1", 4 | "properties": [ 5 | { 6 | "source": "JAVA_MANIFEST", 7 | "name": "entry", 8 | "value": "value" 9 | } 10 | ], 11 | "constructs": [ 12 | { 13 | "lang": "JAVA", 14 | "type": "CLAS", 15 | "qname": "org.lib.Foo" 16 | }, 17 | { 18 | "lang": "JAVA", 19 | "type": "CONS", 20 | "qname": "org.lib.Foo()" 21 | }, 22 | { 23 | "lang": "JAVA", 24 | "type": "METH", 25 | "qname": "org.lib.Foo.bar()" 26 | } 27 | ], 28 | "libraryId": { 29 | "group": "org.lib", 30 | "artifact": "bar", 31 | "version": "1.0.0" 32 | }, 33 | "wellknownDigest": false 34 | } -------------------------------------------------------------------------------- /rest-backend/src/test/resources/dummy_app/path.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "app": { 4 | "group": "com.acme", 5 | "artifact": "vulas", 6 | "version": "0.0.1" 7 | }, 8 | "bug": "bug-bar", 9 | "executionId": "A2C-1234", 10 | "source": "T2C", 11 | "path": [ 12 | { 13 | "constructId": { 14 | "lang": "JAVA", 15 | "type": "METH", 16 | "qname": "com.acme.Vulas.vulas()" 17 | }, 18 | "lib": null 19 | }, 20 | { 21 | "constructId": { 22 | "lang": "JAVA", 23 | "type": "CONS", 24 | "qname": "org.lib.Foo()" 25 | }, 26 | "lib": "sha1" 27 | }, 28 | { 29 | "constructId": { 30 | "lang": "JAVA", 31 | "type": "METH", 32 | "qname": "org.lib.Foo.bar()" 33 | }, 34 | "lib": "sha1" 35 | } 36 | ], 37 | "length": 3 38 | } 39 | ] -------------------------------------------------------------------------------- /rest-backend/src/test/resources/dummy_app/trace.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "app": { 4 | "artifact": "vulas", 5 | "version": "0.0.1", 6 | "group": "com.acme" 7 | }, 8 | "lib": "sha1", 9 | "filename": "commons-lib.jar", 10 | "count": 1, 11 | "tracedAt": "2016-05-13T14:35:50.274+0000", 12 | "executionId": "TEST-1234", 13 | "constructId": { 14 | "lang": "JAVA", 15 | "type": "METH", 16 | "qname": "org.lib.Foo.bar()" 17 | } 18 | }, 19 | { 20 | "app": { 21 | "artifact": "vulas", 22 | "version": "0.0.1", 23 | "group": "com.acme" 24 | }, 25 | "lib": null, 26 | "filename": null, 27 | "count": 1, 28 | "tracedAt": "2016-05-13T14:35:50.274+0000", 29 | "executionId": "TEST-1234", 30 | "constructId": { 31 | "lang": "JAVA", 32 | "type": "METH", 33 | "qname": "com.acme.Vulas.vulas()" 34 | } 35 | } 36 | ] -------------------------------------------------------------------------------- /rest-backend/src/test/resources/jira-search-cve-2014-0050.json: -------------------------------------------------------------------------------- 1 | { 2 | "startAt": 0, 3 | "maxResults": 50, 4 | "total": 0, 5 | "issues": [] 6 | } -------------------------------------------------------------------------------- /rest-backend/src/test/resources/real_examples/commons-fileupload-1.3.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/rest-backend/src/test/resources/real_examples/commons-fileupload-1.3.1.jar -------------------------------------------------------------------------------- /rest-backend/src/test/resources/select_stmts.sql: -------------------------------------------------------------------------------- 1 | -- App-related selects 2 | SELECT * FROM APP ; 3 | SELECT * FROM APP_CONSTRUCTS ; 4 | 5 | SELECT * FROM APP_DEPENDENCY; 6 | SELECT * FROM APP_DEPENDENCY_REACHABLE_CONSTRUCT_IDS; 7 | SELECT * FROM APP_DEPENDENCY_TOUCH_POINTS; 8 | 9 | SELECT * FROM APP_GOAL_EXE; 10 | SELECT * FROM APP_GOAL_EXE_CONFIGURATION; 11 | SELECT * FROM APP_GOAL_EXE_SYSTEM_INFO; 12 | SELECT * FROM APP_GOAL_EXE_SYSTEM_INFO; 13 | 14 | SELECT * FROM APP_PATH ; 15 | SELECT * FROM APP_PATH_PATH ; 16 | 17 | SELECT * FROM APP_TRACE; 18 | 19 | -- Bug-related selects 20 | SELECT * FROM BUG ; 21 | SELECT * FROM BUG_AFFECTED_LIBRARY; 22 | SELECT * FROM BUG_CONSTRUCT_CHANGE; 23 | 24 | -- Library-related selects 25 | SELECT * FROM LIB ; 26 | SELECT * FROM LIB_CONSTRUCTS ; 27 | SELECT * FROM LIB_PROPERTIES; 28 | 29 | -- Cross-cutting selects 30 | SELECT * FROM CONSTRUCT_ID ; 31 | SELECT * FROM LIBRARY_ID ; 32 | SELECT * FROM PROPERTY; -------------------------------------------------------------------------------- /rest-backend/src/test/resources/update_postman_target.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z ${1+x} ]; 4 | then 5 | echo "Please provide the URL (w/o scheme, with port) of the Vulas backend to be used in the Postman collection, e.g., localhost:8091"; 6 | else 7 | echo "[$1] will be used as URL of the Vulas backend in the Postman collection"; 8 | sed "s/localhost:8091/$1/" vulas3.postman_collection.json > vulas3.postman_collection_alt.json 9 | fi 10 | -------------------------------------------------------------------------------- /rest-lib-utils/src/main/java/org/eclipse/steady/cia/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | package org.eclipse.steady.cia; 20 | -------------------------------------------------------------------------------- /rest-lib-utils/src/main/resources/META-INF/services/org.eclipse.steady.cia.util.RepositoryWrapper: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.cia.util.MavenCentralWrapper 2 | org.eclipse.steady.cia.util.NexusWrapper 3 | #org.eclipse.steady.cia.util.PypiWrapper 4 | -------------------------------------------------------------------------------- /rest-lib-utils/src/test/resources/META-INF/services/org.eclipse.steady.cia.util.RepositoryWrapper: -------------------------------------------------------------------------------- 1 | org.eclipse.steady.cia.util.MavenCentralWrapper 2 | org.eclipse.steady.cia.util.NexusWrapper 3 | org.eclipse.steady.cia.util.PypiWrapper 4 | -------------------------------------------------------------------------------- /rest-lib-utils/src/test/resources/commons-fileupload-1.1.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/rest-lib-utils/src/test/resources/commons-fileupload-1.1.1.jar -------------------------------------------------------------------------------- /rest-lib-utils/src/test/resources/commons-fileupload-1.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/rest-lib-utils/src/test/resources/commons-fileupload-1.1.jar -------------------------------------------------------------------------------- /rest-lib-utils/src/test/resources/commons-fileupload-1.2.2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/rest-lib-utils/src/test/resources/commons-fileupload-1.2.2.jar -------------------------------------------------------------------------------- /rest-lib-utils/src/test/resources/commons-fileupload-1.3.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/rest-lib-utils/src/test/resources/commons-fileupload-1.3.1.jar -------------------------------------------------------------------------------- /rest-lib-utils/src/test/resources/commons-fileupload-1.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/rest-lib-utils/src/test/resources/commons-fileupload-1.3.jar -------------------------------------------------------------------------------- /shared/src/main/java/org/eclipse/steady/shared/connectivity/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | /** 20 | * Contained classes support the connectivity of RESTful services. 21 | * 22 | */ 23 | package org.eclipse.steady.shared.connectivity; 24 | -------------------------------------------------------------------------------- /shared/src/main/java/org/eclipse/steady/shared/json/model/metrics/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | /** 20 | * Contains metrics classes as produced by vulas-backend and vulas-cia. 21 | */ 22 | package org.eclipse.steady.shared.json.model.metrics; 23 | -------------------------------------------------------------------------------- /shared/src/main/java/org/eclipse/steady/shared/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | package org.eclipse.steady.shared; 20 | -------------------------------------------------------------------------------- /shared/src/main/resources/steady-version.properties: -------------------------------------------------------------------------------- 1 | # 2 | # This file is part of Eclipse Steady. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # SPDX-License-Identifier: Apache-2.0 17 | # SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | # 19 | 20 | # Placeholders replaced during Maven build 21 | vulas.shared.version=$version$ 22 | vulas.shared.buildTimestamp=$buildTimestamp$ 23 | vulas.shared.buildNumber=$buildNumber$ 24 | vulas.shared.buildBranch=$buildScmBranch$ -------------------------------------------------------------------------------- /shared/src/test/java/org/eclipse/steady/shared/categories/Slow.java: -------------------------------------------------------------------------------- 1 | /** 2 | * This file is part of Eclipse Steady. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | * SPDX-License-Identifier: Apache-2.0 17 | * SPDX-FileCopyrightText: Copyright (c) 2018-2020 SAP SE or an SAP affiliate company and Eclipse Steady contributors 18 | */ 19 | package org.eclipse.steady.shared.categories; 20 | 21 | import org.junit.Test; 22 | 23 | /** 24 | * Indicates that a given {@link Test} is very slow. 25 | * 26 | */ 27 | public interface Slow {} 28 | -------------------------------------------------------------------------------- /shared/src/test/resources/Outer.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eclipse-steady/steady/8c216f1dd4d77e2bfab10e9892fe11a2f0c4ed69/shared/src/test/resources/Outer.jar -------------------------------------------------------------------------------- /shared/src/test/resources/foo.txt: -------------------------------------------------------------------------------- 1 | foo bar baz -------------------------------------------------------------------------------- /shared/src/test/resources/foo/bar/bar.baz: -------------------------------------------------------------------------------- 1 | Test file -------------------------------------------------------------------------------- /shared/src/test/resources/foo/bar/foo.bar: -------------------------------------------------------------------------------- 1 | Test file -------------------------------------------------------------------------------- /shared/src/test/resources/foo/bar/readme.txt: -------------------------------------------------------------------------------- 1 | Test file for DirWithFileSearch.java 2 | -------------------------------------------------------------------------------- /shared/src/test/resources/steady-test.properties: -------------------------------------------------------------------------------- 1 | vulas.bar = https:\/\/foo.com\/bar --------------------------------------------------------------------------------