/java_vulnerability_checker

Primary LanguagePython

Code Explanation and Usage

This Python code is designed to parse an XML file, retrieve information about dependencies from it, and check for vulnerabilities associated with each dependency. It uses the xml.etree.ElementTree module to parse the XML file, BeautifulSoup for web scraping, and selenium for automated browser interaction.

Prerequisites

Before running this code, make sure you have the following:

  • Python installed on your system.
  • The required Python packages installed:bs4, and selenium.
  • The pom_file.xml file in the same directory as this main.

Usage

  1. Install the required packages if you haven't already. You can use pip to install them:
pip install bs4 selenium
  1. Save the above code in a file named main.py.
  2. Place the pom_file.xml in the same directory as the main.py file.
  3. Open a terminal or command prompt and navigate to the directory containing the main.
  4. Execute the main:
python main.py

Output

The code generates a CSV file named vulnerability_output.csv with the following columns: groupId, artifactId, version, vulnerability, and url. Each row in the file represents a dependency and its corresponding vulnerability information.

Please make sure you have write permissions in the current directory to create and modify the vulnerability_output.csv file.

Note: You may need to update the code if you want to modify the file name or path for the XML file or output file.

Input Example

<root>
    <dependencies>
        <dependency>
            <groupId>org.glassfish</groupId>
            <artifactId>javax.faces</artifactId>
            <version>${javax.faces.version}</version>
        </dependency>
        <dependency>
            <groupId>org.jboss.weld.servlet</groupId>
            <artifactId>weld-servlet-shaded</artifactId>
            <version>3.0.0.Final</version>
        </dependency>
        <dependency>
            <groupId>org.primefaces.themes</groupId>
            <artifactId>cupertino</artifactId>
            <version>${primefaces.theme.cupertino.version}</version>
        </dependency>
    </dependencies>
    <properties>
        <javax.faces.version>2.3.0</javax.faces.version>
        <primefaces.theme.cupertino.version>1.0.10</primefaces.theme.cupertino.version>
    </properties>
</root>

Output Example

Group Id,Artifact Id,Version,Vulnerability,URL
org.glassfish,javax.faces,2.3.0, 1,https://mvnrepository.com/artifact/org.glassfish/javax.faces
org.jboss.weld.servlet,weld-servlet-shaded,3.0.0.Final, 0,https://mvnrepository.com/artifact/org.jboss.weld.servlet/weld-servlet-shaded
org.primefaces.themes,cupertino,1.0.10, 0,https://mvnrepository.com/artifact/org.primefaces.themes/cupertino

Analytics

Alt