Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support newest OWASP Dependency check version (9.x) #7655

Closed
denniebouman opened this issue Dec 12, 2023 · 1 comment · Fixed by #7656
Closed

Support newest OWASP Dependency check version (9.x) #7655

denniebouman opened this issue Dec 12, 2023 · 1 comment · Fixed by #7656
Assignees
@fniessink
Labels
Feature New, enhanced, or removed feature

Comments

@denniebouman
Copy link
Member

denniebouman commented Dec 12, 2023
edited
Loading

Is your feature request related to a problem? Please describe.
After the upgrade to the latest OWASP Dependency check version (9.x), QT report errors, due to a changed xsd.

Error:

File "/home/collector/collector_utilities/functions.py", line 24, in parse_source_response_xml
    raise XMLRootElementError(allowed_root_tags, tree.tag)
collector_utilities.exceptions.XMLRootElementError: The XML root element should be one of "['{https://jeremylong.github.io/DependencyCheck/dependency-check.2.0.xsd}analysis', '{https://jeremylong.github.io/DependencyCheck/dependency-check.2.1.xsd}analysis', '{https://jeremylong.github.io/DependencyCheck/dependency-check.2.2.xsd}analysis', '{https://jeremylong.github.io/DependencyCheck/dependency-check.2.3.xsd}analysis', '{https://jeremylong.github.io/DependencyCheck/dependency-check.2.4.xsd}analysis', '{https://jeremylong.github.io/DependencyCheck/dependency-check.2.5.xsd}analysis', '{https://jeremylong.github.io/DependencyCheck/dependency-check.3.0.xsd}analysis', '{https://jeremylong.github.io/DependencyCheck/dependency-check.3.1.xsd}analysis']" but is "{https://jeremylong.github.io/DependencyCheck/dependency-check.4.0.xsd}analysis"

Describe the solution you'd like
Support version 4.0 of the xsd.
<analysis xmlns="https://jeremylong.github.io/DependencyCheck/dependency-check.4.0.xsd"><scanInfo><engineVersion>9.0.4</engineVersion>
@denniebouman denniebouman added the Feature New, enhanced, or removed feature label Dec 12, 2023
@fniessink fniessink self-assigned this Dec 12, 2023
@fniessink
Copy link
Member

The only diff is in an attribute Quality-time does not use.

diff ~/Downloads/dependency-check.3.1.xsd.xml ~/Downloads/dependency-check.4.0.xsd.xml

5,6c5,6
<            targetNamespace="https://jeremylong.github.io/DependencyCheck/dependency-check.3.1.xsd"
<            xmlns:dc="https://jeremylong.github.io/DependencyCheck/dependency-check.3.1.xsd">
---
>            targetNamespace="https://jeremylong.github.io/DependencyCheck/dependency-check.4.0.xsd"
>            xmlns:dc="https://jeremylong.github.io/DependencyCheck/dependency-check.4.0.xsd">
93c93
<             <xs:element name="confidentialImpact" type="xs:string" minOccurs="1" maxOccurs="1"/>
---
>             <xs:element name="confidentialityImpact" type="xs:string" minOccurs="1" maxOccurs="1"/>

fniessink added a commit that referenced this issue Dec 12, 2023
@fniessink
- Support version 4.0 of the OWASP Dependency Check DTD (OWASP Depend…
c0667d9 
…ency Check version 9). Closes #7655.
@fniessink fniessink mentioned this issue Dec 12, 2023
Merged
@fniessink fniessink linked a pull request Dec 12, 2023 that will close this issue
- Support version 4.0 of the OWASP Dependency Check DTD (OWASP Depend… #7656
Merged
fniessink added a commit that referenced this issue Dec 12, 2023
@fniessink
- Support version 4.0 of the OWASP Dependency Check DTD (OWASP Depend…
43ed599 
…ency Check version 9). Closes #7655.
@fniessink fniessink mentioned this issue Dec 13, 2023
Closed
@fniessink fniessink moved this to Released in Quality-time backlog May 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fniessink fniessink

Labels
Feature New, enhanced, or removed feature
Projects
Quality-time backlog
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

- Support version 4.0 of the OWASP Dependency Check DTD (OWASP Depend… ICTU/quality-time
2 participants
@fniessink @denniebouman