java source code of AbstractPolicySecurityTest

steady-master
- NOTICE.txt
- .github
  - main.workflow
  - PULL_REQUEST_TEMPLATE.md
  - ISSUE_TEMPLATE
    - feature_request.md
    - bug_report.md
- plugin-gradle
  - src
    - main
      - java
        com
        sap
        vulas
        gradle
        VulasPluginCommon.java
        GradlePluginReport.java
        VulasPlugin.java
        GradlePluginApp.java
        AbstractVulasTask.java
        GradlePluginA2C.java
        GradlePluginClean.java
        GradleProjectUtilities.java
      - groovy
        com
        sap
        vulas
        gradle
        DependencyResolver.groovy
    - test
      - resources
        android-libs
        android-lib2
        src
        main
        res
        values
        strings.xml
        AndroidManifest.xml
        java
        com
        sap
        mobile
        android
        validationlib
        Greeter.java
        build.gradle
        gradle.properties
        android-lib1
        src
        main
        res
        values
        strings.xml
        AndroidManifest.xml
        java
        com
        sap
        mobile
        android
        validationlib
        Greeter.java
        build.gradle
        build.gradle
        settings.gradle
        java-lib
        src
        main
        java
        Library.java
        test
        java
        LibraryTest.java
        gradle.properties
        build.gradle
        settings.gradle
      - java
        com
        sap
        vulas
        gradle
        VulasBaseTest.java
        GradleTestProject.java
        AndroidLibsTest.java
        JavaLibTest.java
  - gradle
    - wrapper
      - gradle-wrapper.properties
      - gradle-wrapper.jar
  - pom.xml
  - gradlew.bat
  - gradlew
  - build.gradle
  - README.md
  - settings.gradle
- CONTRIBUTORS.md
- lang-java-init
  - pom.xml
  - lib
    - changedistiller-0.0.4-SNAPSHOT.jar
- plugin-maven
  - src
    - main
      - resources
        vulas-plugin-maven.properties
      - java
        com
        sap
        psr
        vulas
        mvn
        MvnPluginBom.java
        AbstractVulasSpaceMojo.java
        MvnPluginT2C.java
        MvnPluginSpaceClean.java
        MvnPluginReport.java
        MvnPluginA2C.java
        AbstractVulasMojo.java
        VulasAgentMojo.java
        MvnPluginInstr.java
        MvnPluginClean.java
        MvnPluginUpload.java
    - it
      - settings.xml
      - java
        VulasMavenPluginTests.java
        StubServerSetup.java
      - simple-it
        pom.xml
        verify.groovy
    - test
      - resources
        testproject
        src
        main
        java
        com
        acme
        Simple.java
        test
        java
        SimpleTest.java
        pom.xml
        backwardComppom.xml
        mixedpom.xml
        unitTestPom
        pom.xml
        pom2.xml
      - java
        com
        sap
        psr
        vulas
        mvn
        VulasAgentOptionsTests.java
        TestProjectStub.java
        AbstractVulasMojoTest.java
  - pom.xml
- lang-java
  - src
    - main
      - resources
        vulas-core-sign.properties
        META-INF
        services
        com.sap.psr.vulas.sign.SignatureFactory
        com.sap.psr.vulas.FileAnalyzer
        com.sap.psr.vulas.tasks.BomTask
        vulas-java.properties
      - antlr4
        com
        sap
        psr
        vulas
        java
        antlr
        JavaParser.g4
        JavaLexer.g4
      - sh
        find_jars.sh
      - java
        com
        sap
        psr
        vulas
        monitor
        DynamicTransformer.java
        IInstrumentor.java
        ClassPoolUpdater.java
        AbstractInstrumentor.java
        PrintlnInstrumentor.java
        trace
        SingleStackTraceInstrumentor.java
        AbstractTraceInstrumentor.java
        SingleTraceInstrumentor.java
        StackTraceInstrumentor.java
        PathNode.java
        StackTraceUtil.java
        ConstructUsage.java
        TraceCollector.java
        InstrumentationControl.java
        slice
        SliceInstrumentor.java
        InstrumentorFactory.java
        UploadScheduler.java
        ClassNameLoaderFilter.java
        LoaderHierarchy.java
        LoaderFilter.java
        touch
        TouchPointCollector.java
        ConstructIdUtil.java
        TouchPointInstrumentor.java
        Loader.java
        ClassVisitor.java
        ExecutionMonitor.java
        java
        sign
        DistillerUtil.java
        CompilationUtils.java
        UniqueNameNormalizer.java
        gson
        GsonHelper.java
        package-info.java
        ASTSignatureChangeSerializer.java
        ASTConstructBodySignatureSerializer.java
        ASTSignatureDeserializer.java
        ASTSignatureChangeDeserializer.java
        ASTConstructBodySignatureDeserializer.java
        ASTConstructBodySignature.java
        package-info.java
        ASTSignatureChange.java
        JavaSignatureFactory.java
        ASTSignatureComparator.java
        ASTSignature.java
        ASTUtil.java
        JavaMethodId.java
        JavaFileAnalyzer2.java
        ClassFileAnalyzer.java
        AarAnalyzer.java
        PomParser.java
        goals
        InstrGoal.java
        ArchiveAnalysisManager.java
        JavaInterfaceId.java
        decompiler
        ProcyonDecompiler.java
        IDecompiler.java
        JavaEnumId.java
        JarAnalyzer.java
        JarWriter.java
        tasks
        package-info.java
        JavaBomTask.java
        JavaClassId.java
        JarAnalysisException.java
        JavaClassInit.java
        WarAnalyzer.java
        JavaConstructorId.java
        JavaId.java
        JarEntryWriter.java
        JavaPackageId.java
    - test
      - resources
        bugs.json
        ShortFileException.class
        classpath
        OuterClass.class
        StaticFinal.class
        StaticBlock.class
        StaticFields.class
        StaticMethod.class
        BasicClass.class
        OuterClass$InnerClass.class
        DumpArchiveEntry.class
        OuterClass.class
        org.eclipse.equinox.cm_1.0.400.v20120319-2029.jar
        TarUtils.java
        TarUtils.class
        cucumber-android-4.3.0.aar
        examples.jar
        Filter.java
        BZip2CompressorOutputStream.java
        ArchivePrinter$InnerNonStaticClass.class
        vulnAppArchiveDependency.json
        methodBody
        BZip2CompressorOutputStreamFix.java
        BZip2CompressorOutputStream.class
        MultipartStream121.java
        BZip2CompressorOutputStreamDef.java
        AbstractCommonHostnameVerifierDef.java
        M_getCNs_V
        AbstractCommonHostnameVerifier.java
        BZip2CompressorOutputStream.java
        Test.java
        C_MultipartStream_V
        FileUploadBase$FileItemIteratorImpl$FileItemStreamImpl$1.java
        AbstractVerifier.class
        AbstractCommonHostnameVerifierFix.java
        J_MultipartStream.java
        MultipartStream.java
        FileUploadBase.java
        SevenZArchiveEntry.java
        MultipartStreamFix.java
        deserialize
        signatureChange.json
        signatureDef.json
        signatureFix.json
        signatureUnknown.json
        signature.json
        M_getCNs_F
        AbstractVerifier.java
        MultipartStreamDef.java
        J_AbstractVerifier_F.java
        C_MultipartStream_F
        AbstractVerifierFix.java
        AbstractVerifierDef.java
        J_AbstractVerifier_V.java
        Callgraph.java
        AbstractVerifier.class
        FileUploadBase$InvalidContentTypeException.java
        Collector.java
        Callgraph.class
        FileUploadBase.class
        diverse.jar
        vulndepJsonExpected.json
        constructIds.json
        ArchivePrinter.class
        commons-fileupload-1.3.1.jar
        ws_security_1438423
        src
        main
        java
        org
        apache
        cxf
        ws
        security
        SecurityConstants.java
        kerberos
        KerberosUtils.java
        KerberosClient.java
        tokenstore
        EHCacheTokenStoreFactory.java
        SecurityToken.java
        EHCacheTokenStore.java
        TokenStoreFactory.java
        MemoryTokenStoreFactory.java
        MemoryTokenStore.java
        TokenStore.java
        policy
        SP12Constants.java
        interceptors
        SecurityVerificationOutInterceptor.java
        UsernameTokenInterceptorProvider.java
        NegotiationUtils.java
        HttpsTokenInterceptorProvider.java
        WSSecurityPolicyInterceptorProvider.java
        SpnegoContextTokenOutInterceptor.java
        Messages.properties
        SpnegoTokenInterceptorProvider.java
        SecureConversationOutInterceptor.java
        WSSecurityInterceptorProvider.java
        SamlTokenInterceptorProvider.java
        SecureConversationTokenInterceptorProvider.java
        IssuedTokenInterceptorProvider.java
        SecureConversationInInterceptor.java
        STSInvoker.java
        KerberosTokenInterceptorProvider.java
        SpnegoContextTokenInInterceptor.java
        builders
        WSS11Builder.java
        SupportingTokens12Builder.java
        SecureConversationTokenBuilder.java
        InitiatorSignatureTokenBuilder.java
        SupportingTokensBuilder.java
        RequiredElementsBuilder.java
        RecipientEncryptionTokenBuilder.java
        UsernameTokenBuilder.java
        SecurityContextTokenBuilder.java
        TransportBindingBuilder.java
        SignedPartsBuilder.java
        HttpsTokenBuilder.java
        X509TokenBuilder.java
        RecipientSignatureTokenBuilder.java
        EncryptedElementsBuilder.java
        KerberosTokenBuilder.java
        SpnegoContextTokenBuilder.java
        RequiredPartsBuilder.java
        AsymmetricBindingBuilder.java
        SymmetricBindingBuilder.java
        ContentEncryptedElementsBuilder.java
        Trust10Builder.java
        SamlTokenBuilder.java
        TransportTokenBuilder.java
        LayoutBuilder.java
        InitiatorEncryptionTokenBuilder.java
        IssuedTokenBuilder.java
        WSS10Builder.java
        AlgorithmSuiteBuilder.java
        KeyValueTokenBuilder.java
        SignedElementsBuilder.java
        RecipientTokenBuilder.java
        InitiatorTokenBuilder.java
        EncryptedPartsBuilder.java
        ProtectionTokenBuilder.java
        Trust13Builder.java
        WSSPolicyException.java
        SP11Constants.java
        SPConstants.java
        model
        KerberosToken.java
        Token.java
        Trust10.java
        RecipientSignatureToken.java
        AsymmetricBinding.java
        SecurityContextToken.java
        InitiatorToken.java
        Header.java
        ProtectionToken.java
        Wss10.java
        IssuedToken.java
        InitiatorSignatureToken.java
        UsernameToken.java
        SpnegoContextToken.java
        Messages.properties
        KeyValueToken.java
        AlgorithmSuite.java
        RequiredElements.java
        SamlToken.java
        RecipientToken.java
        SignatureToken.java
        InitiatorEncryptionToken.java
        ContentEncryptedElements.java
        RequiredParts.java
        X509Token.java
        SignedEncryptedElements.java
        Binding.java
        AbstractSecurityAssertion.java
        Layout.java
        TokenWrapper.java
        EncryptionToken.java
        TransportBinding.java
        AlgorithmWrapper.java
        SignedEncryptedParts.java
        SymmetricAsymmetricBindingBase.java
        TransportToken.java
        SupportingToken.java
        RecipientEncryptionToken.java
        HttpsToken.java
        SymmetricBinding.java
        Trust13.java
        SecureConversationToken.java
        Wss11.java
        WSSecurityPolicyLoader.java
        SP13Constants.java
        custom
        AlgorithmSuiteLoader.java
        DefaultAlgorithmSuiteLoader.java
        GCMAlgorithmSuite.java
        wss4j
        AbstractWSS4JInterceptor.java
        CryptoCoverageUtil.java
        WSS4JTokenConverter.java
        WSS4JOutInterceptor.java
        SamlTokenInterceptor.java
        CryptoCoverageChecker.java
        SAMLUtils.java
        Messages.properties
        WSS4JUtils.java
        AbstractUsernameTokenAuthenticatingInterceptor.java
        WSS4JInInterceptor.java
        PolicyBasedWSS4JInInterceptor.java
        policyhandlers
        AbstractBindingBuilder.java
        SymmetricBindingHandler.java
        WSSecurityTokenHolder.java
        TransportBindingHandler.java
        AsymmetricBindingHandler.java
        DelegatingCallbackHandler.java
        DefaultCryptoCoverageChecker.java
        UsernameTokenInterceptor.java
        policyvalidators
        DefaultClaimsPolicyValidator.java
        SignedEncryptedTokenPolicyValidator.java
        IssuedTokenPolicyValidator.java
        SignedTokenPolicyValidator.java
        AbstractSamlPolicyValidator.java
        EndorsingEncryptedTokenPolicyValidator.java
        TransportBindingPolicyValidator.java
        SignedEndorsingEncryptedTokenPolicyValidator.java
        SignedEndorsingTokenPolicyValidator.java
        WSS11PolicyValidator.java
        AbstractBindingPolicyValidator.java
        ClaimsPolicyValidator.java
        EncryptedTokenPolicyValidator.java
        SamlTokenPolicyValidator.java
        SecurityContextTokenPolicyValidator.java
        SupportingTokenPolicyValidator.java
        UsernameTokenPolicyValidator.java
        X509TokenPolicyValidator.java
        TokenPolicyValidator.java
        BindingPolicyValidator.java
        AsymmetricBindingPolicyValidator.java
        AbstractTokenPolicyValidator.java
        EndorsingTokenPolicyValidator.java
        SymmetricBindingPolicyValidator.java
        KerberosTokenPolicyValidator.java
        ConcreteSupportingTokenPolicyValidator.java
        AbstractSupportingTokenPolicyValidator.java
        PolicyBasedWSS4JOutInterceptor.java
        cache
        CacheCleanupListener.java
        EHCacheReplayCacheFactory.java
        EHCacheManagerHolder.java
        ReplayCacheFactory.java
        MemoryReplayCacheFactory.java
        EHCacheReplayCache.java
        sts
        provider
        SecurityTokenServiceImpl.java
        SecurityTokenServiceProvider.java
        SecurityTokenService.java
        operation
        ValidateOperation.java
        KeyExchangeTokenOperation.java
        RenewOperation.java
        IssueSingleOperation.java
        RequestCollectionOperation.java
        IssueOperation.java
        CancelOperation.java
        STSException.java
        trust
        delegation
        ReceivedTokenCallbackHandler.java
        WSSUsernameCallbackHandler.java
        DelegationCallback.java
        STSTokenValidator.java
        STSClient.java
        STSSamlAssertionValidator.java
        Messages.properties
        AuthPolicyValidatingInterceptor.java
        TrustException.java
        AbstractSTSClient.java
        claims
        ClaimsCallback.java
        STSUtils.java
        test
        java
        org
        apache
        cxf
        ws
        security
        tokenstore
        EHCacheTokenStoreTest.java
        MemoryTokenStoreTest.java
        wss4j
        WSS4JOutInterceptorTest.java
        KeystorePasswordCallback.java
        UserNameTokenAuthorizationTest.java
        WSS4JFaultCodeTest.java
        DefaultCryptoCoverageCheckerTest.java
        CryptoCoverageCheckerTest.java
        SecurityVerificationOutTest.java
        EchoImpl.java
        WSS4JInOutTest.java
        Echo.java
        AbstractSecurityTest.java
        AbstractPolicySecurityTest.java
        PolicyBasedWss4JInOutTest.java
        SimpleSubjectCreatingInterceptor.java
        TestPwdCallback.java
        saml
        SamlTokenTest.java
        SAML2CallbackHandler.java
        SAML1CallbackHandler.java
        AbstractSAMLCallbackHandler.java
        CustomSamlValidator.java
        PolicyBasedSamlTest.java
        RoundTripTest.java
        SignatureConfirmationTest.java
        CustomProcessor.java
        sts
        STSClientTest.java
        provider
        SecurityTokenServiceProviderTest.java
        SecurityTokenServiceImplTest.java
        trust
        AuthPolicyValidatingInterceptorTest.java
        ws_security_1438424
        src
        main
        java
        org
        apache
        cxf
        ws
        security
        SecurityConstants.java
        kerberos
        KerberosUtils.java
        KerberosClient.java
        tokenstore
        EHCacheTokenStoreFactory.java
        SecurityToken.java
        EHCacheTokenStore.java
        TokenStoreFactory.java
        MemoryTokenStoreFactory.java
        MemoryTokenStore.java
        TokenStore.java
        policy
        SP12Constants.java
        interceptors
        SecurityVerificationOutInterceptor.java
        UsernameTokenInterceptorProvider.java
        NegotiationUtils.java
        HttpsTokenInterceptorProvider.java
        WSSecurityPolicyInterceptorProvider.java
        SpnegoContextTokenOutInterceptor.java
        Messages.properties
        SpnegoTokenInterceptorProvider.java
        SecureConversationOutInterceptor.java
        WSSecurityInterceptorProvider.java
        SamlTokenInterceptorProvider.java
        SecureConversationTokenInterceptorProvider.java
        IssuedTokenInterceptorProvider.java
        SecureConversationInInterceptor.java
        STSInvoker.java
        KerberosTokenInterceptorProvider.java
        SpnegoContextTokenInInterceptor.java
        builders
        WSS11Builder.java
        SupportingTokens12Builder.java
        SecureConversationTokenBuilder.java
        InitiatorSignatureTokenBuilder.java
        SupportingTokensBuilder.java
        RequiredElementsBuilder.java
        RecipientEncryptionTokenBuilder.java
        UsernameTokenBuilder.java
        SecurityContextTokenBuilder.java
        TransportBindingBuilder.java
        SignedPartsBuilder.java
        HttpsTokenBuilder.java
        X509TokenBuilder.java
        RecipientSignatureTokenBuilder.java
        EncryptedElementsBuilder.java
        KerberosTokenBuilder.java
        SpnegoContextTokenBuilder.java
        RequiredPartsBuilder.java
        AsymmetricBindingBuilder.java
        SymmetricBindingBuilder.java
        ContentEncryptedElementsBuilder.java
        Trust10Builder.java
        SamlTokenBuilder.java
        TransportTokenBuilder.java
        LayoutBuilder.java
        InitiatorEncryptionTokenBuilder.java
        IssuedTokenBuilder.java
        WSS10Builder.java
        AlgorithmSuiteBuilder.java
        KeyValueTokenBuilder.java
        SignedElementsBuilder.java
        RecipientTokenBuilder.java
        InitiatorTokenBuilder.java
        EncryptedPartsBuilder.java
        ProtectionTokenBuilder.java
        Trust13Builder.java
        WSSPolicyException.java
        SP11Constants.java
        SPConstants.java
        model
        KerberosToken.java
        Token.java
        Trust10.java
        RecipientSignatureToken.java
        AsymmetricBinding.java
        SecurityContextToken.java
        InitiatorToken.java
        Header.java
        ProtectionToken.java
        Wss10.java
        IssuedToken.java
        InitiatorSignatureToken.java
        UsernameToken.java
        SpnegoContextToken.java
        Messages.properties
        KeyValueToken.java
        AlgorithmSuite.java
        RequiredElements.java
        SamlToken.java
        RecipientToken.java
        SignatureToken.java
        InitiatorEncryptionToken.java
        ContentEncryptedElements.java
        RequiredParts.java
        X509Token.java
        SignedEncryptedElements.java
        Binding.java
        AbstractSecurityAssertion.java
        Layout.java
        TokenWrapper.java
        EncryptionToken.java
        TransportBinding.java
        AlgorithmWrapper.java
        SignedEncryptedParts.java
        SymmetricAsymmetricBindingBase.java
        TransportToken.java
        SupportingToken.java
        RecipientEncryptionToken.java
        HttpsToken.java
        SymmetricBinding.java
        Trust13.java
        SecureConversationToken.java
        Wss11.java
        WSSecurityPolicyLoader.java
        SP13Constants.java
        custom
        AlgorithmSuiteLoader.java
        DefaultAlgorithmSuiteLoader.java
        GCMAlgorithmSuite.java
        wss4j
        AbstractWSS4JInterceptor.java
        CryptoCoverageUtil.java
        WSS4JTokenConverter.java
        WSS4JOutInterceptor.java
        SamlTokenInterceptor.java
        CryptoCoverageChecker.java
        SAMLUtils.java
        Messages.properties
        WSS4JUtils.java
        AbstractUsernameTokenAuthenticatingInterceptor.java
        WSS4JInInterceptor.java
        PolicyBasedWSS4JInInterceptor.java
        policyhandlers
        AbstractBindingBuilder.java
        SymmetricBindingHandler.java
        WSSecurityTokenHolder.java
        TransportBindingHandler.java
        AsymmetricBindingHandler.java
        DelegatingCallbackHandler.java
        DefaultCryptoCoverageChecker.java
        UsernameTokenInterceptor.java
        policyvalidators
        DefaultClaimsPolicyValidator.java
        SignedEncryptedTokenPolicyValidator.java
        IssuedTokenPolicyValidator.java
        SignedTokenPolicyValidator.java
        AbstractSamlPolicyValidator.java
        EndorsingEncryptedTokenPolicyValidator.java
        TransportBindingPolicyValidator.java
        SignedEndorsingEncryptedTokenPolicyValidator.java
        SignedEndorsingTokenPolicyValidator.java
        WSS11PolicyValidator.java
        AbstractBindingPolicyValidator.java
        ClaimsPolicyValidator.java
        EncryptedTokenPolicyValidator.java
        SamlTokenPolicyValidator.java
        SecurityContextTokenPolicyValidator.java
        SupportingTokenPolicyValidator.java
        UsernameTokenPolicyValidator.java
        X509TokenPolicyValidator.java
        TokenPolicyValidator.java
        BindingPolicyValidator.java
        AsymmetricBindingPolicyValidator.java
        AbstractTokenPolicyValidator.java
        EndorsingTokenPolicyValidator.java
        SymmetricBindingPolicyValidator.java
        KerberosTokenPolicyValidator.java
        ConcreteSupportingTokenPolicyValidator.java
        AbstractSupportingTokenPolicyValidator.java
        PolicyBasedWSS4JOutInterceptor.java
        cache
        CacheCleanupListener.java
        EHCacheReplayCacheFactory.java
        EHCacheManagerHolder.java
        ReplayCacheFactory.java
        MemoryReplayCacheFactory.java
        EHCacheReplayCache.java
        sts
        provider
        SecurityTokenServiceImpl.java
        SecurityTokenServiceProvider.java
        SecurityTokenService.java
        operation
        ValidateOperation.java
        KeyExchangeTokenOperation.java
        RenewOperation.java
        IssueSingleOperation.java
        RequestCollectionOperation.java
        IssueOperation.java
        CancelOperation.java
        STSException.java
        trust
        delegation
        ReceivedTokenCallbackHandler.java
        WSSUsernameCallbackHandler.java
        DelegationCallback.java
        STSTokenValidator.java
        STSClient.java
        STSSamlAssertionValidator.java
        Messages.properties
        AuthPolicyValidatingInterceptor.java
        TrustException.java
        AbstractSTSClient.java
        claims
        ClaimsCallback.java
        STSUtils.java
        test
        java
        org
        apache
        cxf
        ws
        security
        tokenstore
        EHCacheTokenStoreTest.java
        MemoryTokenStoreTest.java
        wss4j
        WSS4JOutInterceptorTest.java
        KeystorePasswordCallback.java
        UserNameTokenAuthorizationTest.java
        WSS4JFaultCodeTest.java
        DefaultCryptoCoverageCheckerTest.java
        CryptoCoverageCheckerTest.java
        SecurityVerificationOutTest.java
        EchoImpl.java
        WSS4JInOutTest.java
        Echo.java
        AbstractSecurityTest.java
        AbstractPolicySecurityTest.java
        PolicyBasedWss4JInOutTest.java
        SimpleSubjectCreatingInterceptor.java
        TestPwdCallback.java
        saml
        SamlTokenTest.java
        SAML2CallbackHandler.java
        SAML1CallbackHandler.java
        AbstractSAMLCallbackHandler.java
        CustomSamlValidator.java
        PolicyBasedSamlTest.java
        RoundTripTest.java
        SignatureConfirmationTest.java
        CustomProcessor.java
        sts
        STSClientTest.java
        provider
        SecurityTokenServiceProviderTest.java
        SecurityTokenServiceImplTest.java
        trust
        AuthPolicyValidatingInterceptorTest.java
        MultipartStream.class
        FileUploadBase$InvalidContentTypeException.class
        com
        sap
        psr
        vulas
        java
        test
        OuterClass.class
        OuterClass$InnerClass.class
        OuterClass$InnerClass.class
        ArchivePrinter.java
      - java
        NestedDeclarationMess.java
        ClassWithoutPackage.java
        com
        sap
        psr
        vulas
        sign
        SignatureFactoryTest.java
        monitor
        AbstractGoalTest.java
        ConstructTransformerTest.java
        ClassVisitorTest.java
        java
        sign
        StringSimilarity.java
        gson
        ASTDeserializeSignComparatorTest.java
        StringSimilarityLevenshtein.java
        UniqueNamePreprocessorTest.java
        ASTSignatureComparatorTest.java
        StringSimilarityNGrams.java
        JarAnalyzerTest.java
        ClassPoolUpdaterTest.java
        JavaFileAnalyzer2Test.java
        AarAnalyzerTest.java
        JsonHelperTest.java
        test
        EnumTest.java
        TestAgainAnon.java
        DrinkEnumExample.java
        TestAnon.java
        TestInterface.java
        OuterClass.java
        TestClass$NoNestedClass.java
        ConfigurationKey.java
        HelloWorldAnonymousClasses.java
        Vanilla.java
        HttpRequestCompletionLog.java
        ConfigKey.java
        NestedDeclarationMess2.java
        Generics.java
        NestedDeclarations.java
        ClassFileAnalyzerTest.java
        WarAnalyzerTest.java
        decompiler
        IDecompilerTest.java
        JavaIdTest.java
        JarAnalysisManagerTest.java
        PomParserTest.java
        JarWriterTest.java
  - pom.xml
- pom.xml
- .travis
  - settings.xml
  - .env
  - vulas-custom.properties.sample
  - docker_hub_push_release.sh
  - skaffold.yaml
  - docker_hub_push_snapshot.sh
  - package_steady_cli.sh
  - check.sh
  - check_dockerfile_location.sh
- Apache-2-Header-Template.txt
- lang-java-reach-wala
  - src
    - main
      - resources
        vulas-reach-wala.properties
        META-INF
        services
        com.sap.psr.vulas.cg.spi.ICallgraphConstructor
      - java
        com
        sap
        psr
        vulas
        cg
        wala
        WalaCallgraphConstructor.java
    - test
      - resources
        examples.jar
        empty.jar
      - java
        WalaCallGraphTest.java
  - pom.xml
- rest-lib-utils-init
  - pom.xml
  - lib
- rest-nvd
  - Makefile
  - docker-compose.override.yml
  - HISTORY.md
  - Pipfile
  - .editorconfig
  - setup.py
  - VERSION
  - Pipfile.lock
  - setup.cfg
  - prestart.sh
  - README.md
  - tests
    - test_nvd_rest.py
  - Dockerfile
  - app
    - update.py
    - __init__.py
    - main.py
  - .gitignore
  - docker-compose.yml
  - tox.ini
  - requirements_dev.txt
- CONTRIBUTING.md
- lang
  - src
    - main
      - resources
        vulas-tenant.properties
        velocity_template.xml
        vulas-core-sign.properties
        vulas-core.properties
        META-INF
        services
        com.sap.psr.vulas.FileAnalyzer
        com.sap.psr.vulas.malice.MaliciousnessAnalyzer
        velocity_template.html
        velocity_template.json
      - java
        Java.tokens
        JavaLexer.tokens
        com
        sap
        psr
        vulas
        ConstructId.java
        sign
        SignatureChange.java
        SignatureAnalysis.java
        SignatureFactory.java
        SignatureComparator.java
        Signature.java
        FileAnalysisException.java
        FileAnalyzer.java
        malice
        ZipSlipAnalyzer.java
        MaliciousnessAnalyzerLoop.java
        MaliciousnessAnalyzer.java
        MaliciousnessAnalysisResult.java
        report
        Report.java
        ConstructChange.java
        goals
        UploadGoal.java
        ReportGoal.java
        GoalExecutor.java
        ReportException.java
        TestGoal.java
        SpaceNewGoal.java
        SpaceModGoal.java
        GoalExecutionException.java
        SequenceGoal.java
        AbstractSpaceGoal.java
        GoalContext.java
        package-info.java
        CheckverGoal.java
        AbstractAppGoal.java
        CleanGoal.java
        ExecutionObserver.java
        GoalFactory.java
        BomGoal.java
        GoalConfigurationException.java
        SpaceDelGoal.java
        SpaceCleanGoal.java
        AbstractGoal.java
        backend
        HttpResponse.java
        BackendConnector.java
        EntityNotFoundInBackendException.java
        BackendConnectionException.java
        HttpMethod.java
        requests
        ResponseCondition.java
        ConditionalHttpRequest.java
        AbstractHttpRequest.java
        RequestRepeater.java
        HttpRequest.java
        HttpRequestList.java
        ContentCondition.java
        package-info.java
        PutLibraryCondition.java
        StatusCondition.java
        BasicHttpRequest.java
        Construct.java
        DirAnalyzer.java
        FileAnalyzerFactory.java
        tasks
        Task.java
        AbstractTask.java
        ReachTask.java
        package-info.java
        AbstractBomTask.java
        BomTask.java
        core
        util
        CoreConfiguration.java
        SignatureConfiguration.java
        package-info.java
    - test
      - resources
        zip-slip.tar
        zip-slip.jar
        vuln_deps_actual.json
        zip-slip-win.tar
      - java
        com
        sap
        psr
        vulas
        malice
        ZipSlipAnalyzerTest.java
        MaliciousnessAnalyzerLoopTest.java
        report
        ReportTest.java
        goals
        AbstractGoalTest.java
        SpaceDelGoalTest.java
        SpaceNewGoalTest.java
        BomGoalTest.java
        CleanGoalTest.java
  - pom.xml
- repo-client
  - src
    - main
      - java
        com
        sap
        psr
        vulas
        svn
        SvnClient.java
        vcs
        FileChange.java
        RepoMismatchException.java
        IVCSClient.java
        NoRepoClientException.java
        git
        GitClient.java
        MyProxySelector.java
    - test
      - java
        com
        sap
        psr
        vulas
        git
        GitTest.java
  - pom.xml
- .gitattributes
- lang-java-reach-soot
  - src
    - main
      - resources
        vulas-reach-soot.properties
        META-INF
        services
        com.sap.psr.vulas.cg.spi.ICallgraphConstructor
      - java
        com
        sap
        psr
        vulas
        cg
        soot
        SootCallgraphConstructor.java
        CustomEntryPointCreator.java
        SootConfiguration.java
    - test
      - resources
        examples.jar
        empty.jar
      - java
        SootCallGraphTest.java
  - pom.xml
- docker
  - .env.sample
  - push-images.sh
  - readme-pages
    - Java.md
    - Sample-Maven-profile.md
    - Configuration.md
    - Python.md
    - Vulnerability-Database.md
    - Assessment-and-Mitigation.md
    - CLI.md
    - Workspace.md
    - Automation.md
    - Help.md
    - Goals.md
  - docker-compose.build.yml
  - run.sh
  - postgresql
    - docker-entrypoint-initdb.d
      - 10-vulas-setup.sh
  - patch-analyzer
    - Dockerfile
  - frontend-apps
    - index.html
    - Dockerfile
  - frontend-bugs
    - Dockerfile
  - haproxy
    - conf
      - haproxy.cfg
  - README.md
  - rest-backend
    - run.sh
    - Dockerfile
    - conf
      - restbackend.properties
  - cache
    - nginx.conf
  - patch-lib-analyzer
    - run.sh
    - Dockerfile
  - Dockerfile
  - rest-lib-utils
    - Dockerfile
  - docker-compose.yml
- cli-scanner
  - src
    - main
      - java
        com
        sap
        psr
        vulas
        cli
        VulasCli.java
        package-info.java
    - test
      - resources
        depfolder
        file.java
        java-app
        com
        acme
        HelloWorldAction.java
        MessageStore.java
        ArchiveServlet.java
        ArchivePrinter.java
        appfolder with space
        ClassWithoutPackage.class
        cf-helloworld
        helloworld
        app.py
        setup.py
        depfolder with space
        foo
        hello_world.py
        class_hw.py
        __init__.py
        func_hw.py
        file.py
        appfolder
        com
        acme
        MessageStore$1$1Bar.class
        ArchivePrinter$1$1Bar.class
        ArchivePrinter$InnerNonStaticClass.class
        ArchivePrinter.class
        MessageStore.class
        HelloWorldAction.class
        ArchiveServlet.class
        ArchivePrinter$1.class
        MessageStore$1.class
        ArchivePrinter$2.class
        ArchivePrinter$InnerStaticClass.class
      - java
        com
        sap
        psr
        vulas
        cli
        AbstractGoalTest.java
        VulasCliTest.java
        FileAnalyzerTest.java
  - pom.xml
- patch-analyzer
  - src
    - main
      - resources
        vulas-patcha.properties
      - java
        com
        sap
        psr
        vulas
        patcha
        PatchAnalyzer.java
        PatchaConfiguration.java
        VulasProxySelector.java
        FileComparator.java
    - test
      - resources
        flask-oidc_e4ce5
        flask_oidc
        __init__.py
        ws_security_1438423
        src
        main
        java
        org
        apache
        cxf
        ws
        security
        SecurityConstants.java
        kerberos
        KerberosUtils.java
        KerberosClient.java
        tokenstore
        EHCacheTokenStoreFactory.java
        SecurityToken.java
        EHCacheTokenStore.java
        TokenStoreFactory.java
        MemoryTokenStoreFactory.java
        MemoryTokenStore.java
        TokenStore.java
        policy
        SP12Constants.java
        interceptors
        SecurityVerificationOutInterceptor.java
        UsernameTokenInterceptorProvider.java
        NegotiationUtils.java
        HttpsTokenInterceptorProvider.java
        WSSecurityPolicyInterceptorProvider.java
        SpnegoContextTokenOutInterceptor.java
        Messages.properties
        SpnegoTokenInterceptorProvider.java
        SecureConversationOutInterceptor.java
        WSSecurityInterceptorProvider.java
        SamlTokenInterceptorProvider.java
        SecureConversationTokenInterceptorProvider.java
        IssuedTokenInterceptorProvider.java
        SecureConversationInInterceptor.java
        STSInvoker.java
        KerberosTokenInterceptorProvider.java
        SpnegoContextTokenInInterceptor.java
        builders
        WSS11Builder.java
        SupportingTokens12Builder.java
        SecureConversationTokenBuilder.java
        InitiatorSignatureTokenBuilder.java
        SupportingTokensBuilder.java
        RequiredElementsBuilder.java
        RecipientEncryptionTokenBuilder.java
        UsernameTokenBuilder.java
        SecurityContextTokenBuilder.java
        TransportBindingBuilder.java
        SignedPartsBuilder.java
        HttpsTokenBuilder.java
        X509TokenBuilder.java
        RecipientSignatureTokenBuilder.java
        EncryptedElementsBuilder.java
        KerberosTokenBuilder.java
        SpnegoContextTokenBuilder.java
        RequiredPartsBuilder.java
        AsymmetricBindingBuilder.java
        SymmetricBindingBuilder.java
        ContentEncryptedElementsBuilder.java
        Trust10Builder.java
        SamlTokenBuilder.java
        TransportTokenBuilder.java
        LayoutBuilder.java
        InitiatorEncryptionTokenBuilder.java
        IssuedTokenBuilder.java
        WSS10Builder.java
        AlgorithmSuiteBuilder.java
        KeyValueTokenBuilder.java
        SignedElementsBuilder.java
        RecipientTokenBuilder.java
        InitiatorTokenBuilder.java
        EncryptedPartsBuilder.java
        ProtectionTokenBuilder.java
        Trust13Builder.java
        WSSPolicyException.java
        SP11Constants.java
        SPConstants.java
        model
        KerberosToken.java
        Token.java
        Trust10.java
        RecipientSignatureToken.java
        AsymmetricBinding.java
        SecurityContextToken.java
        InitiatorToken.java
        Header.java
        ProtectionToken.java
        Wss10.java
        IssuedToken.java
        InitiatorSignatureToken.java
        UsernameToken.java
        SpnegoContextToken.java
        Messages.properties
        KeyValueToken.java
        AlgorithmSuite.java
        RequiredElements.java
        SamlToken.java
        RecipientToken.java
        SignatureToken.java
        InitiatorEncryptionToken.java
        ContentEncryptedElements.java
        RequiredParts.java
        X509Token.java
        SignedEncryptedElements.java
        Binding.java
        AbstractSecurityAssertion.java
        Layout.java
        TokenWrapper.java
        EncryptionToken.java
        TransportBinding.java
        AlgorithmWrapper.java
        SignedEncryptedParts.java
        SymmetricAsymmetricBindingBase.java
        TransportToken.java
        SupportingToken.java
        RecipientEncryptionToken.java
        HttpsToken.java
        SymmetricBinding.java
        Trust13.java
        SecureConversationToken.java
        Wss11.java
        WSSecurityPolicyLoader.java
        SP13Constants.java
        custom
        AlgorithmSuiteLoader.java
        DefaultAlgorithmSuiteLoader.java
        GCMAlgorithmSuite.java
        wss4j
        AbstractWSS4JInterceptor.java
        CryptoCoverageUtil.java
        WSS4JTokenConverter.java
        WSS4JOutInterceptor.java
        SamlTokenInterceptor.java
        CryptoCoverageChecker.java
        SAMLUtils.java
        Messages.properties
        WSS4JUtils.java
        AbstractUsernameTokenAuthenticatingInterceptor.java
        WSS4JInInterceptor.java
        PolicyBasedWSS4JInInterceptor.java
        policyhandlers
        AbstractBindingBuilder.java
        SymmetricBindingHandler.java
        WSSecurityTokenHolder.java
        TransportBindingHandler.java
        AsymmetricBindingHandler.java
        DelegatingCallbackHandler.java
        DefaultCryptoCoverageChecker.java
        UsernameTokenInterceptor.java
        policyvalidators
        DefaultClaimsPolicyValidator.java
        SignedEncryptedTokenPolicyValidator.java
        IssuedTokenPolicyValidator.java
        SignedTokenPolicyValidator.java
        AbstractSamlPolicyValidator.java
        EndorsingEncryptedTokenPolicyValidator.java
        TransportBindingPolicyValidator.java
        SignedEndorsingEncryptedTokenPolicyValidator.java
        SignedEndorsingTokenPolicyValidator.java
        WSS11PolicyValidator.java
        AbstractBindingPolicyValidator.java
        ClaimsPolicyValidator.java
        EncryptedTokenPolicyValidator.java
        SamlTokenPolicyValidator.java
        SecurityContextTokenPolicyValidator.java
        SupportingTokenPolicyValidator.java
        UsernameTokenPolicyValidator.java
        X509TokenPolicyValidator.java
        TokenPolicyValidator.java
        BindingPolicyValidator.java
        AsymmetricBindingPolicyValidator.java
        AbstractTokenPolicyValidator.java
        EndorsingTokenPolicyValidator.java
        SymmetricBindingPolicyValidator.java
        KerberosTokenPolicyValidator.java
        ConcreteSupportingTokenPolicyValidator.java
        AbstractSupportingTokenPolicyValidator.java
        PolicyBasedWSS4JOutInterceptor.java
        cache
        CacheCleanupListener.java
        EHCacheReplayCacheFactory.java
        EHCacheManagerHolder.java
        ReplayCacheFactory.java
        MemoryReplayCacheFactory.java
        EHCacheReplayCache.java
        sts
        provider
        SecurityTokenServiceImpl.java
        SecurityTokenServiceProvider.java
        SecurityTokenService.java
        operation
        ValidateOperation.java
        KeyExchangeTokenOperation.java
        RenewOperation.java
        IssueSingleOperation.java
        RequestCollectionOperation.java
        IssueOperation.java
        CancelOperation.java
        STSException.java
        trust
        delegation
        ReceivedTokenCallbackHandler.java
        WSSUsernameCallbackHandler.java
        DelegationCallback.java
        STSTokenValidator.java
        STSClient.java
        STSSamlAssertionValidator.java
        Messages.properties
        AuthPolicyValidatingInterceptor.java
        TrustException.java
        AbstractSTSClient.java
        claims
        ClaimsCallback.java
        STSUtils.java
        test
        java
        org
        apache
        cxf
        ws
        security
        tokenstore
        EHCacheTokenStoreTest.java
        MemoryTokenStoreTest.java
        wss4j
        WSS4JOutInterceptorTest.java
        KeystorePasswordCallback.java
        UserNameTokenAuthorizationTest.java
        WSS4JFaultCodeTest.java
        DefaultCryptoCoverageCheckerTest.java
        CryptoCoverageCheckerTest.java
        SecurityVerificationOutTest.java
        EchoImpl.java
        WSS4JInOutTest.java
        Echo.java
        AbstractSecurityTest.java
        AbstractPolicySecurityTest.java
        PolicyBasedWss4JInOutTest.java
        SimpleSubjectCreatingInterceptor.java
        TestPwdCallback.java
        saml
        SamlTokenTest.java
        SAML2CallbackHandler.java
        SAML1CallbackHandler.java
        AbstractSAMLCallbackHandler.java
        CustomSamlValidator.java
        PolicyBasedSamlTest.java
        RoundTripTest.java
        SignatureConfirmationTest.java
        CustomProcessor.java
        sts
        STSClientTest.java
        provider
        SecurityTokenServiceProviderTest.java
        SecurityTokenServiceImplTest.java
        trust
        AuthPolicyValidatingInterceptorTest.java
        ws_security_1438424
        src
        main
        java
        org
        apache
        cxf
        ws
        security
        SecurityConstants.java
        kerberos
        KerberosUtils.java
        KerberosClient.java
        tokenstore
        EHCacheTokenStoreFactory.java
        SecurityToken.java
        EHCacheTokenStore.java
        TokenStoreFactory.java
        MemoryTokenStoreFactory.java
        MemoryTokenStore.java
        TokenStore.java
        policy
        SP12Constants.java
        interceptors
        SecurityVerificationOutInterceptor.java
        UsernameTokenInterceptorProvider.java
        NegotiationUtils.java
        HttpsTokenInterceptorProvider.java
        WSSecurityPolicyInterceptorProvider.java
        SpnegoContextTokenOutInterceptor.java
        Messages.properties
        SpnegoTokenInterceptorProvider.java
        SecureConversationOutInterceptor.java
        WSSecurityInterceptorProvider.java
        SamlTokenInterceptorProvider.java
        SecureConversationTokenInterceptorProvider.java
        IssuedTokenInterceptorProvider.java
        SecureConversationInInterceptor.java
        STSInvoker.java
        KerberosTokenInterceptorProvider.java
        SpnegoContextTokenInInterceptor.java
        builders
        WSS11Builder.java
        SupportingTokens12Builder.java
        SecureConversationTokenBuilder.java
        InitiatorSignatureTokenBuilder.java
        SupportingTokensBuilder.java
        RequiredElementsBuilder.java
        RecipientEncryptionTokenBuilder.java
        UsernameTokenBuilder.java
        SecurityContextTokenBuilder.java
        TransportBindingBuilder.java
        SignedPartsBuilder.java
        HttpsTokenBuilder.java
        X509TokenBuilder.java
        RecipientSignatureTokenBuilder.java
        EncryptedElementsBuilder.java
        KerberosTokenBuilder.java
        SpnegoContextTokenBuilder.java
        RequiredPartsBuilder.java
        AsymmetricBindingBuilder.java
        SymmetricBindingBuilder.java
        ContentEncryptedElementsBuilder.java
        Trust10Builder.java
        SamlTokenBuilder.java
        TransportTokenBuilder.java
        LayoutBuilder.java
        InitiatorEncryptionTokenBuilder.java
        IssuedTokenBuilder.java
        WSS10Builder.java
        AlgorithmSuiteBuilder.java
        KeyValueTokenBuilder.java
        SignedElementsBuilder.java
        RecipientTokenBuilder.java
        InitiatorTokenBuilder.java
        EncryptedPartsBuilder.java
        ProtectionTokenBuilder.java
        Trust13Builder.java
        WSSPolicyException.java
        SP11Constants.java
        SPConstants.java
        model
        KerberosToken.java
        Token.java
        Trust10.java
        RecipientSignatureToken.java
        AsymmetricBinding.java
        SecurityContextToken.java
        InitiatorToken.java
        Header.java
        ProtectionToken.java
        Wss10.java
        IssuedToken.java
        InitiatorSignatureToken.java
        UsernameToken.java
        SpnegoContextToken.java
        Messages.properties
        KeyValueToken.java
        AlgorithmSuite.java
        RequiredElements.java
        SamlToken.java
        RecipientToken.java
        SignatureToken.java
        InitiatorEncryptionToken.java
        ContentEncryptedElements.java
        RequiredParts.java
        X509Token.java
        SignedEncryptedElements.java
        Binding.java
        AbstractSecurityAssertion.java
        Layout.java
        TokenWrapper.java
        EncryptionToken.java
        TransportBinding.java
        AlgorithmWrapper.java
        SignedEncryptedParts.java
        SymmetricAsymmetricBindingBase.java
        TransportToken.java
        SupportingToken.java
        RecipientEncryptionToken.java
        HttpsToken.java
        SymmetricBinding.java
        Trust13.java
        SecureConversationToken.java
        Wss11.java
        WSSecurityPolicyLoader.java
        SP13Constants.java
        custom
        AlgorithmSuiteLoader.java
        DefaultAlgorithmSuiteLoader.java
        GCMAlgorithmSuite.java
        wss4j
        AbstractWSS4JInterceptor.java
        CryptoCoverageUtil.java
        WSS4JTokenConverter.java
        WSS4JOutInterceptor.java
        SamlTokenInterceptor.java
        CryptoCoverageChecker.java
        SAMLUtils.java
        Messages.properties
        WSS4JUtils.java
        AbstractUsernameTokenAuthenticatingInterceptor.java
        WSS4JInInterceptor.java
        PolicyBasedWSS4JInInterceptor.java
        policyhandlers
        AbstractBindingBuilder.java
        SymmetricBindingHandler.java
        WSSecurityTokenHolder.java
        TransportBindingHandler.java
        AsymmetricBindingHandler.java
        DelegatingCallbackHandler.java
        DefaultCryptoCoverageChecker.java
        UsernameTokenInterceptor.java
        policyvalidators
        DefaultClaimsPolicyValidator.java
        SignedEncryptedTokenPolicyValidator.java
        IssuedTokenPolicyValidator.java
        SignedTokenPolicyValidator.java
        AbstractSamlPolicyValidator.java
        EndorsingEncryptedTokenPolicyValidator.java
        TransportBindingPolicyValidator.java
        SignedEndorsingEncryptedTokenPolicyValidator.java
        SignedEndorsingTokenPolicyValidator.java
        WSS11PolicyValidator.java
        AbstractBindingPolicyValidator.java
        ClaimsPolicyValidator.java
        EncryptedTokenPolicyValidator.java
        SamlTokenPolicyValidator.java
        SecurityContextTokenPolicyValidator.java
        SupportingTokenPolicyValidator.java
        UsernameTokenPolicyValidator.java
        X509TokenPolicyValidator.java
        TokenPolicyValidator.java
        BindingPolicyValidator.java
        AsymmetricBindingPolicyValidator.java
        AbstractTokenPolicyValidator.java
        EndorsingTokenPolicyValidator.java
        SymmetricBindingPolicyValidator.java
        KerberosTokenPolicyValidator.java
        ConcreteSupportingTokenPolicyValidator.java
        AbstractSupportingTokenPolicyValidator.java
        PolicyBasedWSS4JOutInterceptor.java
        cache
        CacheCleanupListener.java
        EHCacheReplayCacheFactory.java
        EHCacheManagerHolder.java
        ReplayCacheFactory.java
        MemoryReplayCacheFactory.java
        EHCacheReplayCache.java
        sts
        provider
        SecurityTokenServiceImpl.java
        SecurityTokenServiceProvider.java
        SecurityTokenService.java
        operation
        ValidateOperation.java
        KeyExchangeTokenOperation.java
        RenewOperation.java
        IssueSingleOperation.java
        RequestCollectionOperation.java
        IssueOperation.java
        CancelOperation.java
        STSException.java
        trust
        delegation
        ReceivedTokenCallbackHandler.java
        WSSUsernameCallbackHandler.java
        DelegationCallback.java
        STSTokenValidator.java
        STSClient.java
        STSSamlAssertionValidator.java
        Messages.properties
        AuthPolicyValidatingInterceptor.java
        TrustException.java
        AbstractSTSClient.java
        claims
        ClaimsCallback.java
        STSUtils.java
        test
        java
        org
        apache
        cxf
        ws
        security
        tokenstore
        EHCacheTokenStoreTest.java
        MemoryTokenStoreTest.java
        wss4j
        WSS4JOutInterceptorTest.java
        KeystorePasswordCallback.java
        UserNameTokenAuthorizationTest.java
        WSS4JFaultCodeTest.java
        DefaultCryptoCoverageCheckerTest.java
        CryptoCoverageCheckerTest.java
        SecurityVerificationOutTest.java
        EchoImpl.java
        WSS4JInOutTest.java
        Echo.java
        AbstractSecurityTest.java
        AbstractPolicySecurityTest.java
        PolicyBasedWss4JInOutTest.java
        SimpleSubjectCreatingInterceptor.java
        TestPwdCallback.java
        saml
        SamlTokenTest.java
        SAML2CallbackHandler.java
        SAML1CallbackHandler.java
        AbstractSAMLCallbackHandler.java
        CustomSamlValidator.java
        PolicyBasedSamlTest.java
        RoundTripTest.java
        SignatureConfirmationTest.java
        CustomProcessor.java
        sts
        STSClientTest.java
        provider
        SecurityTokenServiceProviderTest.java
        SecurityTokenServiceImplTest.java
        trust
        AuthPolicyValidatingInterceptorTest.java
        flask-oidc_f2ef8
        flask_oidc
        __init__.py
      - java
        com
        sap
        psr
        vulas
        patcha
        IT01_PatchAnalyzerIT.java
        FileComparatorTest.java
  - pom.xml
- lang-java-reach
  - src
    - main
      - resources
        vulas-reach.properties
      - java
        com
        sap
        psr
        vulas
        cg
        CallgraphReachableSearch.java
        A2CGoal.java
        PathSimilarity.java
        PrunedGraphGetPaths.java
        ReachabilityConfiguration.java
        NodeMetaInformation.java
        DepthFirstGetPaths.java
        Callgraph.java
        ReachabilityAnalyzer.java
        AbstractReachGoal.java
        CallgraphConstructException.java
        MethodNameFilter.java
        T2CGoal.java
        CallgraphPathSearch.java
        AbstractGetPaths.java
        spi
        ICallgraphConstructor.java
        CallgraphConstructorFactory.java
    - test
      - resources
        Struts2-Dummy-Vuln.json
        dummy-service.jar
      - java
        com
        sap
        psr
        vulas
        cg
        test
        Examples.java
        CallgraphTest.java
        CallgraphConstructorFactoryTest.java
  - pom.xml
- frontend-apps
  - src
    - main
      - Version.js
      - webapp
        Component-preload.js
        img
        touch_point.gif
        i18n
        messageBundle.properties
        messageBundle_de.properties
        messageBundle_en_US.properties
        messageBundle_en.properties
        MyRouter.js
        .xsaccess
        helpers
        pqueue.js
        transpiled
        pqueueES5.js
        basePriorityQueueES5.js
        basePriorityQueue.js
        .xsapp
        view
        ArchiveDetail.controller.js
        Component.controller.js
        App.view.js
        Component.view.xml
        GraphDetail.controller.js
        BugDetail.controller.js
        UpdateDetail.view.xml
        UpdateDetail.controller.js
        ArchiveDetail.view.xml
        App.controller.js
        Master.view.xml
        GraphDetail.view.xml
        ExecutionDetail.view.xml
        BugDetail.view.xml
        Popover.fragment.xml
        ExecutionDetail.controller.js
        Master.controller.js
        GraphDetailObject.js
        WEB-INF
        web.xml
        model
        Config.js
        Formatter.js
        index.html
        css
        style.css
  - pom.xml
- .travis.yml
- frontend-bugs
  - src
    - main
      - Version.js
      - webapp
        Component-preload.js
        Component.js
        img
        i18n
        messageBundle.properties
        messageBundle_de.properties
        messageBundle_en.properties
        MyRouter.js
        d3.v3.min.js
        .xsaccess
        .xsapp
        view
        LibDetail.view.xml
        ASTViewer.controller.js
        Component.controller.js
        App.view.js
        Component.view.xml
        CheckversionDetail.controller.js
        BugDetailPatchEval.view.xml
        ASTViewer.view.xml
        App.controller.js
        ASTViewerNew.controller.js
        Master.view.xml
        BugDetailPatchEval.controller.js
        LibDetail.controller.js
        ASTViewerNew.view.xml
        Popover.fragment.xml
        CheckversionDetail.view.xml
        Master.controller.js
        WEB-INF
        web.xml
        model
        Utils.js
        TreeUtils.js
        Config.js
        Formatter.js
        index.html
        css
        style.css
  - pom.xml
- README.md
- rest-backend
  - src
    - main
      - resources
        vulas-rest-backend.properties
        application-docker.properties
        application-localhost.properties
        db
        count_vulndeps_unknown_libs.sql
        delete_unused_libs.sql
        repo_apps_bugs.sql
        migration
        V20171016.1530__sameBytecode.sql
        V20180525.1400__qnamesize.sql
        V20180828.1730__depParent.sql
        V20180518.0817__bugandspace.sql
        V20170825.1420__createviews.sql
        V20170925.1530__bugrefsdeppath.sql
        V20180824.1600__updateView.sql
        V20180614.1100__addConditionToViews.sql
        V20170419.1800__primarykey.sql
        V20180612.0915__recreateSomeViews.sql
        V20200219.1130__dropDepIndexes.sql
        V20170414.1536__exceptiontype.sql
        V20181029.1330__depParentFK.sql
        V20190425.1400__libDigestTimestamp.sql
        V20181211.0949__modifiedAtAffLib.sql
        V20180629.1520__addPropManualAndSpaceInViews.sql
        V20170424.2200__missingprimarykeys.sql
        V20171019.1630__vulas3.sql
        V20170302.1025__appversionlength.sql
        V20170824.1650__altercolumnhibernate5.sql
        V20190304.1430__spaceReadOnly.sql
        V20181108.1400__recreateVulnDepViews.sql
        V20161207.1200__create.sql
        V20180705.1100__libConstructsIndex.sql
        V20180525.1115__bugdescriptionalt.sql
        V20170322.1137__patchevalresults.sql
        V20170321.0850__token.sql
        V20190613.1700__bundledLibraryIds.sql
        V20180629.1500__bugaffectedCCIndex.sql
        stats.sql
        view.sql
        user.sql
        META-INF
        services
        com.sap.psr.vulas.backend.util.DigestVerifier
        application-test.properties
        application.properties
      - java
        com
        sap
        psr
        vulas
        backend
        util
        ResultSetFilter.java
        CacheFilter.java
        ServiceWrapper.java
        ConnectionUtil.java
        ArtifactMaps.java
        PyPiVerifier.java
        SmtpClient.java
        MavenCentralVerifier.java
        TokenUtil.java
        Message.java
        DigestVerifierEnumerator.java
        DependencyUtil.java
        ReferenceUpdater.java
        DigestVerifier.java
        VerificationException.java
        component
        ApplicationExporter.java
        ApplicationExporterThread.java
        StatisticsContributor.java
        model
        ConstructId.java
        Property.java
        AffectedLibrary.java
        PackageStatistics.java
        ConstructChange.java
        Trace.java
        PathNode.java
        Dependency.java
        VulnerableDependency.java
        ConstructIdFilter.java
        V_AppVulndep.java
        Space.java
        Tenant.java
        AffectedConstructChange.java
        view
        Views.java
        Bug.java
        DependencyIntersection.java
        Library.java
        ConstructSearchResult.java
        TouchPoint.java
        Path.java
        ConstructChangeType.java
        Application.java
        GoalExecution.java
        ConstructChangeInDependency.java
        LibraryId.java
        DependencyUpdate.java
        rest
        TenantController.java
        CveController.java
        CoverageController.java
        ConfigurationController.java
        ApplicationController.java
        HubIntegrationController.java
        LibraryController.java
        MainController.java
        BugController.java
        LibraryIdController.java
        SpaceController.java
        repo
        LibraryRepositoryImpl.java
        TracesRepositoryCustom.java
        PathRepository.java
        GoalExecutionRepositoryCustom.java
        AffectedLibraryRepositoryImpl.java
        ConstructIdRepository.java
        SpaceRepositoryImpl.java
        BugRepositoryImpl.java
        ConstructChangeRepository.java
        TenantRepositoryImpl.java
        ApplicationRepositoryCustom.java
        GoalExecutionRepository.java
        ApplicationRepository.java
        LibraryRepository.java
        DependencyRepositoryCustom.java
        AffectedLibraryRepositoryCustom.java
        LibraryIdRepository.java
        BugRepositoryCustom.java
        DependencyRepositoryImpl.java
        ApplicationRepositoryImpl.java
        TracesRepository.java
        SpaceRepositoryCustom.java
        V_AppVulndepRepository.java
        LibraryRepositoryCustom.java
        TenantRepositoryCustom.java
        PathRepositoryImpl.java
        TenantRepository.java
        BugRepository.java
        DependencyRepository.java
        GoalExecutionRepositoryImpl.java
        PathRepositoryCustom.java
        TracesRepositoryImpl.java
        PropertyRepository.java
        AffectedLibraryRepository.java
        SpaceRepository.java
        cve
        CveReader2.java
        Cve.java
    - test
      - resources
        select_stmts.sql
        jira-search-cve-2014-0050.json
        update_postman_target.sh
        real_examples
        lib_commons-fileupload-1.2.2.json
        bug_CVE-2014-0050.json
        bug_CVE-2014-0050_alt.json
        lib_commons-fileupload-1.3.1.json
        apps-testapp-fileupload-1.2.2.json
        commons-fileupload-1.3.1.jar
        lib_Jinja2-2.9.6.json
        bug_2015-5262.json
        bug_CVE-2018-12023.json
        lib_http-client-4.1.3.json
        affectedLib-propagate.json
        dummy_app
        lib_bar.json
        path.json
        bug_afflib_CVE-2014-0050_PRE_COMMIT_POM.json
        goal_execution.json
        bug_bar.json
        lib.json
        bug_foo.json
        app.json
        app_parent.json
        bug_afflib_CVE-2014-0050_MANUAL.json
        trace.json
        bug_afflib_CVE-2014-0050_CHECK_VERSION.json
        META-INF
        services
        com.sap.psr.vulas.backend.util.DigestVerifier
        pypi_flask.json
        cves
        CVE-2019-17531-new.json
        CVE-2018-1000865-new.json
        CVE-2018-0123-new.json
        CVE-2019-0047-new.json
        CVE-2014-0050-new.json
        dependencytree.postman_collection.json
      - java
        com
        sap
        psr
        vulas
        backend
        util
        SmtpClientTest.java
        PyPiVerifierTest.java
        ArtifactMapsTest.java
        package-info.java
        ConnectionUtilTest.java
        component
        ApplicationExporterTest.java
        rest
        TenantControllerTest.java
        SpaceControllerTest.java
        BugControllerTest.java
        ApplicationControllerTest.java
        IT02_CoverageControllerIT.java
        LibraryControllerTest.java
        HubIntegrationControllerTest.java
        cve
        CveTest.java
        CveReader2Test.java
        NvdRestServiceMockup.java
  - pom.xml
- patch-lib-analyzer
  - src
    - main
      - resources
        log4j.properties
        vulas-patch-lib-analyzer.properties
      - java
        com
        sap
        psr
        vulas
        patcheval
        utils
        CSVHelper2.java
        ConstructBytecodeASTManager.java
        PEConfiguration.java
        representation
        LidResult2.java
        OrderedCCperConstructPath2.java
        ConstructPathLibResult2.java
        OverallConstructChange.java
        ReleaseTree.java
        ArtifactLibrary.java
        Bug.java
        ArtifactResult2.java
        ConstructPathAssessment2.java
        Intersection2.java
        patcheval2
        BugLibManager.java
        PE_Run.java
        ByteCodeComparator.java
        BugLibAnalyzer.java
        Main.java
        DigestAnalyzer.java
        LibraryAnalyzerThread2.java
    - test
      - java
        VersionTest.java
        CiaTest.java
  - pom.xml
- lang-python
  - src
    - main
      - resources
        META-INF
        services
        com.sap.psr.vulas.sign.SignatureFactory
        com.sap.psr.vulas.FileAnalyzer
        com.sap.psr.vulas.tasks.BomTask
        vulas-python.properties
      - antlr4
        com
        sap
        psr
        vulas
        python
        antlr
        python3
        Python3.g4
        python335
        Python335.g4
      - java
        com
        sap
        psr
        vulas
        python
        sign
        PythonConstructDigestSerializer.java
        PythonConstructDigest.java
        PythonSignatureFactory.java
        ProcessWrapper.java
        utils
        PythonConfiguration.java
        Python3FileAnalyzer.java
        virtualenv
        VirtualenvWrapper.java
        package-info.java
        PythonArchiveAnalyzer.java
        Python335FileAnalyzer.java
        PythonFileAnalyzer.java
        ProcessWrapperException.java
        pip
        PipInstalledPackage.java
        PipWrapper.java
        package-info.java
        PyWrapper.java
        tasks
        package-info.java
        PythonBomTask.java
        PythonId.java
    - test
      - resources
        setuptools_git-1.2-py3.6.egg
        flask-oidc_e4ce5
        flask_oidc
        __init__.py
        testapp
        foo
        hello_world.py
        class_hw.py
        __init__.py
        func_hw.py
        cf-helloworld
        helloworld
        app.py
        setup.py
        python2_syntax.py
        monotonic-1.3-py2.py3-none-any.whl
        vulas_python_testapp
        testapp
        testinput
        subdir
        test3.py
        test.py
        test2.py
        models.py
        views.py
        urls.py
        tests.py
        __init__.py
        migrations
        __init__.py
        admin.py
        vulas_python_testapp
        wsgi.py
        urls.py
        __init__.py
        settings.py
        manage.py
        setup.py
        pip-install-out.txt
        tiny_py_interpreter
        test_entryp.py
        setup.py
        tinypy
        tinypyapp.py
        shell
        shell.py
        __init__.py
        runtime
        __init__.py
        Errors.py
        Memory.py
        run_tests.py
        AST
        stmt.py
        ast.py
        builder
        Builder.py
        ExprVisitor.py
        __init__.py
        StmtVisitor.py
        __init__.py
        expr.py
        __init__.py
        tests
        shell
        control_flow.py
        dedents.py
        lcm.py
        assignment.py
        debug.py
        statement_lists.py
        logic.py
        numbers1.py
        gcd.py
        quicksort.py
        flow1.py
        unicode1.py
        factorial.py
        ethiopian.py
        fizzbuzz2.py
        parens.py
        trailing_dedents.py
        euler38.py
        mergesort1.py
        scope1.py
        fibo2.py
        parenbalance.py
        binarysearch.py
        scope2.py
        file.py
        fibo3.py
        euler04.py
        fibo1.py
        fizzbuzz.py
        parser
        Utils.py
        CustomLexer.py
        CST.py
        __init__.py
        Errors.py
        pip-download-out-1.txt
        itsdangerous-0.24.tar.gz
        corecffi.py
        pip-list-old.json
        gunicorn-19.7.1-py2.py3-none-any.whl
        async.py
        itsdangerous-0.24-monotonic-1.3.tar.gz
        flask-oidc_f2ef8
        flask_oidc
        __init__.py
        pip-download-out-2.txt
        pip-list-new.json
      - java
        com
        sap
        psr
        vulas
        python
        virtualenv
        VirtualenvWrapperTest.java
        PythonArchiveAnalyzerTest.java
        pip
        PipInstalledPackageTest.java
        PipWrapperTest.java
        PythonFileAnalyzerTest.java
        ProcessWrapperTest.java
  - pom.xml
- requirements.txt
- kubernetes
  - helm
    - utils
      - Makefile
      - go.sum
      - go.mod
      - internal
        promote
        reroute.go
        helm.go
        promote.go
        restore
        restore.go
        isolate
        isolate.go
        clean.go
        load
        load.go
      - README.md
      - main.go
      - tests
      - cmd
        migrate.go
        route.go
        root.go
        upgrade.go
        load.go
      - pkg
        convert
        convert.go
        connect
        client.go
        release
        release.go
      - build.sh
    - vulnerability-assessment-tool-admin
      - charts
        nginx-ingress
        Chart.yaml
        files
        tls
        .gitkeep
        templates
        defaultIngress.yaml
        _getters.tpl
        default-backend
        deployment.yaml
        mountedConfigMap.yaml
        _getters.tpl
        podDisruptionBudget.yaml
        _labels.tpl
        service.yaml
        ingress-controller
        deployment.yaml
        persistentVolumeClaim.yaml
        mountedConfigMap.yaml
        serviceAccount.yaml
        vulasAdminRoleBinding.yaml
        clusterRoleBinding.yaml
        _getters.tpl
        vulasCoreRoleBinding.yaml
        secretGeneratorJob.yaml
        vulasCoreRole.yaml
        vulasAdminRole.yaml
        podDisruptionBudget.yaml
        configMap.yaml
        clusterRole.yaml
        _labels.tpl
        service.yaml
        tlsSecret.yaml
        persistentVolume.yaml
        coreIngress.yaml
        authIngress.yaml
        NOTES.txt
        values.yaml
        values_production.yaml
        README.md
      - Chart.yaml
      - templates
        _ports.tpl
        _logs.tpl
        _getters.tpl
        _labels.tpl
        _container.tpl
      - values.yaml
      - README.md
      - .helmignore
    - vulnerability-assessment-tool-monitoring
      - charts
        prometheus
        Chart.yaml
        templates
        kube-state-metrics
        deployment.yaml
        serviceAccount.yaml
        clusterRoleBinding.yaml
        _getters.tpl
        clusterRole.yaml
        _labels.tpl
        service.yaml
        prom-server
        serviceAccount.yaml
        ingress.yaml
        statefulSet.yaml
        clusterRoleBinding.yaml
        _getters.tpl
        configMap.yaml
        clusterRole.yaml
        _labels.tpl
        service.yaml
        serviceHeadless.yaml
        node-exporter
        daemonSet.yaml
        serviceAccount.yaml
        roleBinding.yaml
        _getters.tpl
        podSecurityPolicy.yaml
        role.yaml
        _labels.tpl
        service.yaml
        NOTES.txt
        values.yaml
        README.md
        fluentd
        Chart.yaml
        templates
        daemonSet.yaml
        serviceAccount.yaml
        clusterRoleBinding.yaml
        _getters.tpl
        clusterRole.yaml
        NOTES.txt
        values.yaml
        values_production.yaml
        README.md
        grafana
        Chart.yaml
        templates
        dashboardConfigMap.yaml
        headlessService.yaml
        serviceAccount.yaml
        roleBinding.yaml
        ingress.yaml
        clusterRoleBinding.yaml
        _getters.tpl
        role.yaml
        configMap.yaml
        secret.yaml
        clusterRole.yaml
        statefulset.yaml
        _labels.tpl
        service.yaml
        NOTES.txt
        values.yaml
        README.md
        dashboards
        postgresql.json
        kubernetes.json
        elastic
        Chart.yaml
        files
        logtrail.json
        templates
        elasticsearch
        ILMSetterJob.yaml
        headlessService.yaml
        statefulSet.yaml
        _getters.tpl
        podDisruptionBudget.yaml
        configMap.yaml
        _labels.tpl
        service.yaml
        logSetterJob.yaml
        kibana
        deployment.yaml
        serviceAccount.yaml
        ingress.yaml
        _getters.tpl
        podDisruptionBudget.yaml
        configMap.yaml
        _labels.tpl
        service.yaml
        values.yaml
        values_production.yaml
        README.md
        NOTES.txt
      - Chart.yaml
      - templates
        _ports.tpl
        _logs.tpl
        _getters.tpl
        _labels.tpl
        _container.tpl
      - values.yaml
      - README.md
      - .helmignore
      - stern.sh
    - vulnerability-assessment-tool-core
      - charts
        database
        Chart.yaml
        templates
        pgpool
        _getter.tpl
        priorityClass.yaml
        statefulSet.yaml
        podDisruptionBudget.yaml
        configMap.yaml
        secret.yaml
        _labels.tpl
        service.yaml
        postgres
        _getter.tpl
        mountedConfigMap.yaml
        master
        priorityClass.yaml
        headlessService.yaml
        statefulSet.yaml
        podDisruptionBudget.yaml
        service.yaml
        slave
        priorityClass.yaml
        headlessService.yaml
        statefulSet.yaml
        podDisruptionBudget.yaml
        service.yaml
        configMap.yaml
        secret.yaml
        _labels.tpl
        NOTES.txt
        values.yaml
        values_production.yaml
        README.md
        restbackend
        Chart.yaml
        templates
        priorityClass.yaml
        persistentVolumeClaim.yaml
        headlessService.yaml
        mountedConfigMap.yaml
        serviceAccount.yaml
        roleBinding.yaml
        statefulSet.yaml
        _getters.tpl
        envConfigMap.yaml
        horizontalPodAutoscaler.yaml
        podDisruptionBudget.yaml
        role.yaml
        secret.yaml
        _labels.tpl
        service.yaml
        NOTES.txt
        persistentVolume.yaml
        values.yaml
        values_production.yaml
        README.md
        patchlibanalyzer
        Chart.yaml
        templates
        deployment.yaml
        priorityClass.yaml
        persistentVolumeClaim.yaml
        mountedConfigMap.yaml
        envConfigMap.yaml
        cronJob.yaml
        podDisruptionBudget.yaml
        secret.yaml
        NOTES.txt
        persistentVolume.yaml
        values.yaml
        values_production.yaml
        README.md
        frontendapps
        Chart.yaml
        templates
        deployment.yaml
        priorityClass.yaml
        horizontalPodAutoscaler.yaml
        podDisruptionBudget.yaml
        configMap.yaml
        _labels.tpl
        service.yaml
        shared
        _ports.tpl
        _logs.tpl
        _getters.tpl
        _labels.tpl
        _container.tpl
        NOTES.txt
        values.yaml
        values_production.yaml
        README.md
        frontendbugs
        Chart.yaml
        templates
        deployment.yaml
        priorityClass.yaml
        horizontalPodAutoscaler.yaml
        podDisruptionBudget.yaml
        configMap.yaml
        _labels.tpl
        service.yaml
        NOTES.txt
        values.yaml
        values_production.yaml
        README.md
        restlibutils
        Chart.yaml
        templates
        priorityClass.yaml
        persistentVolumeClaim.yaml
        headlessService.yaml
        statefulSet.yaml
        horizontalPodAutoscaler.yaml
        podDisruptionBudget.yaml
        configMap.yaml
        _labels.tpl
        service.yaml
        NOTES.txt
        persistentVolume.yaml
        values.yaml
        values_production.yaml
        README.md
      - Chart.yaml
      - templates
        _ports.tpl
        _logs.tpl
        _getters.tpl
        _labels.tpl
        benchmark
        pgbench-sql.yaml
        pgbench-direct.yaml
        pgbench-slave.yaml
        README.md
        pgbench-pgpool.yaml
        _container.tpl
      - values.yaml
      - README.md
      - .helmignore
    - README.md
    - docs
      - LoadingDumps.md
      - Contributing.md
      - BenchmarkResults.md
      - SchemaChanges.md
      - PopulatingDatabase.md
  - kustomize
    - services
      - rest-backend-service.yaml
      - default-service.yaml
      - frontend-bugs-service.yaml
      - frontend-apps-service.yaml
      - cloud.yaml
      - postgres-service.yaml
      - rest-lib-utils-service.yaml
    - volumes
      - patch-lib-analyzer-persistentvolumeclaim.yaml
      - postgres-persistentvolumeclaim.yaml
    - config
      - postgres-setup-script
      - haproxy-ingress-configmap.yaml
      - restbackend-config
    - kustomization.yaml
    - deployments
      - postgres-deployment.yaml
      - frontend-apps-deployment.yaml
      - patch-lib-analyzer-deployment.yaml
      - frontend-bugs-deployment.yaml
      - rest-backend-deployment.yaml
      - default-deployment.yaml
      - haproxy-ingress-controller.yaml
      - rest-lib-utils-deployment.yaml
    - secrets
      - .env.sample
      - bugs-frontend-credentials.sample
    - other
      - ingress-controller-rbac.yaml
      - ingress.yaml
      - namespace.yaml
- shared
  - src
    - main
      - resources
        log4j.properties
        vulas-version.properties
        vulas-shared.properties
      - java
        com
        sap
        psr
        vulas
        shared
        enums
        DependencyOrigin.java
        AffectedVersionSource.java
        ExportFormat.java
        VulnDepOrigin.java
        BugOrigin.java
        ConstructType.java
        ContentMaturityLevel.java
        ProgrammingLanguage.java
        GoalClient.java
        PropertySource.java
        DigestAlgorithm.java
        Scope.java
        package-info.java
        ExportConfiguration.java
        PathSource.java
        CoverageStatus.java
        GoalType.java
        ConstructChangeType.java
        util
        AbstractFileSearch.java
        StringUtil.java
        DirWithFileSearch.java
        ThreadUtil.java
        FileSearch.java
        FilenamePatternSearch.java
        StopWatch.java
        Constants.java
        ConstructIdUtil.java
        FileUtil.java
        package-info.java
        StringList.java
        DigestUtil.java
        DependencyUtil.java
        MemoryMonitor.java
        DirnamePatternSearch.java
        ProgressTracker.java
        CollectionUtil.java
        DirUtil.java
        VulasConfiguration.java
        connectivity
        Service.java
        PathBuilder.java
        package-info.java
        ServiceConnectionException.java
        cache
        CacheException.java
        ObjectFetcher.java
        Cache.java
        json
        JsonWriter.java
        JsonReader.java
        JsonBuilder.java
        model
        ConstructId.java
        Property.java
        AffectedLibrary.java
        ExemptionUnassessed.java
        ExemptionScope.java
        ConstructChange.java
        mavenCentral
        MavenVersionsSearch.java
        ResponseDoc.java
        MavenSearchResponse.java
        Trace.java
        PathNode.java
        KeyValue.java
        Dependency.java
        VulnerableDependency.java
        BugChangeList.java
        diff
        ClassDiffResult.java
        ClassModification.java
        JarDiffResult.java
        ConstructIdFilter.java
        ExemptionSet.java
        Space.java
        Tenant.java
        package-info.java
        view
        Views.java
        Version.java
        Bug.java
        IExemption.java
        Artifact.java
        ExemptionBug.java
        Library.java
        metrics
        Percentage.java
        package-info.java
        Metrics.java
        AbstractMetric.java
        Ratio.java
        Counter.java
        Application.java
        ConstructChangeInDependency.java
        LibraryId.java
        JacksonUtil.java
        JsonSyntaxException.java
    - test
      - resources
        Outer.jar
        vulndepJsonExpected.json
        vulas-test.properties
        foo.txt
        foo
        bar
        foo.bar
        readme.txt
        bar.baz
        vulndep.json
      - java
        com
        sap
        psr
        vulas
        shared
        enums
        ScopeTest.java
        util
        DigestUtilTest.java
        FileUtilTest.java
        StringListTest.java
        TestDirWithFileSearch.java
        VulasConfigurationTest.java
        StringUtilTest.java
        StopWatchTest.java
        DirUtilTest.java
        categories
        RequiresNetwork.java
        Slow.java
        Integrated.java
        cache
        CacheTest.java
        json
        JsonBuilderTest.java
        JacksonUtilTest.java
        model
        metrics
        MetricsTest.java
        VulnerableDependencyJsonTest.java
        model
        ApplicationTest.java
        generic
        VersionTest.java
        IExemptionTest.java
  - pom.xml
- .gitignore
- docs
  - docs.py
  - guidelines.md
  - public
    - content
      - blog
        2018
        index.md
      - vuln_db
        index.md
        manuals
        img
        manual_assessment.jpg
        index.md
        manual_assessment.md
        patch_analyzer.md
        patch_lib_analyzer.md
        tutorials
        vuln_db_tutorial.md
      - about
        index.md
      - images
        helm_database_change.drawio
        helm_postgres.drawio
      - user
        index.md
        support
        faq.md
        img
        vuln_references.jpg
        vuln_rebundles.jpg
        index.md
        manuals
        analysis.md
        img
        frontend.md
        report.md
        index.md
        setup.md
        assess_and_mitigate.md
        tutorials
        workspace_howto.md
        java_gradle.md
        img
        jenkins.jpg
        frontend_low_left.jpg
        java_maven.md
        index.md
        python_cli.md
        java_maven_advanced.md
        reports.md
        jenkins_howto.md
        partials
        create_workspace.md
        vulas_profile.md
        workspace_howto_advanced.md
        java_cli.md
      - admin
        img
        index.md
        support
        faq.md
        getting_help.md
        manuals
        index.md
        tutorials
        registry.md
        build.md
        docker.md
        kustomize.md
        kubernetes_resources.md
        helm.md
      - index.md
      - contributor
        index.md
        support
        faq.md
        getting_help.md
        manuals
        index.md
        languages.md
        tutorials
        img
        new_lang.md
        project_structure.md
      - js
        scrollTop.js
      - css
        faq.css
        override.css
        scrollTop.css
      - pdfs
    - custom_theme
      - main.html
  - mkdocs.yml
  - checklinks.sh
  - .editorconfig
  - public.properties
  - README.md
  - requirements.txt
  - Dockerfile
- LICENSE.txt
- .dockerignore
- rest-lib-utils
  - src
    - main
      - resources
        META-INF
        services
        com.sap.psr.vulas.cia.util.RepositoryWrapper
        vulas-rest-lib-utils.properties
        application.properties
      - java
        com
        sap
        psr
        vulas
        cia
        dependencyfinder
        JarDiffVisitor.java
        JarDiffCmd.java
        ClassDiffVisitor.java
        util
        MavenCentralWrapper.java
        CacheFilter.java
        ArtifactDownloader.java
        FileAnalyzerFetcher.java
        PypiWrapper.java
        RepositoryDispatcher.java
        NexusWrapper.java
        HeaderEcho.java
        RepoException.java
        RepositoryWrapper.java
        ClassDownloader.java
        model
        ScanException.java
        nexus
        NexusArtifact.java
        NexusSearchNGResponse.java
        NexusData.java
        NexusSearch.java
        NexusLibId.java
        NexusResolvedArtifact.java
        NexusResponse.java
        NexusNGData.java
        NexusDescribeInfo.java
        NexusArtifactInfoResourceResponse.java
        NexusArtifactResolution.java
        pypi
        PypiRelease.java
        PypiResponse.java
        PypiInfo.java
        rest
        ConfigurationController.java
        ClassController.java
        ConstructController.java
        MainController.java
        ArtifactController.java
    - test
      - resources
        commons-fileupload-1.3.jar
        commons-fileupload-1.1.1.jar
        commons-fileupload-1.3.1.jar
        commons-fileupload-1.2.2.jar
        META-INF
        services
        com.sap.psr.vulas.cia.util.RepositoryWrapper
        commons-fileupload-1.1.jar
      - java
        com
        sap
        psr
        vulas
        cia
        dependencyfinder
        JarDiffCmdTest.java
        model
        maven
        ArtifactTest.java
        rest
        IT03_ClassControllerTest.java
        IT02_SpringControllerTest.java
        IT01_ArtifactControllerTest.java
        IT04_ConstructControllerTest.java
  - pom.xml
- findbugs-exclude.xml

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.cxf.ws.security.wss4j;

import java.net.URL;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Vector;
import java.util.concurrent.Executor;

import javax.xml.namespace.NamespaceContext;
import javax.xml.namespace.QName;
import javax.xml.soap.Node;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathFactory;

import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

import org.apache.cxf.Bus;
import org.apache.cxf.BusException;
import org.apache.cxf.binding.Binding;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.feature.Feature;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.AbstractAttributedInterceptorProvider;
import org.apache.cxf.message.Message;
import org.apache.cxf.service.Service;
import org.apache.cxf.service.model.BindingInfo;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.transport.MessageObserver;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyBuilder;
import org.apache.cxf.ws.policy.PolicyException;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor.PolicyBasedWSS4JOutInterceptorInternal;
import org.apache.neethi.Policy;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.util.WSSecurityUtil;

public abstract class AbstractPolicySecurityTest extends AbstractSecurityTest {
    protected PolicyBuilder policyBuilder;

    protected Bus createBus() throws BusException {
        Bus b = super.createBus();
        this.policyBuilder = 
            b.getExtension(PolicyBuilder.class);
        return b;
    }
    
    protected void runAndValidate(String document, String policyDocument,
            List<QName> assertedOutAssertions, List<QName> notAssertedOutAssertions,
            List<QName> assertedInAssertions, List<QName> notAssertedInAssertions,
            List<CoverageType> types) throws Exception {
        
        this.runAndValidate(document, policyDocument, null,
                new AssertionsHolder(assertedOutAssertions, notAssertedOutAssertions),
                new AssertionsHolder(assertedInAssertions, notAssertedInAssertions),
                types);
    }
    
    protected void runAndValidate(
            String document,
            String outPolicyDocument, String inPolicyDocument,
            AssertionsHolder outAssertions,
            AssertionsHolder inAssertions,
            List<CoverageType> types) throws Exception {
        
        final Element outPolicyElement = this.readDocument(outPolicyDocument)
                .getDocumentElement();
        final Element inPolicyElement;

        if (inPolicyDocument != null) {
            inPolicyElement = this.readDocument(inPolicyDocument)
                    .getDocumentElement();
        } else {
            inPolicyElement = outPolicyElement;
        }
            
        
        final Policy outPolicy = this.policyBuilder.getPolicy(outPolicyElement);
        final Policy inPolicy = this.policyBuilder.getPolicy(inPolicyElement);
        
        final Document originalDoc = this.readDocument(document);
        
        final Document inDoc = this.runOutInterceptorAndValidate(
                originalDoc, outPolicy, outAssertions.getAssertedAssertions(),
                outAssertions.getNotAssertedAssertions());
        
        // Can't use this method if you want output that is not mangled.
        // Such is the case when you want to capture output to use
        // as input to another test case.
        //DOMUtils.writeXml(inDoc, System.out);
        
        // Use this snippet if you need intermediate output for debugging.
        /*
        TransformerFactory tf = TransformerFactory.newInstance();
        Transformer t = tf.newTransformer();
        t.setOutputProperty(OutputKeys.INDENT, "no");
        t.transform(new DOMSource(inDoc), new StreamResult(System.out));
        */
        
        
        this.runInInterceptorAndValidate(inDoc,
                inPolicy, inAssertions.getAssertedAssertions(),
                inAssertions.getNotAssertedAssertions(), types);
    }
    
    protected void runInInterceptorAndValidate(String document,
            String policyDocument, QName assertedInAssertion,
            QName notAssertedInAssertion, 
            CoverageType type) throws Exception {
        
        this.runInInterceptorAndValidate(
                document, policyDocument, 
                assertedInAssertion == null ? null 
                        : Arrays.asList(assertedInAssertion),
                notAssertedInAssertion == null ? null
                        : Arrays.asList(notAssertedInAssertion),
                Arrays.asList(type));
    }
    
    protected void runInInterceptorAndValidate(String document,
            String policyDocument, List<QName> assertedInAssertions,
            List<QName> notAssertedInAssertions,
            List<CoverageType> types) throws Exception {
        
        final Policy policy = this.policyBuilder.getPolicy(
                this.readDocument(policyDocument).getDocumentElement());
        
        final Document doc = this.readDocument(document);
        
        this.runInInterceptorAndValidate(
                doc, policy, 
                assertedInAssertions,
                notAssertedInAssertions,
                types);
    }
    
    protected void runInInterceptorAndValidate(Document document,
            Policy policy, List<QName> assertedInAssertions,
            List<QName> notAssertedInAssertions,
            List<CoverageType> types) throws Exception {
        
        final AssertionInfoMap aim = new AssertionInfoMap(policy);
        
        this.runInInterceptorAndValidateWss(document, aim, types);
        
        try {
            aim.checkEffectivePolicy(policy);
        } catch (PolicyException e) {
            // Expected but not relevant
        } finally {
            if (assertedInAssertions != null) {
                for (QName assertionType : assertedInAssertions) {
                    Collection<AssertionInfo> ais = aim.get(assertionType);
                    assertNotNull(ais);
                    for (AssertionInfo ai : ais) {
                        checkAssertion(aim, assertionType, ai, true);
                    }
                }
            }
            
            /*
            // Check that the things that weren't asserted are expected
            Set<QName> assertions = aim.keySet();
            for (QName assertionType : assertions) {
                Collection<AssertionInfo> ais = aim.get(assertionType);
                for (AssertionInfo ai : ais) {
                    if (!ai.isAsserted() && ((notAssertedInAssertions == null)
                        || (!notAssertedInAssertions.contains(assertionType)))) {
                        throw new Exception("Assertion: " + assertionType + " is not asserted: "
                            + ai.getErrorMessage());
                    }
                }
            }
            */
            
            if (notAssertedInAssertions != null) {
                for (QName assertionType : notAssertedInAssertions) {
                    Collection<AssertionInfo> ais = aim.get(assertionType);
                    assertNotNull(ais);
                    for (AssertionInfo ai : ais) {
                        checkAssertion(aim, assertionType, ai, false);
                    }
                }
            }
        }
    }
    
    private void checkAssertion(AssertionInfoMap aim, 
                                QName name,
                                AssertionInfo inf,
                                boolean asserted) {
        boolean pass = true;
        Collection<AssertionInfo> ail = aim.getAssertionInfo(name);
        for (AssertionInfo ai : ail) {
            if (ai.getAssertion().equal(inf.getAssertion())
                && !ai.isAsserted() && !inf.getAssertion().isOptional()) {
                pass = false;                    
            }
        }
        if (asserted) {
            assertTrue(name + " policy erroneously failed.", pass);
        } else {
            assertFalse(name + " policy erroneously asserted.", pass);            
        }
    }
    
    protected void runInInterceptorAndValidateWss(Document document, AssertionInfoMap aim,
            List<CoverageType> types) throws Exception {
        
        PolicyBasedWSS4JInInterceptor inHandler = 
            this.getInInterceptor(types);
            
        SoapMessage inmsg = this.getSoapMessageForDom(document, aim);

        inHandler.handleMessage(inmsg);
        
        for (CoverageType type : types) {
            switch(type) {
            case SIGNED:
                this.verifyWss4jSigResults(inmsg);
                break;
            case ENCRYPTED:
                this.verifyWss4jEncResults(inmsg);
                break;
            default:
                fail("Unsupported coverage type.");
            }
        }
    }
    
    protected Document runOutInterceptorAndValidate(Document document, Policy policy,
            List<QName> assertedOutAssertions, 
            List<QName> notAssertedOutAssertions) throws Exception {
        
        AssertionInfoMap aim = new AssertionInfoMap(policy);
        
        final SoapMessage msg = 
            this.getOutSoapMessageForDom(document, aim);
        
        return this.runOutInterceptorAndValidate(msg, policy, aim,
                assertedOutAssertions, notAssertedOutAssertions);       
    }    
        
    
    protected Document runOutInterceptorAndValidate(SoapMessage msg, Policy policy,
            AssertionInfoMap aim,
            List<QName> assertedOutAssertions, 
            List<QName> notAssertedOutAssertions) throws Exception {
        
        this.getOutInterceptor().handleMessage(msg);
        
        try {
            aim.checkEffectivePolicy(policy);
        } catch (PolicyException e) {
            // Expected but not relevant
        } finally {
            if (assertedOutAssertions != null) {
                for (QName assertionType : assertedOutAssertions) {
                    Collection<AssertionInfo> ais = aim.get(assertionType);
                    assertNotNull(ais);
                    for (AssertionInfo ai : ais) {
                        checkAssertion(aim, assertionType, ai, true);
                    }
                }
            }
            
            if (notAssertedOutAssertions != null) {
                for (QName assertionType : notAssertedOutAssertions) {
                    Collection<AssertionInfo> ais = aim.get(assertionType);
                    assertNotNull(ais);
                    for (AssertionInfo ai : ais) {
                        checkAssertion(aim, assertionType, ai, false);
                    }
                }
            }
        }
        
        return msg.getContent(SOAPMessage.class).getSOAPPart();
    }
    
    // TODO: This method can be removed or reduced when testSignedElementsWithIssuedSAMLToken is
    // cleaned up.
    protected void runOutInterceptorAndValidateSamlTokenAttached(String policyDoc) throws Exception {
        // create the request message
        final Document document = this.readDocument("wsse-request-clean.xml");
        final Element outPolicyElement = 
            this.readDocument(policyDoc).getDocumentElement();
        final Policy policy = this.policyBuilder.getPolicy(outPolicyElement);
        
        AssertionInfoMap aim = new AssertionInfoMap(policy);        
        SoapMessage msg = this.getOutSoapMessageForDom(document, aim);
        
        // add an "issued" assertion into the message exchange
        Element issuedAssertion = 
            this.readDocument("example-sts-issued-saml-assertion.xml").getDocumentElement();
        
        String assertionId = issuedAssertion.getAttributeNode("AssertionID").getNodeValue();
        
        SecurityToken issuedToken = 
            new SecurityToken(assertionId, issuedAssertion, null);
        
        Properties cryptoProps = new Properties();
        URL url = ClassLoader.getSystemResource("outsecurity.properties");
        cryptoProps.load(url.openStream());
        Crypto crypto = CryptoFactory.getInstance(cryptoProps);
        String alias = cryptoProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias(alias);
        issuedToken.setX509Certificate(crypto.getX509Certificates(cryptoType)[0], crypto);
        
        msg.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, 
                issuedToken.getId());
        msg.getExchange().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
        
        TokenStore tokenStore = new MemoryTokenStore();
        msg.getExchange().get(Endpoint.class).getEndpointInfo()
            .setProperty(TokenStore.class.getName(), tokenStore);
        tokenStore.add(issuedToken);
        
        // fire the interceptor and verify results
        final Document signedDoc = this.runOutInterceptorAndValidate(
                msg, policy, aim, null, null);
        
        verifySignatureCoversAssertion(signedDoc, assertionId);
    }
    
    protected PolicyBasedWSS4JOutInterceptorInternal getOutInterceptor() {
        return PolicyBasedWSS4JOutInterceptor.INSTANCE.createEndingInterceptor();
    }
    
    protected PolicyBasedWSS4JInInterceptor getInInterceptor(List<CoverageType> types) {
        PolicyBasedWSS4JInInterceptor inHandler = new PolicyBasedWSS4JInInterceptor();
        String action = "";
        
        for (CoverageType type : types) {
            switch(type) {
            case SIGNED:
                action += " " + WSHandlerConstants.SIGNATURE;
                break;
            case ENCRYPTED:
                action += " " + WSHandlerConstants.ENCRYPT;
                break;
            default:
                fail("Unsupported coverage type.");
            }
        }
        inHandler.setProperty(WSHandlerConstants.ACTION, action);
        inHandler.setProperty(WSHandlerConstants.SIG_PROP_FILE, 
                "insecurity.properties");
        inHandler.setProperty(WSHandlerConstants.DEC_PROP_FILE,
                "insecurity.properties");
        inHandler.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, 
                TestPwdCallback.class.getName());
        inHandler.setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, "false");
        
        return inHandler;
    }
    
    /**
     * Gets a SoapMessage, but with the needed SecurityConstants in the context properties
     * so that it can be passed to PolicyBasedWSS4JOutInterceptor.
     *
     * @see #getSoapMessageForDom(Document, AssertionInfoMap)
     */
    protected SoapMessage getOutSoapMessageForDom(Document doc, AssertionInfoMap aim)
        throws SOAPException {
        SoapMessage msg = this.getSoapMessageForDom(doc, aim);
        msg.put(SecurityConstants.SIGNATURE_PROPERTIES, "outsecurity.properties");
        msg.put(SecurityConstants.ENCRYPT_PROPERTIES, "outsecurity.properties");
        msg.put(SecurityConstants.CALLBACK_HANDLER, TestPwdCallback.class.getName());
        msg.put(SecurityConstants.SIGNATURE_USERNAME, "myalias");
        msg.put(SecurityConstants.ENCRYPT_USERNAME, "myalias");
        
        msg.getExchange().put(Endpoint.class, new MockEndpoint());
        msg.getExchange().put(Bus.class, this.bus);
        msg.put(Message.REQUESTOR_ROLE, true);
        
        return msg;
    }
    
    protected SoapMessage getSoapMessageForDom(Document doc, AssertionInfoMap aim)
        throws SOAPException {
        
        SoapMessage msg = this.getSoapMessageForDom(doc);
        if (aim != null) {
            msg.put(AssertionInfoMap.class, aim);
        }
        
        return msg;
    }
    
    protected void verifyWss4jSigResults(SoapMessage inmsg) {
        WSSecurityEngineResult result = 
            (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
        assertNotNull(result);
    }
    
    protected void verifyWss4jEncResults(SoapMessage inmsg) {
        //
        // There should be exactly 1 (WSS4J) HandlerResult
        //
        final List<WSHandlerResult> handlerResults = 
            CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS));
        assertNotNull(handlerResults);
        assertSame(handlerResults.size(), 1);

        List<WSSecurityEngineResult> protectionResults = new Vector<WSSecurityEngineResult>();
        WSSecurityUtil.fetchAllActionResults(handlerResults.get(0).getResults(),
                WSConstants.ENCR, protectionResults);
        assertNotNull(protectionResults);
        
        //
        // This result should contain a reference to the decrypted element
        //
        final Map<String, Object> result = protectionResults
                .get(0);
        final List<WSDataRef> protectedElements = 
            CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        assertNotNull(protectedElements);
    }
    
    // TODO: This method can be removed when runOutInterceptorAndValidateAsymmetricBinding
    // is cleaned up by adding server side enforcement of signature related algorithms.
    // See https://issues.apache.org/jira/browse/WSS-222
    protected void verifySignatureAlgorithms(Document signedDoc, AssertionInfoMap aim) throws Exception { 
        final AssertionInfo assertInfo = aim.get(SP12Constants.ASYMMETRIC_BINDING).iterator().next();
        assertNotNull(assertInfo);
        
        final AsymmetricBinding binding = (AsymmetricBinding) assertInfo.getAssertion();
        final String expectedSignatureMethod = binding.getAlgorithmSuite().getAsymmetricSignature();
        final String expectedDigestAlgorithm = binding.getAlgorithmSuite().getDigest();
        final String expectedCanonAlgorithm  = binding.getAlgorithmSuite().getInclusiveC14n();
            
        XPathFactory factory = XPathFactory.newInstance();
        XPath xpath = factory.newXPath();
        final NamespaceContext nsContext = this.getNamespaceContext();
        xpath.setNamespaceContext(nsContext);
        
        // Signature Algorithm
        final XPathExpression sigAlgoExpr = 
            xpath.compile("/s:Envelope/s:Header/wsse:Security/ds:Signature/ds:SignedInfo" 
                              + "/ds:SignatureMethod/@Algorithm");
        
        final String sigMethod =  (String) sigAlgoExpr.evaluate(signedDoc, XPathConstants.STRING);
        assertEquals(expectedSignatureMethod, sigMethod);
        
        // Digest Method Algorithm
        final XPathExpression digestAlgoExpr = xpath.compile(
            "/s:Envelope/s:Header/wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference/ds:DigestMethod");
        
        final NodeList digestMethodNodes = 
            (NodeList) digestAlgoExpr.evaluate(signedDoc, XPathConstants.NODESET);
        
        for (int i = 0; i < digestMethodNodes.getLength(); i++) {
            Node node = (Node)digestMethodNodes.item(i);
            String digestAlgorithm = node.getAttributes().getNamedItem("Algorithm").getNodeValue();
            assertEquals(expectedDigestAlgorithm, digestAlgorithm);
        }
        
        // Canonicalization Algorithm
        final XPathExpression canonAlgoExpr =
            xpath.compile("/s:Envelope/s:Header/wsse:Security/ds:Signature/ds:SignedInfo" 
                              + "/ds:CanonicalizationMethod/@Algorithm");
        final String canonMethod =  (String) canonAlgoExpr.evaluate(signedDoc, XPathConstants.STRING);
        assertEquals(expectedCanonAlgorithm, canonMethod);
    }
    
    // TODO: This method can be removed when runOutInterceptorAndValidateSamlTokenAttached
    // is cleaned up.
    protected void verifySignatureCoversAssertion(Document signedDoc, String assertionId) throws Exception {
        XPathFactory factory = XPathFactory.newInstance();
        XPath xpath = factory.newXPath();
        final NamespaceContext nsContext = this.getNamespaceContext();
        xpath.setNamespaceContext(nsContext);
        
        // Find the SecurityTokenReference for the assertion
        final XPathExpression strExpr = xpath.compile(
            "/s:Envelope/s:Header/wsse:Security/wsse:SecurityTokenReference/wsse:KeyIdentifier");
        
        final NodeList strKeyIdNodes = 
            (NodeList) strExpr.evaluate(signedDoc, XPathConstants.NODESET);
        
        String strId = null;
        for (int i = 0; i < strKeyIdNodes.getLength(); i++) {
            Node keyIdNode = (Node) strKeyIdNodes.item(i);
            String strKey = keyIdNode.getTextContent();
            if (strKey.equals(assertionId)) {
                Node strNode = (Node) keyIdNode.getParentNode();
                strId = strNode.getAttributes().
                    getNamedItemNS(nsContext.getNamespaceURI("wsu"), "Id").getNodeValue();
                break;
            }
        }
        assertNotNull("SecurityTokenReference for " + assertionId + " not found in security header.", strId);
        
        // Verify STR is included in the signature references
        final XPathExpression sigRefExpr = xpath.compile(
            "/s:Envelope/s:Header/wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference");
        
        final NodeList sigReferenceNodes = 
            (NodeList) sigRefExpr.evaluate(signedDoc, XPathConstants.NODESET);
        
        boolean foundStrReference = false;
        for (int i = 0; i < sigReferenceNodes.getLength(); i++) {
            Node sigRefNode = (Node) sigReferenceNodes.item(i);
            String sigRefURI = sigRefNode.getAttributes().getNamedItem("URI").getNodeValue();
            if (sigRefURI.equals("#" + strId)) {
                foundStrReference = true;
                break;
            }
        }
        
        assertTrue("SecurityTokenReference for " + assertionId + " is not signed.", foundStrReference);
    }
    
    protected static final class MockEndpoint extends 
        AbstractAttributedInterceptorProvider implements Endpoint {

        private static final long serialVersionUID = 1L;

        private EndpointInfo epi = new EndpointInfo();
        
        public MockEndpoint() {
            epi.setBinding(new BindingInfo(null, null));
        }
        
        
        public List<Feature> getActiveFeatures() {
            return null;
        }

        public Binding getBinding() {
            return null;
        }

        public EndpointInfo getEndpointInfo() {
            return this.epi;
        }

        public Executor getExecutor() {
            return null;
        }

        public MessageObserver getInFaultObserver() {
            return null;
        }

        public MessageObserver getOutFaultObserver() {
            return null;
        }

        public Service getService() {
            return null;
        }

        public void setExecutor(Executor executor) {   
        }

        public void setInFaultObserver(MessageObserver observer) {
        }

        public void setOutFaultObserver(MessageObserver observer) {            
        }
    }
    
    /**
     * A simple container used to reduce argument numbers to satisfy
     * project code conventions.
     */
    protected static final class AssertionsHolder {
        private List<QName> assertedAssertions;
        private List<QName> notAssertedAssertions;
        
        public AssertionsHolder(List<QName> assertedAssertions,
                List<QName> notAssertedAssertions) {
            super();
            this.assertedAssertions = assertedAssertions;
            this.notAssertedAssertions = notAssertedAssertions;
        }
        
        public List<QName> getAssertedAssertions() {
            return this.assertedAssertions;
        }
        public List<QName> getNotAssertedAssertions() {
            return this.notAssertedAssertions;
        }
    }
}