From 036200350d7bf5fae6fd9c2b0be04b27ca7fb9e4 Mon Sep 17 00:00:00 2001
From: Dale Visser <dvisser@ida.org>
Date: Sun, 30 Aug 2015 13:50:22 -0400
Subject: [PATCH] Ruby bundler: add needed null checks to avoid NPEs.

---
 .../analyzer/RubyBundleAuditAnalyzer.java     | 24 ++++++++++++-------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
index 65bca7c07..6dbdcb25e 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
@@ -233,13 +233,15 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
                 LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
             } else if (nextLine.startsWith(ADVISORY)) {
                 final String advisory = nextLine.substring((ADVISORY.length()));
-                vulnerability.setName(advisory);
-                vulnerability.setCvssAccessVector("-");
-                vulnerability.setCvssAccessComplexity("-");
-                vulnerability.setCvssAuthentication("-");
-                vulnerability.setCvssAvailabilityImpact("-");
-                vulnerability.setCvssConfidentialityImpact("-");
-                vulnerability.setCvssIntegrityImpact("-");
+                if (null != vulnerability) {
+                    vulnerability.setName(advisory);
+                    vulnerability.setCvssAccessVector("-");
+                    vulnerability.setCvssAccessComplexity("-");
+                    vulnerability.setCvssAuthentication("-");
+                    vulnerability.setCvssAvailabilityImpact("-");
+                    vulnerability.setCvssConfidentialityImpact("-");
+                    vulnerability.setCvssIntegrityImpact("-");
+                }
                 if (null != dependency) {
                     dependency.getVulnerabilities().add(vulnerability);
                 }
@@ -270,9 +272,13 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
                 LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
             } else if (nextLine.startsWith("Description:")) {
                 appendToDescription = true;
-                vulnerability.setDescription("*** Vulnerability obtained from bundle-audit verbose report. Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0 indicates unknown). See link below for full details. *** ");
+                if (null != vulnerability) {
+                    vulnerability.setDescription("*** Vulnerability obtained from bundle-audit verbose report. Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0 indicates unknown). See link below for full details. *** ");
+                }
             } else if (appendToDescription) {
-                vulnerability.setDescription(vulnerability.getDescription() + nextLine + "\n");
+                if (null != vulnerability) {
+                    vulnerability.setDescription(vulnerability.getDescription() + nextLine + "\n");
+                }
             }
         }
     }