github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-19 07:44:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby bundler: add needed null checks to avoid NPEs.

Browse Source
This commit is contained in:
Dale Visser
2015-08-30 13:50:22 -04:00
parent 713e9658c5
commit 036200350d
1 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View File

@@ -233,6 +233,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine)); LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
} else if (nextLine.startsWith(ADVISORY)) { } else if (nextLine.startsWith(ADVISORY)) {
final String advisory = nextLine.substring((ADVISORY.length())); final String advisory = nextLine.substring((ADVISORY.length()));
if (null != vulnerability) {
vulnerability.setName(advisory); vulnerability.setName(advisory);
vulnerability.setCvssAccessVector("-"); vulnerability.setCvssAccessVector("-");
vulnerability.setCvssAccessComplexity("-"); vulnerability.setCvssAccessComplexity("-");
@@ -240,6 +241,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
vulnerability.setCvssAvailabilityImpact("-"); vulnerability.setCvssAvailabilityImpact("-");
vulnerability.setCvssConfidentialityImpact("-"); vulnerability.setCvssConfidentialityImpact("-");
vulnerability.setCvssIntegrityImpact("-"); vulnerability.setCvssIntegrityImpact("-");
}
if (null != dependency) { if (null != dependency) {
dependency.getVulnerabilities().add(vulnerability); dependency.getVulnerabilities().add(vulnerability);
} }
@@ -270,10 +272,14 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine)); LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
} else if (nextLine.startsWith("Description:")) { } else if (nextLine.startsWith("Description:")) {
appendToDescription = true; appendToDescription = true;
if (null != vulnerability) {
vulnerability.setDescription("*** Vulnerability obtained from bundle-audit verbose report. Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0 indicates unknown). See link below for full details. *** "); vulnerability.setDescription("*** Vulnerability obtained from bundle-audit verbose report. Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0 indicates unknown). See link below for full details. *** ");
}
} else if (appendToDescription) { } else if (appendToDescription) {
if (null != vulnerability) {
vulnerability.setDescription(vulnerability.getDescription() + nextLine + "\n"); vulnerability.setDescription(vulnerability.getDescription() + nextLine + "\n");
} }
} }
} }
} }
}