github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-19 07:44:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby bundler: add needed null checks to avoid NPEs.

Browse Source
This commit is contained in:
Dale Visser
2015-08-30 13:50:22 -04:00
parent 713e9658c5
commit 036200350d
1 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View File

@@ -233,13 +233,15 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine)); LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
} else if (nextLine.startsWith(ADVISORY)) { } else if (nextLine.startsWith(ADVISORY)) {
final String advisory = nextLine.substring((ADVISORY.length())); final String advisory = nextLine.substring((ADVISORY.length()));
vulnerability.setName(advisory); if (null != vulnerability) {
vulnerability.setCvssAccessVector("-"); vulnerability.setName(advisory);
vulnerability.setCvssAccessComplexity("-"); vulnerability.setCvssAccessVector("-");
vulnerability.setCvssAuthentication("-"); vulnerability.setCvssAccessComplexity("-");
vulnerability.setCvssAvailabilityImpact("-"); vulnerability.setCvssAuthentication("-");
vulnerability.setCvssConfidentialityImpact("-"); vulnerability.setCvssAvailabilityImpact("-");
vulnerability.setCvssIntegrityImpact("-"); vulnerability.setCvssConfidentialityImpact("-");
vulnerability.setCvssIntegrityImpact("-");
}
if (null != dependency) { if (null != dependency) {
dependency.getVulnerabilities().add(vulnerability); dependency.getVulnerabilities().add(vulnerability);
} }
@@ -270,9 +272,13 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine)); LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
} else if (nextLine.startsWith("Description:")) { } else if (nextLine.startsWith("Description:")) {
appendToDescription = true; appendToDescription = true;
vulnerability.setDescription("*** Vulnerability obtained from bundle-audit verbose report. Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0 indicates unknown). See link below for full details. *** "); if (null != vulnerability) {
vulnerability.setDescription("*** Vulnerability obtained from bundle-audit verbose report. Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0 indicates unknown). See link below for full details. *** ");
}
} else if (appendToDescription) { } else if (appendToDescription) {
vulnerability.setDescription(vulnerability.getDescription() + nextLine + "\n"); if (null != vulnerability) {
vulnerability.setDescription(vulnerability.getDescription() + nextLine + "\n");
}
} }
} }
} }