github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-04-20 23:41:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby bundler: add needed null checks to avoid NPEs.

Browse Source
This commit is contained in:
Dale Visser
2015-08-30 13:50:22 -04:00
parent 713e9658c5
commit 036200350d
1 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View File

@@ -233,6 +233,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
} else if (nextLine.startsWith(ADVISORY)) {
final String advisory = nextLine.substring((ADVISORY.length()));
if (null != vulnerability) {
vulnerability.setName(advisory);
vulnerability.setCvssAccessVector("-");
vulnerability.setCvssAccessComplexity("-");
@@ -240,6 +241,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
vulnerability.setCvssAvailabilityImpact("-");
vulnerability.setCvssConfidentialityImpact("-");
vulnerability.setCvssIntegrityImpact("-");
}
if (null != dependency) {
dependency.getVulnerabilities().add(vulnerability);
}
@@ -270,10 +272,14 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
} else if (nextLine.startsWith("Description:")) {
appendToDescription = true;
if (null != vulnerability) {
vulnerability.setDescription("*** Vulnerability obtained from bundle-audit verbose report. Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0 indicates unknown). See link below for full details. *** ");
}
} else if (appendToDescription) {
if (null != vulnerability) {
vulnerability.setDescription(vulnerability.getDescription() + nextLine + "\n");
}
}
}
}
}