github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

patch to fix issue #844

Browse Source
This commit is contained in:
Jeremy Long
2017-08-19 17:18:48 -04:00
parent d06d561a55
commit 07f838ccf3
3 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
View File

@@ -123,6 +123,9 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
@Override
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
final File file = dependency.getActualFile();
if (!file.isFile() || file.length()==0) {
return;
}
try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
final JsonObject json = jsonReader.readObject();
final EvidenceCollection productEvidence = dependency.getProductEvidence();

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
View File

@@ -148,6 +148,9 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
@Override
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
final File file = dependency.getActualFile();
if (!file.isFile() || file.length()==0) {
return;
}
try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
// Do not scan the node_modules directory

9
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NspAnalyzerTest.java
View File

@@ -47,6 +47,15 @@ public class NspAnalyzerTest extends BaseTest {
assertEquals(result.getProductEvidence().toString(), "A tool to learn OWASP Top 10 for node.js developers owasp-nodejs-goat ");
assertEquals(result.getVersionEvidence().toString(), "1.3.0 ");
}
@Test
public void testAnalyzeEmpty() throws AnalysisException {
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/empty.json"));
analyzer.analyze(result, null);
assertEquals(result.getVendorEvidence().size(), 0);
assertEquals(result.getProductEvidence().size(), 0);
assertEquals(result.getVersionEvidence().size(), 0);
}
@Test
public void testAnalyzePackageJsonWithBundledDeps() throws AnalysisException {