mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-22 17:19:30 +01:00
patch to fix issue #844
This commit is contained in:
Jeremy Long
@@ -123,6 +123,9 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
@Override
|
@Override
|
||||||
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
|
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
|
||||||
final File file = dependency.getActualFile();
|
final File file = dependency.getActualFile();
|
||||||
|
if (!file.isFile() || file.length()==0) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
|
try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
|
||||||
final JsonObject json = jsonReader.readObject();
|
final JsonObject json = jsonReader.readObject();
|
||||||
final EvidenceCollection productEvidence = dependency.getProductEvidence();
|
final EvidenceCollection productEvidence = dependency.getProductEvidence();
|
||||||
|
|||||||
@@ -148,6 +148,9 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
@Override
|
@Override
|
||||||
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
|
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
|
||||||
final File file = dependency.getActualFile();
|
final File file = dependency.getActualFile();
|
||||||
|
if (!file.isFile() || file.length()==0) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
|
try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
|
||||||
|
|
||||||
// Do not scan the node_modules directory
|
// Do not scan the node_modules directory
|
||||||
|
|||||||
@@ -47,6 +47,15 @@ public class NspAnalyzerTest extends BaseTest {
|
|||||||
assertEquals(result.getProductEvidence().toString(), "A tool to learn OWASP Top 10 for node.js developers owasp-nodejs-goat ");
|
assertEquals(result.getProductEvidence().toString(), "A tool to learn OWASP Top 10 for node.js developers owasp-nodejs-goat ");
|
||||||
assertEquals(result.getVersionEvidence().toString(), "1.3.0 ");
|
assertEquals(result.getVersionEvidence().toString(), "1.3.0 ");
|
||||||
}
|
}
|
||||||
|
@Test
|
||||||
|
public void testAnalyzeEmpty() throws AnalysisException {
|
||||||
|
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/empty.json"));
|
||||||
|
analyzer.analyze(result, null);
|
||||||
|
|
||||||
|
assertEquals(result.getVendorEvidence().size(), 0);
|
||||||
|
assertEquals(result.getProductEvidence().size(), 0);
|
||||||
|
assertEquals(result.getVersionEvidence().size(), 0);
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testAnalyzePackageJsonWithBundledDeps() throws AnalysisException {
|
public void testAnalyzePackageJsonWithBundledDeps() throws AnalysisException {
|
||||||
|
|||||||
Reference in New Issue
Block a user