From 2ef3fdcc4ed247c19e60497ebdb03567d9c003d8 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Mon, 22 Jan 2018 06:43:28 -0500 Subject: [PATCH] null check and debugging code per issue #1071 --- .../analyzer/DependencyBundlingAnalyzer.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java index c6cceee9d..0ea02c3f6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java @@ -529,16 +529,16 @@ public class DependencyBundlingAnalyzer extends AbstractDependencyComparingAnaly } else { if (!left.matches("^\\d.*$")) { left = stripLeadingNonNumeric(left); - if (left == null) { + if (left == null || left.isEmpty()) { return false; } } try { Semver v = new Semver(left, SemverType.NPM); - if (v.satisfies(right)) { + if (!right.isEmpty() && v.satisfies(right)) { return true; } - if (!right.contains((" "))) { + if (!right.contains(" ")) { left = current; right = stripLeadingNonNumeric(right); if (right != null) { @@ -548,6 +548,9 @@ public class DependencyBundlingAnalyzer extends AbstractDependencyComparingAnaly } } catch (SemverException ex) { LOGGER.trace("ignore", ex); + } catch (NullPointerException ex) { + LOGGER.error("SemVer comparison error: left:\"{}\", right:\"{}\"", left, right); + LOGGER.debug("SemVer comparison resulted in NPE", ex); } } return false;