From 3440edbfb654d86e2d9f96663790a9c478a6e8e9 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 18 Nov 2017 13:30:14 -0500 Subject: [PATCH] fix generated hyperlinks --- .../java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java index f36f23f4e..2a5956d74 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java @@ -52,6 +52,7 @@ import javax.json.JsonString; import javax.json.JsonValue; import org.owasp.dependencycheck.dependency.EvidenceType; import org.owasp.dependencycheck.exception.InitializationException; +import org.owasp.dependencycheck.utils.Checksum; import org.owasp.dependencycheck.utils.URLConnectionFailureException; /** @@ -259,6 +260,8 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer { private Dependency createDependency(Dependency dependency, String name, String version, String scope) { final Dependency nodeModule = new Dependency(new File(dependency.getActualFile() + "?" + name), true); nodeModule.setEcosystem(DEPENDENCY_ECOSYSTEM); + //this is virtual - the sha1 is purely for the hyperlink in the final html report + nodeModule.setSha1sum(Checksum.getSHA1Checksum(String.format("%s:%s", name, version))); nodeModule.addEvidence(EvidenceType.PRODUCT, "package.json", "name", name, Confidence.HIGHEST); nodeModule.addEvidence(EvidenceType.VENDOR, "package.json", "name", name, Confidence.HIGH); nodeModule.addEvidence(EvidenceType.VERSION, "package.json", "version", version, Confidence.HIGHEST);