github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use StringBuilder instead of String += concatenation.

Browse Source
This commit is contained in:
Anthony Whitford
2015-12-28 13:11:36 -08:00
parent 9d5ff28098
commit 4a137b4e8e
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve12Handler.java
View File

@@ -99,7 +99,6 @@ public class NvdCve12Handler extends DefaultHandler {
software = null;
}
} else if (!skip && current.isProdNode()) {
vendor = attributes.getValue("vendor");
product = attributes.getValue("name");
} else if (!skip && current.isVersNode()) {
@@ -112,15 +111,16 @@ public class NvdCve12Handler extends DefaultHandler {
/*yes yes, this may not actually be an "a" - it could be an OS, etc. but for our
purposes this is good enough as we won't use this if we don't find a corresponding "a"
in the nvd cve 2.0. */
String cpe = "cpe:/a:" + vendor + ":" + product;
final StringBuilder cpe = new StringBuilder();
cpe.append("cpe:/a:").append(vendor).append(':').append(product);
if (num != null) {
cpe += ':' + num;
cpe.append(':').append(num);
}
if (edition != null) {
cpe += ':' + edition;
cpe.append(':').append(edition);
}
final VulnerableSoftware vs = new VulnerableSoftware();
vs.setCpe(cpe);
vs.setCpe(cpe.toString());
vs.setPreviousVersion(prev);
software.add(vs);
}