mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-26 11:01:44 +01:00
Use StringBuilder instead of String += concatenation.
This commit is contained in:
Anthony Whitford
@@ -99,7 +99,6 @@ public class NvdCve12Handler extends DefaultHandler {
|
|||||||
software = null;
|
software = null;
|
||||||
}
|
}
|
||||||
} else if (!skip && current.isProdNode()) {
|
} else if (!skip && current.isProdNode()) {
|
||||||
|
|
||||||
vendor = attributes.getValue("vendor");
|
vendor = attributes.getValue("vendor");
|
||||||
product = attributes.getValue("name");
|
product = attributes.getValue("name");
|
||||||
} else if (!skip && current.isVersNode()) {
|
} else if (!skip && current.isVersNode()) {
|
||||||
@@ -112,15 +111,16 @@ public class NvdCve12Handler extends DefaultHandler {
|
|||||||
/*yes yes, this may not actually be an "a" - it could be an OS, etc. but for our
|
/*yes yes, this may not actually be an "a" - it could be an OS, etc. but for our
|
||||||
purposes this is good enough as we won't use this if we don't find a corresponding "a"
|
purposes this is good enough as we won't use this if we don't find a corresponding "a"
|
||||||
in the nvd cve 2.0. */
|
in the nvd cve 2.0. */
|
||||||
String cpe = "cpe:/a:" + vendor + ":" + product;
|
final StringBuilder cpe = new StringBuilder();
|
||||||
|
cpe.append("cpe:/a:").append(vendor).append(':').append(product);
|
||||||
if (num != null) {
|
if (num != null) {
|
||||||
cpe += ':' + num;
|
cpe.append(':').append(num);
|
||||||
}
|
}
|
||||||
if (edition != null) {
|
if (edition != null) {
|
||||||
cpe += ':' + edition;
|
cpe.append(':').append(edition);
|
||||||
}
|
}
|
||||||
final VulnerableSoftware vs = new VulnerableSoftware();
|
final VulnerableSoftware vs = new VulnerableSoftware();
|
||||||
vs.setCpe(cpe);
|
vs.setCpe(cpe.toString());
|
||||||
vs.setPreviousVersion(prev);
|
vs.setPreviousVersion(prev);
|
||||||
software.add(vs);
|
software.add(vs);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user