github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby bundler: got description working. Added boilerplate text describing differences from standard D-C vulnerability report.

Browse Source
This commit is contained in:
Dale Visser
2015-08-29 12:29:44 -04:00
parent 782039810e
commit 713e9658c5
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View File

@@ -195,10 +195,10 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
String gem = null;
final Map<String, Dependency> map = new HashMap<String, Dependency>();
int i = 0;
boolean appendToDescription = false;
while (rdr.ready()) {
final String nextLine = rdr.readLine();
i++;
boolean appendToDescription = false;
if (null == nextLine) {
break;
} else if (nextLine.startsWith(NAME)) {
@@ -268,9 +268,9 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
vulnerability.getReferences().add(ref);
}
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
} else if (nextLine.startsWith("Description: ")) {
} else if (nextLine.startsWith("Description:")) {
appendToDescription = true;
vulnerability.setDescription("Vulnerability obtained from bundle-audit. NVD links may not work.\n\n");
vulnerability.setDescription("*** Vulnerability obtained from bundle-audit verbose report. Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0 indicates unknown). See link below for full details. *** ");
} else if (appendToDescription) {
vulnerability.setDescription(vulnerability.getDescription() + nextLine + "\n");
}