From 713e9658c52bb10217d1f1aac55a978bef9d2fe9 Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Sat, 29 Aug 2015 12:29:44 -0400 Subject: [PATCH] Ruby bundler: got description working. Added boilerplate text describing differences from standard D-C vulnerability report. --- .../dependencycheck/analyzer/RubyBundleAuditAnalyzer.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java index 468a0c34b..65bca7c07 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java @@ -195,10 +195,10 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer { String gem = null; final Map map = new HashMap(); int i = 0; + boolean appendToDescription = false; while (rdr.ready()) { final String nextLine = rdr.readLine(); i++; - boolean appendToDescription = false; if (null == nextLine) { break; } else if (nextLine.startsWith(NAME)) { @@ -268,9 +268,9 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer { vulnerability.getReferences().add(ref); } LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine)); - } else if (nextLine.startsWith("Description: ")) { + } else if (nextLine.startsWith("Description:")) { appendToDescription = true; - vulnerability.setDescription("Vulnerability obtained from bundle-audit. NVD links may not work.\n\n"); + vulnerability.setDescription("*** Vulnerability obtained from bundle-audit verbose report. Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0 indicates unknown). See link below for full details. *** "); } else if (appendToDescription) { vulnerability.setDescription(vulnerability.getDescription() + nextLine + "\n"); }