github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-25 18:41:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby bundler: got description working. Added boilerplate text describing differences from standard D-C vulnerability report.

Browse Source
This commit is contained in:
Dale Visser
2015-08-29 12:29:44 -04:00
parent 782039810e
commit 713e9658c5
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View File

@@ -195,10 +195,10 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
String gem = null; String gem = null;
final Map<String, Dependency> map = new HashMap<String, Dependency>(); final Map<String, Dependency> map = new HashMap<String, Dependency>();
int i = 0; int i = 0;
boolean appendToDescription = false;
while (rdr.ready()) { while (rdr.ready()) {
final String nextLine = rdr.readLine(); final String nextLine = rdr.readLine();
i++; i++;
boolean appendToDescription = false;
if (null == nextLine) { if (null == nextLine) {
break; break;
} else if (nextLine.startsWith(NAME)) { } else if (nextLine.startsWith(NAME)) {
@@ -268,9 +268,9 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
vulnerability.getReferences().add(ref); vulnerability.getReferences().add(ref);
} }
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine)); LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
} else if (nextLine.startsWith("Description: ")) { } else if (nextLine.startsWith("Description:")) {
appendToDescription = true; appendToDescription = true;
vulnerability.setDescription("Vulnerability obtained from bundle-audit. NVD links may not work.\n\n"); vulnerability.setDescription("*** Vulnerability obtained from bundle-audit verbose report. Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0 indicates unknown). See link below for full details. *** ");
} else if (appendToDescription) { } else if (appendToDescription) {
vulnerability.setDescription(vulnerability.getDescription() + nextLine + "\n"); vulnerability.setDescription(vulnerability.getDescription() + nextLine + "\n");
} }