github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-17 23:04:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby Bundler: Added URL to report.

Browse Source
This commit is contained in:
Dale Visser
2015-08-29 11:33:16 -04:00
parent b473d8ab9c
commit 782039810e
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View File

@@ -198,9 +198,11 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
while (rdr.ready()) { while (rdr.ready()) {
final String nextLine = rdr.readLine(); final String nextLine = rdr.readLine();
i++; i++;
boolean appendToDescription = false;
if (null == nextLine) { if (null == nextLine) {
break; break;
} else if (nextLine.startsWith(NAME)) { } else if (nextLine.startsWith(NAME)) {
appendToDescription = false;
gem = nextLine.substring(NAME.length()); gem = nextLine.substring(NAME.length());
if (map.containsKey(gem)) { if (map.containsKey(gem)) {
dependency = map.get(gem); dependency = map.get(gem);
@@ -265,6 +267,12 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
ref.setUrl(url); ref.setUrl(url);
vulnerability.getReferences().add(ref); vulnerability.getReferences().add(ref);
} }
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
} else if (nextLine.startsWith("Description: ")) {
appendToDescription = true;
vulnerability.setDescription("Vulnerability obtained from bundle-audit. NVD links may not work.\n\n");
} else if (appendToDescription) {
vulnerability.setDescription(vulnerability.getDescription() + nextLine + "\n");
} }
} }
} }