github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-22 17:19:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added check for node_modules directory. Will skip if package.json is a node module. Fixes #797

Browse Source
This commit is contained in:
stevespringett
2017-07-21 15:18:10 -05:00
parent 60b8bde19a
commit 784a1393fc
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
View File

@@ -149,6 +149,12 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
final File file = dependency.getActualFile(); final File file = dependency.getActualFile();
try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) { try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
// Do not scan the node_modules directory
if (file.getCanonicalPath().contains(File.separator + "node_modules" + File.separator )) {
LOGGER.debug("Skipping analysis of node module: " + file.getCanonicalPath());
return;
}
// Retrieves the contents of package.json from the Dependency // Retrieves the contents of package.json from the Dependency
final JsonObject packageJson = jsonReader.readObject(); final JsonObject packageJson = jsonReader.readObject();