github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-22 09:09:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated so that the Filename was properely escaped in Javascript so that it shows up correctly in the report to fix issue #91

Browse Source 
Former-commit-id: e2de967442f9504ede9402760c33a1b7501a3536
This commit is contained in:
Jeremy Long
2014-03-16 04:13:43 -04:00
parent 776614d211
commit 79fd23d51b
2 changed files with 23 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View File

@@ -106,16 +106,26 @@ public class Dependency implements Comparable<Dependency> {
/** /**
* Returns the file name of the dependency. * Returns the file name of the dependency.
* *
* @return the file name of the dependency. * @return the file name of the dependency
*/ */
public String getFileName() { public String getFileName() {
return this.fileName; return this.fileName;
} }
/**
* Returns the file name of the dependency with the backslash escaped for use in JavaScript. This is a complete hack
* as I could not get the replace to work in the template itself.
*
* @return the file name of the dependency with the backslash escaped for use in JavaScript
*/
public String getFileNameForJavaScript() {
return this.fileName.replace("\\", "\\\\");
}
/** /**
* Sets the file name of the dependency. * Sets the file name of the dependency.
* *
* @param fileName the file name of the dependency. * @param fileName the file name of the dependency
*/ */
public void setFileName(String fileName) { public void setFileName(String fileName) {
this.fileName = fileName; this.fileName = fileName;
@@ -124,7 +134,7 @@ public class Dependency implements Comparable<Dependency> {
/** /**
* Sets the actual file path of the dependency on disk. * Sets the actual file path of the dependency on disk.
* *
* @param actualFilePath the file path of the dependency. * @param actualFilePath the file path of the dependency
*/ */
public void setActualFilePath(String actualFilePath) { public void setActualFilePath(String actualFilePath) {
this.actualFilePath = actualFilePath; this.actualFilePath = actualFilePath;
@@ -137,7 +147,7 @@ public class Dependency implements Comparable<Dependency> {
/** /**
* Gets the file path of the dependency. * Gets the file path of the dependency.
* *
* @return the file path of the dependency. * @return the file path of the dependency
*/ */
public String getActualFilePath() { public String getActualFilePath() {
return this.actualFilePath; return this.actualFilePath;
@@ -146,7 +156,7 @@ public class Dependency implements Comparable<Dependency> {
/** /**
* Gets a reference to the File object. * Gets a reference to the File object.
* *
* @return the File object. * @return the File object
*/ */
public File getActualFile() { public File getActualFile() {
return new File(this.actualFilePath); return new File(this.actualFilePath);
@@ -155,7 +165,7 @@ public class Dependency implements Comparable<Dependency> {
/** /**
* Sets the file path of the dependency. * Sets the file path of the dependency.
* *
* @param filePath the file path of the dependency. * @param filePath the file path of the dependency
*/ */
public void setFilePath(String filePath) { public void setFilePath(String filePath) {
this.filePath = filePath; this.filePath = filePath;
@@ -168,7 +178,7 @@ public class Dependency implements Comparable<Dependency> {
* <b>NOTE:</b> This may not be the actual path of the file on disk. The actual path of the file on disk can be * <b>NOTE:</b> This may not be the actual path of the file on disk. The actual path of the file on disk can be
* obtained via the getActualFilePath().</p> * obtained via the getActualFilePath().</p>
* *
* @return the file path of the dependency. * @return the file path of the dependency
*/ */
public String getFilePath() { public String getFilePath() {
return this.filePath; return this.filePath;
@@ -177,7 +187,7 @@ public class Dependency implements Comparable<Dependency> {
/** /**
* Sets the file name of the dependency. * Sets the file name of the dependency.
* *
* @param fileExtension the file name of the dependency. * @param fileExtension the file name of the dependency
*/ */
public void setFileExtension(String fileExtension) { public void setFileExtension(String fileExtension) {
this.fileExtension = fileExtension; this.fileExtension = fileExtension;
@@ -186,7 +196,7 @@ public class Dependency implements Comparable<Dependency> {
/** /**
* Gets the file extension of the dependency. * Gets the file extension of the dependency.
* *
* @return the file extension of the dependency. * @return the file extension of the dependency
*/ */
public String getFileExtension() { public String getFileExtension() {
return this.fileExtension; return this.fileExtension;
@@ -231,7 +241,7 @@ public class Dependency implements Comparable<Dependency> {
/** /**
* Returns a List of Identifiers. * Returns a List of Identifiers.
* *
* @return an ArrayList of Identifiers. * @return an ArrayList of Identifiers
*/ */
public Set<Identifier> getIdentifiers() { public Set<Identifier> getIdentifiers() {
return this.identifiers; return this.identifiers;
@@ -240,7 +250,7 @@ public class Dependency implements Comparable<Dependency> {
/** /**
* Sets a List of Identifiers. * Sets a List of Identifiers.
* *
* @param identifiers A list of Identifiers. * @param identifiers A list of Identifiers
*/ */
public void setIdentifiers(Set<Identifier> identifiers) { public void setIdentifiers(Set<Identifier> identifiers) {
this.identifiers = identifiers; this.identifiers = identifiers;

4
dependency-check-core/src/main/resources/templates/HtmlReport.vsl
View File

@@ -586,7 +586,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
#end #end
#if ($id.type=="cpe") #if ($id.type=="cpe")
##yes, we are HTML Encoding into JavaScript... the escape utils don't have a JS Encode and I haven't written one yet ##yes, we are HTML Encoding into JavaScript... the escape utils don't have a JS Encode and I haven't written one yet
&nbsp;&nbsp;<button class="copybutton" onclick="copyText('$esc.html($dependency.FileName)', '$esc.html($dependency.Sha1sum)', 'cpe', '$esc.html($id.value)')">suppress</button> &nbsp;&nbsp;<button class="copybutton" onclick="copyText('$esc.html($dependency.FileNameForJavaScript)', '$esc.html($dependency.Sha1sum)', 'cpe', '$esc.html($id.value)')">suppress</button>
#end #end
#if ($id.description) #if ($id.description)
<br/>$esc.html($id.description) <br/>$esc.html($id.description)
@@ -602,7 +602,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
<div id="content$cnt" class="subsectioncontent standardsubsection"> <div id="content$cnt" class="subsectioncontent standardsubsection">
#foreach($vuln in $dependency.getVulnerabilities()) #foreach($vuln in $dependency.getVulnerabilities())
#set($vsctr=$vsctr+1) #set($vsctr=$vsctr+1)
<p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=$esc.url($vuln.name)">$esc.html($vuln.name)</a></b>&nbsp;&nbsp;<button class="copybutton" onclick="copyText('$esc.html($dependency.FileName)', '$esc.html($dependency.Sha1sum)', 'cve', '$esc.html($vuln.name)')">suppress</button></p> <p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=$esc.url($vuln.name)">$esc.html($vuln.name)</a></b>&nbsp;&nbsp;<button class="copybutton" onclick="copyText('$esc.html($dependency.FileNameForJavaScript)', '$esc.html($dependency.Sha1sum)', 'cve', '$esc.html($vuln.name)')">suppress</button></p>
<p>Severity: <p>Severity:
#if ($vuln.cvssScore<4.0) #if ($vuln.cvssScore<4.0)
Low Low