github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-31 22:23:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

node.js: Added parent folder to display file name. Added try-catch for JSONException, logging warning message in that case.

Browse Source
This commit is contained in:
Dale Visser
2015-08-09 11:32:57 -04:00
parent 4b17fd88a3
commit 7a535b2576
1 changed files with 22 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
View File

@@ -18,6 +18,7 @@
package org.owasp.dependencycheck.analyzer; package org.owasp.dependencycheck.analyzer;
import org.apache.commons.io.FileUtils; import org.apache.commons.io.FileUtils;
import org.json.JSONException;
import org.json.JSONObject; import org.json.JSONObject;
import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
@@ -29,6 +30,7 @@ import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.FileFilter; import java.io.FileFilter;
import java.io.IOException; import java.io.IOException;
@@ -110,13 +112,15 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
@Override @Override
protected void analyzeFileType(Dependency dependency, Engine engine) protected void analyzeFileType(Dependency dependency, Engine engine)
throws AnalysisException { throws AnalysisException {
final File file = dependency.getActualFile();
String contents; String contents;
try { try {
contents = FileUtils.readFileToString(dependency.getActualFile()).trim(); contents = FileUtils.readFileToString(file).trim();
} catch (IOException e) { } catch (IOException e) {
throw new AnalysisException( throw new AnalysisException(
"Problem occurred while reading dependency file.", e); "Problem occurred while reading dependency file.", e);
} }
try {
JSONObject json = new JSONObject(contents); JSONObject json = new JSONObject(contents);
final EvidenceCollection productEvidence = dependency.getProductEvidence(); final EvidenceCollection productEvidence = dependency.getProductEvidence();
final EvidenceCollection vendorEvidence = dependency.getVendorEvidence(); final EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
@@ -130,9 +134,12 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
} }
} }
addToEvidence(json, productEvidence, "description"); addToEvidence(json, productEvidence, "description");
addToEvidence(json, vendorEvidence, "author"); addToEvidence(json, vendorEvidence, "author");
addToEvidence(json, dependency.getVersionEvidence(), "version"); addToEvidence(json, dependency.getVersionEvidence(), "version");
dependency.setDisplayFileName(String.format("%s/%s", file.getParentFile().getName(), file.getName()));
} catch (JSONException e) {
LOGGER.warn("Failed to parse package.json file.", e);
}
} }
private void addToEvidence(JSONObject json, EvidenceCollection collection, String key) { private void addToEvidence(JSONObject json, EvidenceCollection collection, String key) {