github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 08:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Standardized the Composer / PHP Names

Browse Source
This commit is contained in:
brianf
2017-09-21 15:30:47 -04:00
parent 4a95efefac
commit 7a74917b67
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java
View File

@@ -56,6 +56,11 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
*/
private static final String ANALYZER_NAME = "Composer.lock analyzer";
/**
* The dependency Ecosystem
*/
static final String DEPENDENCY_ECOSYSTEM = "Composer";
/**
* composer.json.
*/
@@ -110,9 +115,12 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
boolean processedAtLeastOneDep = false;
for (ComposerDependency dep : clp.getDependencies()) {
final Dependency d = new Dependency(dependency.getActualFile());
d.setDisplayFileName(String.format("%s:%s/%s/%s", dependency.getDisplayFileName(), dep.getGroup(), dep.getProject(), dep.getVersion()));
final String filePath = String.format("%s:%s/%s/%s", dependency.getFilePath(), dep.getGroup(), dep.getProject(), dep.getVersion());
d.setName(dep.getProject());
d.setVersion(dep.getVersion());
d.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
final MessageDigest sha1 = getSha1MessageDigest();
d.setFilePath(filePath);
d.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes(Charset.defaultCharset()))));

6
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java
View File

@@ -126,7 +126,11 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {
//make sure the redundant composer.lock is removed
assertFalse(engine.getDependencies().contains(result));
assertEquals(30,engine.getDependencies().size());
assertThat(engine.getDependencies().get(0).getDisplayFileName(),equalTo("composer.lock:classpreloader/classpreloader/2.0.0"));
Dependency d = engine.getDependencies().get(0);
assertEquals("classpreloader",d.getName());
assertEquals("2.0.0",d.getVersion());
assertThat(d.getDisplayFileName(),equalTo("classpreloader:2.0.0"));
assertEquals(ComposerLockAnalyzer.DEPENDENCY_ECOSYSTEM,d.getDependencyEcosystem());
}