mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-05-01 04:34:45 +02:00
Merge branch 'fix-cvss-for-bundle-audit' of git://github.com/geramirez/DependencyCheck into geramirez-fix-cvss-for-bundle-audit
This commit is contained in:
Jeremy Long
@@ -20,6 +20,7 @@ package org.owasp.dependencycheck.analyzer;
|
||||
import org.apache.commons.io.FileUtils;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
import org.owasp.dependencycheck.dependency.Confidence;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.dependency.Reference;
|
||||
@@ -58,6 +59,10 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
public static final String ADVISORY = "Advisory: ";
|
||||
public static final String CRITICALITY = "Criticality: ";
|
||||
|
||||
public static CveDB CVEDB = new CveDB();
|
||||
//instance.open();
|
||||
//Vulnerability result = instance.getVulnerability("CVE-2015-3225");
|
||||
|
||||
/**
|
||||
* @return a filter that accepts files named Gemfile.lock
|
||||
*/
|
||||
@@ -300,6 +305,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
} else if ("Low".equals(criticality)) {
|
||||
vulnerability.setCvssScore(2.0f);
|
||||
} else {
|
||||
//vulnerability.getName()
|
||||
vulnerability.setCvssScore(-1.0f);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -372,7 +372,7 @@ public class CveDB {
|
||||
* @return a vulnerability object
|
||||
* @throws DatabaseException if an exception occurs
|
||||
*/
|
||||
private Vulnerability getVulnerability(String cve) throws DatabaseException {
|
||||
public Vulnerability getVulnerability(String cve) throws DatabaseException {
|
||||
PreparedStatement psV = null;
|
||||
PreparedStatement psR = null;
|
||||
PreparedStatement psS = null;
|
||||
|
||||
Reference in New Issue
Block a user