Merge branch 'master' of github.com:jeremylong/DependencyCheck

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/SanitizePackage.java

@@ -69,6 +69,12 @@ public final class SanitizePackage {
      */
     public static JsonObject sanitize(JsonObject rawPackage) {
         final JsonObjectBuilder builder = Json.createObjectBuilder();
+        if (rawPackage.get("name") == null) {
+            // Reproduce the behavior of 'nsp check' by not failing on a
+            // package.json without a name field (string).
+            // https://github.com/jeremylong/DependencyCheck/issues/975
+            builder.add("name", "1");
+        }
         for (Map.Entry<String, JsonValue> entry : rawPackage.entrySet()) {
             if (WHITELIST.contains(entry.getKey())) {
                 builder.add(entry.getKey(), entry.getValue());

dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java

@@ -133,7 +133,7 @@ public class EscapeTool {
      * for display in a CSV.
      *
      * @param ids the set of identifiers
-     * @return the formated list of none CPE identifiers
+     * @return the formatted list of none CPE identifiers
      */
     public String csvIdentifiers(Set<Identifier> ids) {
         if (ids == null || ids.isEmpty()) {
@@ -159,7 +159,7 @@ public class EscapeTool {
      * for display in a CSV.
      *
      * @param ids the set of identifiers
-     * @return the formated list of CPE identifiers
+     * @return the formatted list of CPE identifiers
      */
     public String csvCpe(Set<Identifier> ids) {
         if (ids == null || ids.isEmpty()) {
@@ -185,7 +185,7 @@ public class EscapeTool {
      * for confidence display in a CSV.
      *
      * @param ids the set of identifiers
-     * @return the formated list of confidence
+     * @return the formatted list of confidence
      */
     public String csvCpeConfidence(Set<Identifier> ids) {
         if (ids == null || ids.isEmpty()) {
@@ -211,7 +211,7 @@ public class EscapeTool {
      * for display in a CSV.
      *
      * @param ids the set of identifiers
-     * @return the formated list of GAV identifiers
+     * @return the formatted list of GAV identifiers
      */
     public String csvGav(Set<Identifier> ids) {
         if (ids == null || ids.isEmpty()) {

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/EvidenceMatcher.java

@@ -28,7 +28,7 @@ import org.owasp.dependencycheck.dependency.Evidence;
  * work for a range of similar false positives/false negatives.
  *
  * The EvidenceMatcher is used for processing Evidences of a project's
- * dependencies in conjuction with the {@code <given>} and {@code <remove>}
+ * dependencies in conjunction with the {@code <given>} and {@code <remove>}
  * clauses of the hints file.
  *
  * @author Hans Aikema

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NspAnalyzerTest.java

@@ -91,4 +91,11 @@ public class NspAnalyzerTest extends BaseTest {
         // node modules are not scanned - no evidence is collected
         assertTrue(result.size() == 0);
     }
+
+    @Test
+    public void testAnalyzeInvalidPackageMissingName() throws AnalysisException {
+        final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/minimal-invalid.json"));
+        analyzer.analyze(result, null);
+        // Upon analysis, not throwing an exception in this case, is all that's required to pass this test
+    }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/EngineVersionCheckTest.java

@@ -48,7 +48,7 @@ public class EngineVersionCheckTest extends BaseTest {
      * @return milliseconds
      */
     private long dateToMilliseconds(String date) {
-        //removed for compatability with joda-time 1.6
+        //removed for compatibility with joda-time 1.6
         //DateTimeFormatter dtf = DateTimeFormat.forPattern("yyyy-MM-dd");
         //return DateTime.parse(date, dtf).toInstant().getMillis();
         String[] dp = date.split("-");

dependency-check-core/src/test/resources/nsp/minimal-invalid.json

@@ -0,0 +1 @@
+{ "devDependencies": { "generator-jhipster": "4.5.2" } }

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java

@@ -937,7 +937,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
                     if (this.isFailOnError()) {
                         throw new MojoExecutionException("One or more exceptions occurred during dependency-check analysis", exCol);
                     } else {
-                        getLog().debug("Error writting the report", ex);
+                        getLog().debug("Error writing the report", ex);
                     }
                 }
                 showSummary(this.getProject(), engine.getDependencies());

src/site/markdown/data/cachenvd.md

@@ -78,7 +78,7 @@ $CLI_SCRIPT --cveUrl20Base $NVD/nvdcve-2.0-%d.xml.gz \
 ```
 
 The script takes advantage of the `date` command's ability to parse a variety
-of date formats. The following invokation would successfully point to the
+of date formats. The following invocation would successfully point to the
 `~/NVD/2015-08-03` folder.
 
     $ ./dep-check-date.sh ~/NVD "08/03/2015" -app Foo -scan /path/to/Foo --out ~/DCreports/FooFollowup/

src/site/markdown/general/scan_iso.md

@@ -13,7 +13,7 @@ pair of international file system standards published by
 and ISO/IEC 13346, a.k.a. [UDF](https://en.wikipedia.org/wiki/Universal_Disk_Format). Other types of disk images (e.g.,
 [VHD](https://en.wikipedia.org/wiki/VHD_%28file_format%29)) are outside the
 scope of this article, though the ideas presented here may likely be
-succesfully applied.
+successfully applied.
 
 Linux
 -----