diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/SanitizePackage.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/SanitizePackage.java index 4bee31ceb..888ab0999 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/SanitizePackage.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/SanitizePackage.java @@ -69,6 +69,12 @@ public final class SanitizePackage { */ public static JsonObject sanitize(JsonObject rawPackage) { final JsonObjectBuilder builder = Json.createObjectBuilder(); + if (rawPackage.get("name") == null) { + // Reproduce the behavior of 'nsp check' by not failing on a + // package.json without a name field (string). + // https://github.com/jeremylong/DependencyCheck/issues/975 + builder.add("name", "1"); + } for (Map.Entry entry : rawPackage.entrySet()) { if (WHITELIST.contains(entry.getKey())) { builder.add(entry.getKey(), entry.getValue()); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java index 262112a4c..f2e544be0 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java @@ -133,7 +133,7 @@ public class EscapeTool { * for display in a CSV. * * @param ids the set of identifiers - * @return the formated list of none CPE identifiers + * @return the formatted list of none CPE identifiers */ public String csvIdentifiers(Set ids) { if (ids == null || ids.isEmpty()) { @@ -159,7 +159,7 @@ public class EscapeTool { * for display in a CSV. * * @param ids the set of identifiers - * @return the formated list of CPE identifiers + * @return the formatted list of CPE identifiers */ public String csvCpe(Set ids) { if (ids == null || ids.isEmpty()) { @@ -185,7 +185,7 @@ public class EscapeTool { * for confidence display in a CSV. * * @param ids the set of identifiers - * @return the formated list of confidence + * @return the formatted list of confidence */ public String csvCpeConfidence(Set ids) { if (ids == null || ids.isEmpty()) { @@ -211,7 +211,7 @@ public class EscapeTool { * for display in a CSV. * * @param ids the set of identifiers - * @return the formated list of GAV identifiers + * @return the formatted list of GAV identifiers */ public String csvGav(Set ids) { if (ids == null || ids.isEmpty()) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/EvidenceMatcher.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/EvidenceMatcher.java index c869b761a..393fc6d88 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/EvidenceMatcher.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/EvidenceMatcher.java @@ -28,7 +28,7 @@ import org.owasp.dependencycheck.dependency.Evidence; * work for a range of similar false positives/false negatives. * * The EvidenceMatcher is used for processing Evidences of a project's - * dependencies in conjuction with the {@code } and {@code } + * dependencies in conjunction with the {@code } and {@code } * clauses of the hints file. * * @author Hans Aikema diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NspAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NspAnalyzerTest.java index 5d9d7b747..dfcd98d3f 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NspAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NspAnalyzerTest.java @@ -91,4 +91,11 @@ public class NspAnalyzerTest extends BaseTest { // node modules are not scanned - no evidence is collected assertTrue(result.size() == 0); } + + @Test + public void testAnalyzeInvalidPackageMissingName() throws AnalysisException { + final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/minimal-invalid.json")); + analyzer.analyze(result, null); + // Upon analysis, not throwing an exception in this case, is all that's required to pass this test + } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/EngineVersionCheckTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/EngineVersionCheckTest.java index 78991f6a8..f9045169f 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/EngineVersionCheckTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/EngineVersionCheckTest.java @@ -48,7 +48,7 @@ public class EngineVersionCheckTest extends BaseTest { * @return milliseconds */ private long dateToMilliseconds(String date) { - //removed for compatability with joda-time 1.6 + //removed for compatibility with joda-time 1.6 //DateTimeFormatter dtf = DateTimeFormat.forPattern("yyyy-MM-dd"); //return DateTime.parse(date, dtf).toInstant().getMillis(); String[] dp = date.split("-"); diff --git a/dependency-check-core/src/test/resources/nsp/minimal-invalid.json b/dependency-check-core/src/test/resources/nsp/minimal-invalid.json new file mode 100644 index 000000000..37f52b5b5 --- /dev/null +++ b/dependency-check-core/src/test/resources/nsp/minimal-invalid.json @@ -0,0 +1 @@ +{ "devDependencies": { "generator-jhipster": "4.5.2" } } \ No newline at end of file diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index c69443d9c..81aea60e1 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -937,7 +937,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma if (this.isFailOnError()) { throw new MojoExecutionException("One or more exceptions occurred during dependency-check analysis", exCol); } else { - getLog().debug("Error writting the report", ex); + getLog().debug("Error writing the report", ex); } } showSummary(this.getProject(), engine.getDependencies()); diff --git a/src/site/markdown/data/cachenvd.md b/src/site/markdown/data/cachenvd.md index 3a6df0be2..555d4d767 100644 --- a/src/site/markdown/data/cachenvd.md +++ b/src/site/markdown/data/cachenvd.md @@ -78,7 +78,7 @@ $CLI_SCRIPT --cveUrl20Base $NVD/nvdcve-2.0-%d.xml.gz \ ``` The script takes advantage of the `date` command's ability to parse a variety -of date formats. The following invokation would successfully point to the +of date formats. The following invocation would successfully point to the `~/NVD/2015-08-03` folder. $ ./dep-check-date.sh ~/NVD "08/03/2015" -app Foo -scan /path/to/Foo --out ~/DCreports/FooFollowup/ diff --git a/src/site/markdown/general/scan_iso.md b/src/site/markdown/general/scan_iso.md index 66e3c03a7..8a66a1741 100644 --- a/src/site/markdown/general/scan_iso.md +++ b/src/site/markdown/general/scan_iso.md @@ -13,7 +13,7 @@ pair of international file system standards published by and ISO/IEC 13346, a.k.a. [UDF](https://en.wikipedia.org/wiki/Universal_Disk_Format). Other types of disk images (e.g., [VHD](https://en.wikipedia.org/wiki/VHD_%28file_format%29)) are outside the scope of this article, though the ideas presented here may likely be -succesfully applied. +successfully applied. Linux -----