mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-16 16:46:55 +01:00
Merge branch 'master' of github.com:jeremylong/DependencyCheck
This commit is contained in:
Jeremy Long
@@ -69,6 +69,12 @@ public final class SanitizePackage {
|
||||
*/
|
||||
public static JsonObject sanitize(JsonObject rawPackage) {
|
||||
final JsonObjectBuilder builder = Json.createObjectBuilder();
|
||||
if (rawPackage.get("name") == null) {
|
||||
// Reproduce the behavior of 'nsp check' by not failing on a
|
||||
// package.json without a name field (string).
|
||||
// https://github.com/jeremylong/DependencyCheck/issues/975
|
||||
builder.add("name", "1");
|
||||
}
|
||||
for (Map.Entry<String, JsonValue> entry : rawPackage.entrySet()) {
|
||||
if (WHITELIST.contains(entry.getKey())) {
|
||||
builder.add(entry.getKey(), entry.getValue());
|
||||
|
||||
@@ -133,7 +133,7 @@ public class EscapeTool {
|
||||
* for display in a CSV.
|
||||
*
|
||||
* @param ids the set of identifiers
|
||||
* @return the formated list of none CPE identifiers
|
||||
* @return the formatted list of none CPE identifiers
|
||||
*/
|
||||
public String csvIdentifiers(Set<Identifier> ids) {
|
||||
if (ids == null || ids.isEmpty()) {
|
||||
@@ -159,7 +159,7 @@ public class EscapeTool {
|
||||
* for display in a CSV.
|
||||
*
|
||||
* @param ids the set of identifiers
|
||||
* @return the formated list of CPE identifiers
|
||||
* @return the formatted list of CPE identifiers
|
||||
*/
|
||||
public String csvCpe(Set<Identifier> ids) {
|
||||
if (ids == null || ids.isEmpty()) {
|
||||
@@ -185,7 +185,7 @@ public class EscapeTool {
|
||||
* for confidence display in a CSV.
|
||||
*
|
||||
* @param ids the set of identifiers
|
||||
* @return the formated list of confidence
|
||||
* @return the formatted list of confidence
|
||||
*/
|
||||
public String csvCpeConfidence(Set<Identifier> ids) {
|
||||
if (ids == null || ids.isEmpty()) {
|
||||
@@ -211,7 +211,7 @@ public class EscapeTool {
|
||||
* for display in a CSV.
|
||||
*
|
||||
* @param ids the set of identifiers
|
||||
* @return the formated list of GAV identifiers
|
||||
* @return the formatted list of GAV identifiers
|
||||
*/
|
||||
public String csvGav(Set<Identifier> ids) {
|
||||
if (ids == null || ids.isEmpty()) {
|
||||
|
||||
@@ -28,7 +28,7 @@ import org.owasp.dependencycheck.dependency.Evidence;
|
||||
* work for a range of similar false positives/false negatives.
|
||||
*
|
||||
* The EvidenceMatcher is used for processing Evidences of a project's
|
||||
* dependencies in conjuction with the {@code <given>} and {@code <remove>}
|
||||
* dependencies in conjunction with the {@code <given>} and {@code <remove>}
|
||||
* clauses of the hints file.
|
||||
*
|
||||
* @author Hans Aikema
|
||||
|
||||
@@ -91,4 +91,11 @@ public class NspAnalyzerTest extends BaseTest {
|
||||
// node modules are not scanned - no evidence is collected
|
||||
assertTrue(result.size() == 0);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAnalyzeInvalidPackageMissingName() throws AnalysisException {
|
||||
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/minimal-invalid.json"));
|
||||
analyzer.analyze(result, null);
|
||||
// Upon analysis, not throwing an exception in this case, is all that's required to pass this test
|
||||
}
|
||||
}
|
||||
|
||||
@@ -48,7 +48,7 @@ public class EngineVersionCheckTest extends BaseTest {
|
||||
* @return milliseconds
|
||||
*/
|
||||
private long dateToMilliseconds(String date) {
|
||||
//removed for compatability with joda-time 1.6
|
||||
//removed for compatibility with joda-time 1.6
|
||||
//DateTimeFormatter dtf = DateTimeFormat.forPattern("yyyy-MM-dd");
|
||||
//return DateTime.parse(date, dtf).toInstant().getMillis();
|
||||
String[] dp = date.split("-");
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{ "devDependencies": { "generator-jhipster": "4.5.2" } }
|
||||
Reference in New Issue
Block a user