Merge branch 'master' of github.com:jeremylong/DependencyCheck

2026-02-23 02:45:19 +01:00 · 2017-11-10 06:24:39 -05:00
parent 2431da4c6e 088566a2cf
commit 8ebaf055a1
9 changed files with 23 additions and 9 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/SanitizePackage.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/SanitizePackage.java
@@ -69,6 +69,12 @@ public final class SanitizePackage {
     */
    public static JsonObject sanitize(JsonObject rawPackage) {
        final JsonObjectBuilder builder = Json.createObjectBuilder();
+        if (rawPackage.get("name") == null) {
+            // Reproduce the behavior of 'nsp check' by not failing on a
+            // package.json without a name field (string).
+            // https://github.com/jeremylong/DependencyCheck/issues/975
+            builder.add("name", "1");
+        }
        for (Map.Entry<String, JsonValue> entry : rawPackage.entrySet()) {
            if (WHITELIST.contains(entry.getKey())) {
                builder.add(entry.getKey(), entry.getValue());
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java
@@ -133,7 +133,7 @@ public class EscapeTool {
     * for display in a CSV.
     *
     * @param ids the set of identifiers
-     * @return the formated list of none CPE identifiers
+     * @return the formatted list of none CPE identifiers
     */
    public String csvIdentifiers(Set<Identifier> ids) {
        if (ids == null || ids.isEmpty()) {
@@ -159,7 +159,7 @@ public class EscapeTool {
     * for display in a CSV.
     *
     * @param ids the set of identifiers
-     * @return the formated list of CPE identifiers
+     * @return the formatted list of CPE identifiers
     */
    public String csvCpe(Set<Identifier> ids) {
        if (ids == null || ids.isEmpty()) {
@@ -185,7 +185,7 @@ public class EscapeTool {
     * for confidence display in a CSV.
     *
     * @param ids the set of identifiers
-     * @return the formated list of confidence
+     * @return the formatted list of confidence
     */
    public String csvCpeConfidence(Set<Identifier> ids) {
        if (ids == null || ids.isEmpty()) {
@@ -211,7 +211,7 @@ public class EscapeTool {
     * for display in a CSV.
     *
     * @param ids the set of identifiers
-     * @return the formated list of GAV identifiers
+     * @return the formatted list of GAV identifiers
     */
    public String csvGav(Set<Identifier> ids) {
        if (ids == null || ids.isEmpty()) {
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/EvidenceMatcher.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/EvidenceMatcher.java
@@ -28,7 +28,7 @@ import org.owasp.dependencycheck.dependency.Evidence;
 * work for a range of similar false positives/false negatives.
 *
 * The EvidenceMatcher is used for processing Evidences of a project's
- * dependencies in conjuction with the {@code <given>} and {@code <remove>}
+ * dependencies in conjunction with the {@code <given>} and {@code <remove>}
 * clauses of the hints file.
 *
 * @author Hans Aikema