bug fixes

2026-01-14 07:43:40 +01:00 · 2017-09-27 06:38:52 -04:00
parent 516390827b
commit 9c0a166b7d
2 changed files with 14 additions and 1 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java
@@ -28,6 +28,8 @@ import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
+import java.util.Set;
 import javax.annotation.concurrent.ThreadSafe;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.utils.Settings;
@@ -38,6 +40,8 @@ import javax.json.Json;
 import javax.json.JsonArray;
 import javax.json.JsonObject;
 import javax.json.JsonReader;
+import javax.json.JsonValue;
+import javax.json.JsonValue.ValueType;
 import static org.owasp.dependencycheck.analyzer.NspAnalyzer.DEFAULT_URL;
 import org.owasp.dependencycheck.utils.URLConnectionFailureException;

@@ -133,7 +137,13 @@ public class NspSearch {
                                advisory.setOverview(object.getString("overview"));
                                advisory.setRecommendation(object.getString("recommendation", null));
                                advisory.setCvssVector(object.getString("cvss_vector", null));
-                                advisory.setCvssScore(Float.parseFloat(object.getJsonNumber("cvss_score").toString()));
+
+                                if (object.get("cvss_score").getValueType() != ValueType.NULL) {
+                                    advisory.setCvssScore(Float.parseFloat(object.getJsonNumber("cvss_score").toString()));
+                                } else {
+                                    advisory.setCvssScore(-1);
+                                }
+
                                advisory.setModule(object.getString("module", null));
                                advisory.setVersion(object.getString("version", null));
                                advisory.setVulnerableVersions(object.getString("vulnerable_versions", null));
@@ -153,6 +163,7 @@ public class NspSearch {
                        }
                    }
                    break;
+
                case 400:
                    LOGGER.debug("Invalid payload submitted to Node Security Platform. Received response code: {} {}",
                            conn.getResponseCode(), conn.getResponseMessage());
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java
@@ -187,6 +187,8 @@ public class H2DBLock {
        if (lockFile != null && lockFile.isFile()) {
            try (RandomAccessFile f = new RandomAccessFile(lockFile, "rw")) {
                String m = f.readLine();
+                //yes, we are explicitly calling close on an auto-closable object - this is so we can delete the file.
+                f.close();
                if (m != null && m.equals(magic) && !lockFile.delete()) {
                    LOGGER.error("Lock file '{}' was unable to be deleted. Please manually delete this file.", lockFile.toString());
                    lockFile.deleteOnExit();