github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-25 18:41:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug fixes

Browse Source
This commit is contained in:
Jeremy Long
2017-09-27 06:38:52 -04:00
parent 516390827b
commit 9c0a166b7d
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java
View File

@@ -28,6 +28,8 @@ import java.net.URL;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.concurrent.ThreadSafe; import javax.annotation.concurrent.ThreadSafe;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.Settings;
@@ -38,6 +40,8 @@ import javax.json.Json;
import javax.json.JsonArray; import javax.json.JsonArray;
import javax.json.JsonObject; import javax.json.JsonObject;
import javax.json.JsonReader; import javax.json.JsonReader;
import javax.json.JsonValue;
import javax.json.JsonValue.ValueType;
import static org.owasp.dependencycheck.analyzer.NspAnalyzer.DEFAULT_URL; import static org.owasp.dependencycheck.analyzer.NspAnalyzer.DEFAULT_URL;
import org.owasp.dependencycheck.utils.URLConnectionFailureException; import org.owasp.dependencycheck.utils.URLConnectionFailureException;
@@ -133,7 +137,13 @@ public class NspSearch {
advisory.setOverview(object.getString("overview")); advisory.setOverview(object.getString("overview"));
advisory.setRecommendation(object.getString("recommendation", null)); advisory.setRecommendation(object.getString("recommendation", null));
advisory.setCvssVector(object.getString("cvss_vector", null)); advisory.setCvssVector(object.getString("cvss_vector", null));
advisory.setCvssScore(Float.parseFloat(object.getJsonNumber("cvss_score").toString()));
if (object.get("cvss_score").getValueType() != ValueType.NULL) {
advisory.setCvssScore(Float.parseFloat(object.getJsonNumber("cvss_score").toString()));
} else {
advisory.setCvssScore(-1);
}
advisory.setModule(object.getString("module", null)); advisory.setModule(object.getString("module", null));
advisory.setVersion(object.getString("version", null)); advisory.setVersion(object.getString("version", null));
advisory.setVulnerableVersions(object.getString("vulnerable_versions", null)); advisory.setVulnerableVersions(object.getString("vulnerable_versions", null));
@@ -153,6 +163,7 @@ public class NspSearch {
} }
} }
break; break;
case 400: case 400:
LOGGER.debug("Invalid payload submitted to Node Security Platform. Received response code: {} {}", LOGGER.debug("Invalid payload submitted to Node Security Platform. Received response code: {} {}",
conn.getResponseCode(), conn.getResponseMessage()); conn.getResponseCode(), conn.getResponseMessage());

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java
View File

@@ -187,6 +187,8 @@ public class H2DBLock {
if (lockFile != null && lockFile.isFile()) { if (lockFile != null && lockFile.isFile()) {
try (RandomAccessFile f = new RandomAccessFile(lockFile, "rw")) { try (RandomAccessFile f = new RandomAccessFile(lockFile, "rw")) {
String m = f.readLine(); String m = f.readLine();
//yes, we are explicitly calling close on an auto-closable object - this is so we can delete the file.
f.close();
if (m != null && m.equals(magic) && !lockFile.delete()) { if (m != null && m.equals(magic) && !lockFile.delete()) {
LOGGER.error("Lock file '{}' was unable to be deleted. Please manually delete this file.", lockFile.toString()); LOGGER.error("Lock file '{}' was unable to be deleted. Please manually delete this file.", lockFile.toString());
lockFile.deleteOnExit(); lockFile.deleteOnExit();