github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 16:49:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

initial fix for issue #445

Browse Source
This commit is contained in:
Jeremy Long
2016-01-24 08:35:44 -05:00
parent 2b0e2e8d0d
commit 9cb2b58557
1 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java
View File

@@ -20,7 +20,6 @@ package org.owasp.dependencycheck.suppression;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Identifier; import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.dependency.Vulnerability; import org.owasp.dependencycheck.dependency.Vulnerability;
@@ -268,8 +267,8 @@ public class SuppressionRule {
} }
/** /**
* A flag indicating whether or not the suppression rule is a core/base rule that should not be included in the * A flag indicating whether or not the suppression rule is a core/base rule that should not be included in the resulting
* resulting report in the "suppressed" section. * report in the "suppressed" section.
*/ */
private boolean base; private boolean base;
@@ -292,8 +291,8 @@ public class SuppressionRule {
} }
/** /**
* Processes a given dependency to determine if any CPE, CVE, CWE, or CVSS scores should be suppressed. If any * Processes a given dependency to determine if any CPE, CVE, CWE, or CVSS scores should be suppressed. If any should be, they
* should be, they are removed from the dependency. * are removed from the dependency.
* *
* @param dependency a project dependency to analyze * @param dependency a project dependency to analyze
*/ */
@@ -382,7 +381,24 @@ public class SuppressionRule {
* @return true if the property type does not specify a version; otherwise false * @return true if the property type does not specify a version; otherwise false
*/ */
boolean cpeHasNoVersion(PropertyType c) { boolean cpeHasNoVersion(PropertyType c) {
return !c.isRegex() && StringUtils.countMatches(c.getValue(), ':') == 3; return !c.isRegex() && countCharacter(c.getValue(), ':') <= 3;
}
/**
* Counts the number of occurrences of the character found within the string.
*
* @param str the string to check
* @param c the character to count
* @return the number of times the character is found in the string
*/
int countCharacter(String str, char c) {
int count = 0;
int pos = str.indexOf(c) + 1;
while (pos > 0) {
count += 1;
pos = str.indexOf(c, pos) + 1;
}
return count;
} }
/** /**