Merge branch 'upmaster' into node-js-analyzer

Conflicts: dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java dependency-check-cli/src/site/markdown/arguments.md dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer
2026-03-27 19:41:38 +01:00 · 2015-08-25 13:03:12 -04:00
parent bf4eb07342 054be314f6
commit 9e25480baa
40 changed files with 805 additions and 193 deletions
--- a/dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer
+++ b/dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer
@@ -17,4 +17,5 @@ org.owasp.dependencycheck.analyzer.PythonPackageAnalyzer
 org.owasp.dependencycheck.analyzer.AutoconfAnalyzer
 org.owasp.dependencycheck.analyzer.OpenSSLAnalyzer
 org.owasp.dependencycheck.analyzer.CMakeAnalyzer
-org.owasp.dependencycheck.analyzer.NodePackageAnalyzer
+org.owasp.dependencycheck.analyzer.NodePackageAnalyzer
+org.owasp.dependencycheck.analyzer.RubyGemspecAnalyzer
--- a/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
+++ b/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
@@ -17,6 +17,7 @@
        <cpe>cpe:/a:mod_security:mod_security</cpe>
        <cpe>cpe:/a:springsource:spring_framework</cpe>
        <cpe>cpe:/a:vmware:springsource_spring_framework</cpe>
+        <cpe>cpe:/a:pivotal:spring_framework</cpe>
    </suppress>
    <suppress base="true">
        <notes><![CDATA[
--- a/dependency-check-core/src/main/resources/templates/HtmlReport.vsl
+++ b/dependency-check-core/src/main/resources/templates/HtmlReport.vsl
@@ -504,7 +504,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
        <div id="modal-background"></div>
        <div id="modal-content">
            <div>Press CTR-C to copy XML&nbsp;<a href="http://jeremylong.github.io/DependencyCheck/suppression.html" class="infolink" target="_blank" title="Help with suppressing false positives">[help]</a></div>
-                <textarea id="modal-text" cols="50" rows="10"></textarea><br/>
+                <textarea id="modal-text" cols="50" rows="10" readonly></textarea><br/>
                <button id="modal-add-header" title="Add the parent XML nodes to create the complete XML file that can be used to suppress this finding" class="modal-button">Complete XML Doc</button><button id="modal-close" class="modal-button-right">Close</button>
        </div>
        <div class="wrapper">
@@ -591,6 +591,7 @@ arising out of or in connection with the use of this tool, the analysis performe
                                #else
                                    $enc.html($id.value)
                                #end
+                                #set($cpeSort=0)
                                #if ($cpeIdConf == "")
                                    #set($cpeIdConf=$id.confidence)
                                    #set($cpeSort=$id.confidence.ordinal())
@@ -602,11 +603,15 @@ arising out of or in connection with the use of this tool, the analysis performe
                            #end
                        #end
                        </td>
+                        #if ($mavenlink=="")
+                        <td data-sort-value="">
+                        #else
                        <td data-sort-value="$enc.html($mavenlink.value)">#if( $mavenlink.url )
-                            ##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
+                            ##yes, we are HTML Encoding the href. This is okay. We can't URL encode as we have to trust the analyzer here...
                            <a href="$enc.html($mavenlink.url)" target="_blank">$enc.html($mavenlink.value)</a>
                        #elseif ($mavenlink.value)
                            $enc.html($mavenlink.value)
+                        #end
                        #end</td>
                        #set($cveImpact=-1)
                        #foreach($vuln in $dependency.getVulnerabilities())