github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added final keywords and elaborated the javax.json imports.

Browse Source
This commit is contained in:
Anthony Whitford
2015-09-07 16:28:22 -07:00
parent 85604e8afa
commit a75c17ac5e
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
View File

@@ -28,11 +28,16 @@ import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.json.*;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.util.Map;
import javax.json.Json;
import javax.json.JsonException;
import javax.json.JsonObject;
import javax.json.JsonReader;
import javax.json.JsonString;
import javax.json.JsonValue;
/**
* Used to analyze Node Package Manager (npm) package.json files, and collect information that can be used to determine
@@ -121,13 +126,13 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
"Problem occurred while reading dependency file.", e);
}
try {
JsonObject json = jsonReader.readObject();
final JsonObject json = jsonReader.readObject();
final EvidenceCollection productEvidence = dependency.getProductEvidence();
final EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
if (json.containsKey("name")) {
Object value = json.get("name");
final Object value = json.get("name");
if (value instanceof JsonString) {
String valueString = ((JsonString) value).getString();
final String valueString = ((JsonString) value).getString();
productEvidence.addEvidence(PACKAGE_JSON, "name", valueString, Confidence.HIGHEST);
vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString), Confidence.LOW);
} else {
@@ -147,7 +152,7 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
private void addToEvidence(JsonObject json, EvidenceCollection collection, String key) {
if (json.containsKey(key)) {
JsonValue value = json.get(key);
final JsonValue value = json.get(key);
if (value instanceof JsonString) {
collection.addEvidence(PACKAGE_JSON, key, ((JsonString) value).getString(), Confidence.HIGHEST);
} else if (value instanceof JsonObject) {