github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-29 13:22:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added final keywords and elaborated the javax.json imports.

Browse Source
This commit is contained in:
Anthony Whitford
2015-09-07 16:28:22 -07:00
parent 85604e8afa
commit a75c17ac5e
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
View File

@@ -28,11 +28,16 @@ import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import javax.json.*;
import java.io.File; import java.io.File;
import java.io.FileFilter; import java.io.FileFilter;
import java.io.IOException; import java.io.IOException;
import java.util.Map; import java.util.Map;
import javax.json.Json;
import javax.json.JsonException;
import javax.json.JsonObject;
import javax.json.JsonReader;
import javax.json.JsonString;
import javax.json.JsonValue;
/** /**
* Used to analyze Node Package Manager (npm) package.json files, and collect information that can be used to determine * Used to analyze Node Package Manager (npm) package.json files, and collect information that can be used to determine
@@ -121,13 +126,13 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
"Problem occurred while reading dependency file.", e); "Problem occurred while reading dependency file.", e);
} }
try { try {
JsonObject json = jsonReader.readObject(); final JsonObject json = jsonReader.readObject();
final EvidenceCollection productEvidence = dependency.getProductEvidence(); final EvidenceCollection productEvidence = dependency.getProductEvidence();
final EvidenceCollection vendorEvidence = dependency.getVendorEvidence(); final EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
if (json.containsKey("name")) { if (json.containsKey("name")) {
Object value = json.get("name"); final Object value = json.get("name");
if (value instanceof JsonString) { if (value instanceof JsonString) {
String valueString = ((JsonString) value).getString(); final String valueString = ((JsonString) value).getString();
productEvidence.addEvidence(PACKAGE_JSON, "name", valueString, Confidence.HIGHEST); productEvidence.addEvidence(PACKAGE_JSON, "name", valueString, Confidence.HIGHEST);
vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString), Confidence.LOW); vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString), Confidence.LOW);
} else { } else {
@@ -147,7 +152,7 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
private void addToEvidence(JsonObject json, EvidenceCollection collection, String key) { private void addToEvidence(JsonObject json, EvidenceCollection collection, String key) {
if (json.containsKey(key)) { if (json.containsKey(key)) {
JsonValue value = json.get(key); final JsonValue value = json.get(key);
if (value instanceof JsonString) { if (value instanceof JsonString) {
collection.addEvidence(PACKAGE_JSON, key, ((JsonString) value).getString(), Confidence.HIGHEST); collection.addEvidence(PACKAGE_JSON, key, ((JsonString) value).getString(), Confidence.HIGHEST);
} else if (value instanceof JsonObject) { } else if (value instanceof JsonObject) {