mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-15 00:03:43 +01:00
Make fixes to NspAnalyzer to correctly parse package.json files
* parse `bundledDependencies` and `bundleDependencies' as a JsonArray * parse `license` as a JsonObject for older libraries that used license objects
This commit is contained in:
Kevin Tham
@@ -43,6 +43,7 @@ import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import javax.json.Json;
|
||||
import javax.json.JsonArray;
|
||||
import javax.json.JsonException;
|
||||
import javax.json.JsonObject;
|
||||
import javax.json.JsonObjectBuilder;
|
||||
@@ -232,11 +233,11 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
processPackage(dependency, dependencies, "peerDependencies");
|
||||
}
|
||||
if (packageJson.containsKey("bundleDependencies")) {
|
||||
final JsonObject dependencies = packageJson.getJsonObject("bundleDependencies");
|
||||
final JsonArray dependencies = packageJson.getJsonArray("bundleDependencies");
|
||||
processPackage(dependency, dependencies, "bundleDependencies");
|
||||
}
|
||||
if (packageJson.containsKey("bundledDependencies")) {
|
||||
final JsonObject dependencies = packageJson.getJsonObject("bundledDependencies");
|
||||
final JsonArray dependencies = packageJson.getJsonArray("bundledDependencies");
|
||||
processPackage(dependency, dependencies, "bundledDependencies");
|
||||
}
|
||||
|
||||
@@ -244,7 +245,12 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* Adds the license if defined in package.json
|
||||
*/
|
||||
if (packageJson.containsKey("license")) {
|
||||
dependency.setLicense(packageJson.getString("license"));
|
||||
final Object value = packageJson.get("license");
|
||||
if (value instanceof JsonString) {
|
||||
dependency.setLicense(packageJson.getString("license"));
|
||||
} else {
|
||||
dependency.setLicense(packageJson.getJsonObject("license").getString("type"));
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -267,7 +273,24 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
}
|
||||
|
||||
/**
|
||||
* Processes a part of package.json (as defined by JsobObject) and update
|
||||
* Processes a part of package.json (as defined by JsonArray) and update
|
||||
* the specified dependency with relevant info.
|
||||
*
|
||||
* @param dependency the Dependency to update
|
||||
* @param jsonArray the jsonArray to parse
|
||||
* @param depType the dependency type
|
||||
*/
|
||||
private void processPackage(Dependency dependency, JsonArray jsonArray, String depType) {
|
||||
JsonObjectBuilder builder = Json.createObjectBuilder();
|
||||
for (JsonString str : jsonArray.getValuesAs(JsonString.class)) {
|
||||
builder.add(str.toString(), "");
|
||||
}
|
||||
JsonObject jsonObject = builder.build();
|
||||
processPackage(dependency, jsonObject, depType);
|
||||
}
|
||||
|
||||
/**
|
||||
* Processes a part of package.json (as defined by JsonObject) and update
|
||||
* the specified dependency with relevant info.
|
||||
*
|
||||
* @param dependency the Dependency to update
|
||||
|
||||
Reference in New Issue
Block a user