github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-17 23:04:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make fixes to NspAnalyzer to correctly parse package.json files

Browse Source 
* parse `bundledDependencies` and `bundleDependencies' as a JsonArray
* parse `license` as a JsonObject for older libraries that used license objects
This commit is contained in:
Kevin Tham
2017-08-08 11:33:50 -07:00
parent 89c63ac5c9
commit ade69168d0
1 changed files with 27 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
View File

@@ -43,6 +43,7 @@ import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import javax.json.Json; import javax.json.Json;
import javax.json.JsonArray;
import javax.json.JsonException; import javax.json.JsonException;
import javax.json.JsonObject; import javax.json.JsonObject;
import javax.json.JsonObjectBuilder; import javax.json.JsonObjectBuilder;
@@ -232,11 +233,11 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
processPackage(dependency, dependencies, "peerDependencies"); processPackage(dependency, dependencies, "peerDependencies");
} }
if (packageJson.containsKey("bundleDependencies")) { if (packageJson.containsKey("bundleDependencies")) {
final JsonObject dependencies = packageJson.getJsonObject("bundleDependencies"); final JsonArray dependencies = packageJson.getJsonArray("bundleDependencies");
processPackage(dependency, dependencies, "bundleDependencies"); processPackage(dependency, dependencies, "bundleDependencies");
} }
if (packageJson.containsKey("bundledDependencies")) { if (packageJson.containsKey("bundledDependencies")) {
final JsonObject dependencies = packageJson.getJsonObject("bundledDependencies"); final JsonArray dependencies = packageJson.getJsonArray("bundledDependencies");
processPackage(dependency, dependencies, "bundledDependencies"); processPackage(dependency, dependencies, "bundledDependencies");
} }
@@ -244,7 +245,12 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
* Adds the license if defined in package.json * Adds the license if defined in package.json
*/ */
if (packageJson.containsKey("license")) { if (packageJson.containsKey("license")) {
dependency.setLicense(packageJson.getString("license")); final Object value = packageJson.get("license");
if (value instanceof JsonString) {
dependency.setLicense(packageJson.getString("license"));
} else {
dependency.setLicense(packageJson.getJsonObject("license").getString("type"));
}
} }
/* /*
@@ -267,7 +273,24 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
} }
/** /**
* Processes a part of package.json (as defined by JsobObject) and update * Processes a part of package.json (as defined by JsonArray) and update
* the specified dependency with relevant info.
*
* @param dependency the Dependency to update
* @param jsonArray the jsonArray to parse
* @param depType the dependency type
*/
private void processPackage(Dependency dependency, JsonArray jsonArray, String depType) {
JsonObjectBuilder builder = Json.createObjectBuilder();
for (JsonString str : jsonArray.getValuesAs(JsonString.class)) {
builder.add(str.toString(), "");
}
JsonObject jsonObject = builder.build();
processPackage(dependency, jsonObject, depType);
}
/**
* Processes a part of package.json (as defined by JsonObject) and update
* the specified dependency with relevant info. * the specified dependency with relevant info.
* *
* @param dependency the Dependency to update * @param dependency the Dependency to update