fixed incorrect parsing of license information

2026-01-14 07:43:40 +01:00 · 2017-11-27 21:46:33 -05:00
parent 72c121797f
commit c465bc9fc7
1 changed files with 14 additions and 0 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
@@ -281,6 +281,20 @@ public abstract class AbstractNpmAnalyzer extends AbstractFileTypeAnalyzer {
            final Object value = json.get("license");
            if (value instanceof JsonString) {
                dependency.setLicense(json.getString("license"));
+            } else if (value instanceof JsonArray) {
+                final JsonArray array = (JsonArray) value;
+                final StringBuilder sb = new StringBuilder();
+                boolean addComma = false;
+                for (int x = 0; x < array.size(); x++) {
+                    if (!array.isNull(x)) {
+                        if (addComma) {
+                            sb.append(", ");
+                        } else {
+                            addComma = true;
+                        }
+                        sb.append(array.getString(x));
+                    }
+                }
            } else {
                dependency.setLicense(json.getJsonObject("license").getString("type"));
            }