github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-13 23:33:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated so that the Filename was properely escaped in Javascript so that it shows up correctly in the report to fix issue #91

Browse Source 
Former-commit-id: ec161508db21c0a3d1f4f6f4130e5fdc63d9b367
This commit is contained in:
Jeremy Long
2014-03-16 04:13:43 -04:00
parent 44326cd8c1
commit cbb705c367
2 changed files with 23 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View File

@@ -106,16 +106,26 @@ public class Dependency implements Comparable<Dependency> {
/**
* Returns the file name of the dependency.
*
* @return the file name of the dependency.
* @return the file name of the dependency
*/
public String getFileName() {
return this.fileName;
}
/**
* Returns the file name of the dependency with the backslash escaped for use in JavaScript. This is a complete hack
* as I could not get the replace to work in the template itself.
*
* @return the file name of the dependency with the backslash escaped for use in JavaScript
*/
public String getFileNameForJavaScript() {
return this.fileName.replace("\\", "\\\\");
}
/**
* Sets the file name of the dependency.
*
* @param fileName the file name of the dependency.
* @param fileName the file name of the dependency
*/
public void setFileName(String fileName) {
this.fileName = fileName;
@@ -124,7 +134,7 @@ public class Dependency implements Comparable<Dependency> {
/**
* Sets the actual file path of the dependency on disk.
*
* @param actualFilePath the file path of the dependency.
* @param actualFilePath the file path of the dependency
*/
public void setActualFilePath(String actualFilePath) {
this.actualFilePath = actualFilePath;
@@ -137,7 +147,7 @@ public class Dependency implements Comparable<Dependency> {
/**
* Gets the file path of the dependency.
*
* @return the file path of the dependency.
* @return the file path of the dependency
*/
public String getActualFilePath() {
return this.actualFilePath;
@@ -146,7 +156,7 @@ public class Dependency implements Comparable<Dependency> {
/**
* Gets a reference to the File object.
*
* @return the File object.
* @return the File object
*/
public File getActualFile() {
return new File(this.actualFilePath);
@@ -155,7 +165,7 @@ public class Dependency implements Comparable<Dependency> {
/**
* Sets the file path of the dependency.
*
* @param filePath the file path of the dependency.
* @param filePath the file path of the dependency
*/
public void setFilePath(String filePath) {
this.filePath = filePath;
@@ -168,7 +178,7 @@ public class Dependency implements Comparable<Dependency> {
* <b>NOTE:</b> This may not be the actual path of the file on disk. The actual path of the file on disk can be
* obtained via the getActualFilePath().</p>
*
* @return the file path of the dependency.
* @return the file path of the dependency
*/
public String getFilePath() {
return this.filePath;
@@ -177,7 +187,7 @@ public class Dependency implements Comparable<Dependency> {
/**
* Sets the file name of the dependency.
*
* @param fileExtension the file name of the dependency.
* @param fileExtension the file name of the dependency
*/
public void setFileExtension(String fileExtension) {
this.fileExtension = fileExtension;
@@ -186,7 +196,7 @@ public class Dependency implements Comparable<Dependency> {
/**
* Gets the file extension of the dependency.
*
* @return the file extension of the dependency.
* @return the file extension of the dependency
*/
public String getFileExtension() {
return this.fileExtension;
@@ -231,7 +241,7 @@ public class Dependency implements Comparable<Dependency> {
/**
* Returns a List of Identifiers.
*
* @return an ArrayList of Identifiers.
* @return an ArrayList of Identifiers
*/
public Set<Identifier> getIdentifiers() {
return this.identifiers;
@@ -240,7 +250,7 @@ public class Dependency implements Comparable<Dependency> {
/**
* Sets a List of Identifiers.
*
* @param identifiers A list of Identifiers.
* @param identifiers A list of Identifiers
*/
public void setIdentifiers(Set<Identifier> identifiers) {
this.identifiers = identifiers;

4
dependency-check-core/src/main/resources/templates/HtmlReport.vsl
View File

@@ -586,7 +586,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
#end
#if ($id.type=="cpe")
##yes, we are HTML Encoding into JavaScript... the escape utils don't have a JS Encode and I haven't written one yet
&nbsp;&nbsp;<button class="copybutton" onclick="copyText('$esc.html($dependency.FileName)', '$esc.html($dependency.Sha1sum)', 'cpe', '$esc.html($id.value)')">suppress</button>
&nbsp;&nbsp;<button class="copybutton" onclick="copyText('$esc.html($dependency.FileNameForJavaScript)', '$esc.html($dependency.Sha1sum)', 'cpe', '$esc.html($id.value)')">suppress</button>
#end
#if ($id.description)
<br/>$esc.html($id.description)
@@ -602,7 +602,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
<div id="content$cnt" class="subsectioncontent standardsubsection">
#foreach($vuln in $dependency.getVulnerabilities())
#set($vsctr=$vsctr+1)
<p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=$esc.url($vuln.name)">$esc.html($vuln.name)</a></b>&nbsp;&nbsp;<button class="copybutton" onclick="copyText('$esc.html($dependency.FileName)', '$esc.html($dependency.Sha1sum)', 'cve', '$esc.html($vuln.name)')">suppress</button></p>
<p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=$esc.url($vuln.name)">$esc.html($vuln.name)</a></b>&nbsp;&nbsp;<button class="copybutton" onclick="copyText('$esc.html($dependency.FileNameForJavaScript)', '$esc.html($dependency.Sha1sum)', 'cve', '$esc.html($vuln.name)')">suppress</button></p>
<p>Severity:
#if ($vuln.cvssScore<4.0)
Low