From cbb705c367c69bea677d702779cdec8dc536db77 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sun, 16 Mar 2014 04:13:43 -0400
Subject: [PATCH] updated so that the Filename was properely escaped in
 Javascript so that it shows up correctly in the report to fix issue #91

Former-commit-id: ec161508db21c0a3d1f4f6f4130e5fdc63d9b367
---
 .../dependency/Dependency.java                | 32 ++++++++++++-------
 .../main/resources/templates/HtmlReport.vsl   |  4 +--
 2 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
index 8fbac5d23..05b68be17 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
@@ -106,16 +106,26 @@ public class Dependency implements Comparable<Dependency> {
     /**
      * Returns the file name of the dependency.
      *
-     * @return the file name of the dependency.
+     * @return the file name of the dependency
      */
     public String getFileName() {
         return this.fileName;
     }
 
+    /**
+     * Returns the file name of the dependency with the backslash escaped for use in JavaScript. This is a complete hack
+     * as I could not get the replace to work in the template itself.
+     *
+     * @return the file name of the dependency with the backslash escaped for use in JavaScript
+     */
+    public String getFileNameForJavaScript() {
+        return this.fileName.replace("\\", "\\\\");
+    }
+
     /**
      * Sets the file name of the dependency.
      *
-     * @param fileName the file name of the dependency.
+     * @param fileName the file name of the dependency
      */
     public void setFileName(String fileName) {
         this.fileName = fileName;
@@ -124,7 +134,7 @@ public class Dependency implements Comparable<Dependency> {
     /**
      * Sets the actual file path of the dependency on disk.
      *
-     * @param actualFilePath the file path of the dependency.
+     * @param actualFilePath the file path of the dependency
      */
     public void setActualFilePath(String actualFilePath) {
         this.actualFilePath = actualFilePath;
@@ -137,7 +147,7 @@ public class Dependency implements Comparable<Dependency> {
     /**
      * Gets the file path of the dependency.
      *
-     * @return the file path of the dependency.
+     * @return the file path of the dependency
      */
     public String getActualFilePath() {
         return this.actualFilePath;
@@ -146,7 +156,7 @@ public class Dependency implements Comparable<Dependency> {
     /**
      * Gets a reference to the File object.
      *
-     * @return the File object.
+     * @return the File object
      */
     public File getActualFile() {
         return new File(this.actualFilePath);
@@ -155,7 +165,7 @@ public class Dependency implements Comparable<Dependency> {
     /**
      * Sets the file path of the dependency.
      *
-     * @param filePath the file path of the dependency.
+     * @param filePath the file path of the dependency
      */
     public void setFilePath(String filePath) {
         this.filePath = filePath;
@@ -168,7 +178,7 @@ public class Dependency implements Comparable<Dependency> {
      * <b>NOTE:</b> This may not be the actual path of the file on disk. The actual path of the file on disk can be
      * obtained via the getActualFilePath().</p>
      *
-     * @return the file path of the dependency.
+     * @return the file path of the dependency
      */
     public String getFilePath() {
         return this.filePath;
@@ -177,7 +187,7 @@ public class Dependency implements Comparable<Dependency> {
     /**
      * Sets the file name of the dependency.
      *
-     * @param fileExtension the file name of the dependency.
+     * @param fileExtension the file name of the dependency
      */
     public void setFileExtension(String fileExtension) {
         this.fileExtension = fileExtension;
@@ -186,7 +196,7 @@ public class Dependency implements Comparable<Dependency> {
     /**
      * Gets the file extension of the dependency.
      *
-     * @return the file extension of the dependency.
+     * @return the file extension of the dependency
      */
     public String getFileExtension() {
         return this.fileExtension;
@@ -231,7 +241,7 @@ public class Dependency implements Comparable<Dependency> {
     /**
      * Returns a List of Identifiers.
      *
-     * @return an ArrayList of Identifiers.
+     * @return an ArrayList of Identifiers
      */
     public Set<Identifier> getIdentifiers() {
         return this.identifiers;
@@ -240,7 +250,7 @@ public class Dependency implements Comparable<Dependency> {
     /**
      * Sets a List of Identifiers.
      *
-     * @param identifiers A list of Identifiers.
+     * @param identifiers A list of Identifiers
      */
     public void setIdentifiers(Set<Identifier> identifiers) {
         this.identifiers = identifiers;
diff --git a/dependency-check-core/src/main/resources/templates/HtmlReport.vsl b/dependency-check-core/src/main/resources/templates/HtmlReport.vsl
index c80c7b4e4..13bd18d4d 100644
--- a/dependency-check-core/src/main/resources/templates/HtmlReport.vsl
+++ b/dependency-check-core/src/main/resources/templates/HtmlReport.vsl
@@ -586,7 +586,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                                 #end
                                 #if ($id.type=="cpe")
                                     ##yes, we are HTML Encoding into JavaScript... the escape utils don't have a JS Encode and I haven't written one yet
-                                    &nbsp;&nbsp;<button class="copybutton" onclick="copyText('$esc.html($dependency.FileName)', '$esc.html($dependency.Sha1sum)', 'cpe', '$esc.html($id.value)')">suppress</button>
+                                    &nbsp;&nbsp;<button class="copybutton" onclick="copyText('$esc.html($dependency.FileNameForJavaScript)', '$esc.html($dependency.Sha1sum)', 'cpe', '$esc.html($id.value)')">suppress</button>
                                 #end
                                 #if ($id.description)
                                     <br/>$esc.html($id.description)
@@ -602,7 +602,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                     <div id="content$cnt" class="subsectioncontent standardsubsection">
                         #foreach($vuln in $dependency.getVulnerabilities())
                             #set($vsctr=$vsctr+1)
-                            <p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=$esc.url($vuln.name)">$esc.html($vuln.name)</a></b>&nbsp;&nbsp;<button class="copybutton" onclick="copyText('$esc.html($dependency.FileName)', '$esc.html($dependency.Sha1sum)', 'cve', '$esc.html($vuln.name)')">suppress</button></p>
+                            <p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=$esc.url($vuln.name)">$esc.html($vuln.name)</a></b>&nbsp;&nbsp;<button class="copybutton" onclick="copyText('$esc.html($dependency.FileNameForJavaScript)', '$esc.html($dependency.Sha1sum)', 'cve', '$esc.html($vuln.name)')">suppress</button></p>
                             <p>Severity:
                             #if ($vuln.cvssScore<4.0)
                                 Low