github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-13 23:33:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Replaced json iteration with more efficient entrySet. Also corrected an invalid logging statement.

Browse Source
This commit is contained in:
Anthony Whitford
2015-09-07 14:43:34 -07:00
parent 444685bc05
commit df25bbb6d2
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
View File

@@ -32,6 +32,7 @@ import javax.json.*;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.util.Map;
/**
* Used to analyze Node Package Manager (npm) package.json files, and collect information that can be used to determine
@@ -146,20 +147,21 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
private void addToEvidence(JsonObject json, EvidenceCollection collection, String key) {
if (json.containsKey(key)) {
Object value = json.get(key);
JsonValue value = json.get(key);
if (value instanceof JsonString) {
collection.addEvidence(PACKAGE_JSON, key, ((JsonString) value).getString(), Confidence.HIGHEST);
} else if (value instanceof JsonObject) {
final JsonObject jsonObject = (JsonObject) value;
for (String property : jsonObject.keySet()) {
final Object subValue = jsonObject.get(property);
for (final Map.Entry<String, JsonValue> entry : jsonObject.entrySet()) {
final String property = entry.getKey();
final JsonValue subValue = entry.getValue();
if (subValue instanceof JsonString) {
collection.addEvidence(PACKAGE_JSON,
String.format("%s.%s", key, property),
((JsonString) subValue).getString(),
Confidence.HIGHEST);
} else {
LOGGER.warn("JSON sub-value not string as expected: %s");
LOGGER.warn("JSON sub-value not string as expected: %s", subValue);
}
}
} else {