github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

updates for issue #991

Browse Source
This commit is contained in:
Jeremy Long
2017-11-26 10:13:32 -05:00
parent eb023c0c99
commit f51edf52e7
4 changed files with 23 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java
View File

@@ -123,7 +123,7 @@ public class EscapeTool {
*/
public String csv(String text) {
if (text == null || text.isEmpty()) {
return text;
return "\"\"";
}
return StringEscapeUtils.escapeCsv(text.trim().replace("\n", " "));
}
@@ -137,7 +137,7 @@ public class EscapeTool {
*/
public String csvIdentifiers(Set<Identifier> ids) {
if (ids == null || ids.isEmpty()) {
return "";
return "\"\"";
}
boolean addComma = false;
final StringBuilder sb = new StringBuilder();
@@ -163,7 +163,7 @@ public class EscapeTool {
*/
public String csvCpe(Set<Identifier> ids) {
if (ids == null || ids.isEmpty()) {
return "";
return "\"\"";
}
boolean addComma = false;
final StringBuilder sb = new StringBuilder();
@@ -189,7 +189,7 @@ public class EscapeTool {
*/
public String csvCpeConfidence(Set<Identifier> ids) {
if (ids == null || ids.isEmpty()) {
return "";
return "\"\"";
}
boolean addComma = false;
final StringBuilder sb = new StringBuilder();
@@ -215,12 +215,12 @@ public class EscapeTool {
*/
public String csvGav(Set<Identifier> ids) {
if (ids == null || ids.isEmpty()) {
return "";
return "\"\"";
}
boolean addComma = false;
final StringBuilder sb = new StringBuilder();
for (Identifier id : ids) {
if ("maven".equals(id.getType())) {
if ("maven".equals(id.getType()) || "npm".equals(id.getType())) {
if (addComma) {
sb.append(", ");
} else {
@@ -231,5 +231,4 @@ public class EscapeTool {
}
return StringEscapeUtils.escapeCsv(sb.toString());
}
}

2
dependency-check-core/src/main/resources/templates/csvReport.vsl
View File

@@ -17,7 +17,7 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
@author Jeremy Long <jeremy.long@owasp.org>
@version 1 *###
"Project","ScanDate","DependencyName","DependencyPath","Description","License","Md5","Sha1","Identifiers","CPE","CVE","CWE","Vulnerability","Source","Severity","CVSSv2","GAV","CPE Confidence","Evidence Count"
"Project","ScanDate","DependencyName","DependencyPath","Description","License","Md5","Sha1","Identifiers","CPE","CVE","CWE","Vulnerability","Source","Severity","CVSSv2","Build Coordinates","CPE Confidence","Evidence Count"
#macro(writeSev $score)#if($score<4.0)"Low"#elseif($score>=7.0)"High"#else"Medium"#end#end
#foreach($dependency in $dependencies)#if($dependency.getVulnerabilities().size()>0)
#foreach($vuln in $dependency.getVulnerabilities(true))

13
dependency-check-core/src/main/resources/templates/jsonReport.vsl
View File

@@ -41,22 +41,15 @@
"identifiers": [
#set($loopCount=0)
#foreach($id in $related.getIdentifiers())
#if ($id.type=="maven")
#if ($id.type=="maven" || $id.type=="npm")
#set($loopCount=$loopCount+1)
#if($loopCount>1),#end
{
"type": "$enc.json($id.type)",
"name": "$id.value"
"id": "$id.value"
#if ($id.url),"url": "$enc.json($id.url)"#end
#if ($id.notes),"notes": "$enc.json($id.notes)"#end
}
#end
#if ($id.type=="npm")
#set($loopCount=$loopCount+1)
#if($loopCount>1),#end
{
"id":"$enc.json($id.value)"
,"description":"$enc.json($id.description)"
#if ($id.description),"description":"$enc.json($id.description)"#end
}
#end
#end

26
dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/EscapeToolTest.java
View File

@@ -131,7 +131,7 @@ public class EscapeToolTest {
assertEquals(expResult, result);
text = "";
expResult = "";
expResult = "\"\"";
result = instance.csv(text);
assertEquals(expResult, result);
@@ -148,18 +148,18 @@ public class EscapeToolTest {
public void testCsvIdentifiers() {
EscapeTool instance = new EscapeTool();
Set<Identifier> ids = null;
String expResult = "";
String expResult = "\"\"";
String result = instance.csvIdentifiers(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
expResult = "";
expResult = "\"\"";
result = instance.csvIdentifiers(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
ids.add(new Identifier("cpe", "cpe:/a:somegroup:something:1.0", ""));
expResult = "";
expResult = "\"\"";
result = instance.csvIdentifiers(ids);
assertEquals(expResult, result);
@@ -193,18 +193,18 @@ public class EscapeToolTest {
public void testCsvCpe() {
EscapeTool instance = new EscapeTool();
Set<Identifier> ids = null;
String expResult = "";
String expResult = "\"\"";
String result = instance.csvCpe(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
expResult = "";
expResult = "\"\"";
result = instance.csvCpe(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
ids.add(new Identifier("gav", "somegroup:something:1.0", ""));
expResult = "";
expResult = "\"\"";
result = instance.csvCpe(ids);
assertEquals(expResult, result);
@@ -238,18 +238,18 @@ public class EscapeToolTest {
public void testCsvCpeConfidence() {
EscapeTool instance = new EscapeTool();
Set<Identifier> ids = null;
String expResult = "";
String expResult = "\"\"";
String result = instance.csvCpeConfidence(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
expResult = "";
expResult = "\"\"";
result = instance.csvCpeConfidence(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
ids.add(new Identifier("gav", "somegroup:something:1.0", ""));
expResult = "";
expResult = "\"\"";
result = instance.csvCpeConfidence(ids);
assertEquals(expResult, result);
@@ -285,18 +285,18 @@ public class EscapeToolTest {
public void testCsvGav() {
EscapeTool instance = new EscapeTool();
Set<Identifier> ids = null;
String expResult = "";
String expResult = "\"\"";
String result = instance.csvGav(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
expResult = "";
expResult = "\"\"";
result = instance.csvGav(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
ids.add(new Identifier("cpe", "somegroup:something:1.0", ""));
expResult = "";
expResult = "\"\"";
result = instance.csvGav(ids);
assertEquals(expResult, result);