From f51edf52e797903c49b21c7fbfaa2f7eff3ead86 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 26 Nov 2017 10:13:32 -0500 Subject: [PATCH] updates for issue #991 --- .../dependencycheck/reporting/EscapeTool.java | 13 +++++----- .../main/resources/templates/csvReport.vsl | 2 +- .../main/resources/templates/jsonReport.vsl | 13 +++------- .../reporting/EscapeToolTest.java | 26 +++++++++---------- 4 files changed, 23 insertions(+), 31 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java index f2e544be0..612385eb6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java @@ -123,7 +123,7 @@ public class EscapeTool { */ public String csv(String text) { if (text == null || text.isEmpty()) { - return text; + return "\"\""; } return StringEscapeUtils.escapeCsv(text.trim().replace("\n", " ")); } @@ -137,7 +137,7 @@ public class EscapeTool { */ public String csvIdentifiers(Set ids) { if (ids == null || ids.isEmpty()) { - return ""; + return "\"\""; } boolean addComma = false; final StringBuilder sb = new StringBuilder(); @@ -163,7 +163,7 @@ public class EscapeTool { */ public String csvCpe(Set ids) { if (ids == null || ids.isEmpty()) { - return ""; + return "\"\""; } boolean addComma = false; final StringBuilder sb = new StringBuilder(); @@ -189,7 +189,7 @@ public class EscapeTool { */ public String csvCpeConfidence(Set ids) { if (ids == null || ids.isEmpty()) { - return ""; + return "\"\""; } boolean addComma = false; final StringBuilder sb = new StringBuilder(); @@ -215,12 +215,12 @@ public class EscapeTool { */ public String csvGav(Set ids) { if (ids == null || ids.isEmpty()) { - return ""; + return "\"\""; } boolean addComma = false; final StringBuilder sb = new StringBuilder(); for (Identifier id : ids) { - if ("maven".equals(id.getType())) { + if ("maven".equals(id.getType()) || "npm".equals(id.getType())) { if (addComma) { sb.append(", "); } else { @@ -231,5 +231,4 @@ public class EscapeTool { } return StringEscapeUtils.escapeCsv(sb.toString()); } - } diff --git a/dependency-check-core/src/main/resources/templates/csvReport.vsl b/dependency-check-core/src/main/resources/templates/csvReport.vsl index 816384cee..18d71503c 100644 --- a/dependency-check-core/src/main/resources/templates/csvReport.vsl +++ b/dependency-check-core/src/main/resources/templates/csvReport.vsl @@ -17,7 +17,7 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved. @author Jeremy Long @version 1 *### -"Project","ScanDate","DependencyName","DependencyPath","Description","License","Md5","Sha1","Identifiers","CPE","CVE","CWE","Vulnerability","Source","Severity","CVSSv2","GAV","CPE Confidence","Evidence Count" +"Project","ScanDate","DependencyName","DependencyPath","Description","License","Md5","Sha1","Identifiers","CPE","CVE","CWE","Vulnerability","Source","Severity","CVSSv2","Build Coordinates","CPE Confidence","Evidence Count" #macro(writeSev $score)#if($score<4.0)"Low"#elseif($score>=7.0)"High"#else"Medium"#end#end #foreach($dependency in $dependencies)#if($dependency.getVulnerabilities().size()>0) #foreach($vuln in $dependency.getVulnerabilities(true)) diff --git a/dependency-check-core/src/main/resources/templates/jsonReport.vsl b/dependency-check-core/src/main/resources/templates/jsonReport.vsl index decfeaa83..dada8239e 100644 --- a/dependency-check-core/src/main/resources/templates/jsonReport.vsl +++ b/dependency-check-core/src/main/resources/templates/jsonReport.vsl @@ -41,22 +41,15 @@ "identifiers": [ #set($loopCount=0) #foreach($id in $related.getIdentifiers()) - #if ($id.type=="maven") + #if ($id.type=="maven" || $id.type=="npm") #set($loopCount=$loopCount+1) #if($loopCount>1),#end { "type": "$enc.json($id.type)", - "name": "$id.value" + "id": "$id.value" #if ($id.url),"url": "$enc.json($id.url)"#end #if ($id.notes),"notes": "$enc.json($id.notes)"#end - } - #end - #if ($id.type=="npm") - #set($loopCount=$loopCount+1) - #if($loopCount>1),#end - { - "id":"$enc.json($id.value)" - ,"description":"$enc.json($id.description)" + #if ($id.description),"description":"$enc.json($id.description)"#end } #end #end diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/EscapeToolTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/EscapeToolTest.java index 6890d2469..b9b730e5f 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/EscapeToolTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/EscapeToolTest.java @@ -131,7 +131,7 @@ public class EscapeToolTest { assertEquals(expResult, result); text = ""; - expResult = ""; + expResult = "\"\""; result = instance.csv(text); assertEquals(expResult, result); @@ -148,18 +148,18 @@ public class EscapeToolTest { public void testCsvIdentifiers() { EscapeTool instance = new EscapeTool(); Set ids = null; - String expResult = ""; + String expResult = "\"\""; String result = instance.csvIdentifiers(ids); assertEquals(expResult, result); ids = new HashSet<>(); - expResult = ""; + expResult = "\"\""; result = instance.csvIdentifiers(ids); assertEquals(expResult, result); ids = new HashSet<>(); ids.add(new Identifier("cpe", "cpe:/a:somegroup:something:1.0", "")); - expResult = ""; + expResult = "\"\""; result = instance.csvIdentifiers(ids); assertEquals(expResult, result); @@ -193,18 +193,18 @@ public class EscapeToolTest { public void testCsvCpe() { EscapeTool instance = new EscapeTool(); Set ids = null; - String expResult = ""; + String expResult = "\"\""; String result = instance.csvCpe(ids); assertEquals(expResult, result); ids = new HashSet<>(); - expResult = ""; + expResult = "\"\""; result = instance.csvCpe(ids); assertEquals(expResult, result); ids = new HashSet<>(); ids.add(new Identifier("gav", "somegroup:something:1.0", "")); - expResult = ""; + expResult = "\"\""; result = instance.csvCpe(ids); assertEquals(expResult, result); @@ -238,18 +238,18 @@ public class EscapeToolTest { public void testCsvCpeConfidence() { EscapeTool instance = new EscapeTool(); Set ids = null; - String expResult = ""; + String expResult = "\"\""; String result = instance.csvCpeConfidence(ids); assertEquals(expResult, result); ids = new HashSet<>(); - expResult = ""; + expResult = "\"\""; result = instance.csvCpeConfidence(ids); assertEquals(expResult, result); ids = new HashSet<>(); ids.add(new Identifier("gav", "somegroup:something:1.0", "")); - expResult = ""; + expResult = "\"\""; result = instance.csvCpeConfidence(ids); assertEquals(expResult, result); @@ -285,18 +285,18 @@ public class EscapeToolTest { public void testCsvGav() { EscapeTool instance = new EscapeTool(); Set ids = null; - String expResult = ""; + String expResult = "\"\""; String result = instance.csvGav(ids); assertEquals(expResult, result); ids = new HashSet<>(); - expResult = ""; + expResult = "\"\""; result = instance.csvGav(ids); assertEquals(expResult, result); ids = new HashSet<>(); ids.add(new Identifier("cpe", "somegroup:something:1.0", "")); - expResult = ""; + expResult = "\"\""; result = instance.csvGav(ids); assertEquals(expResult, result);