mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-28 20:02:16 +01:00
updates for issue #991
This commit is contained in:
Jeremy Long
@@ -123,7 +123,7 @@ public class EscapeTool {
|
|||||||
*/
|
*/
|
||||||
public String csv(String text) {
|
public String csv(String text) {
|
||||||
if (text == null || text.isEmpty()) {
|
if (text == null || text.isEmpty()) {
|
||||||
return text;
|
return "\"\"";
|
||||||
}
|
}
|
||||||
return StringEscapeUtils.escapeCsv(text.trim().replace("\n", " "));
|
return StringEscapeUtils.escapeCsv(text.trim().replace("\n", " "));
|
||||||
}
|
}
|
||||||
@@ -137,7 +137,7 @@ public class EscapeTool {
|
|||||||
*/
|
*/
|
||||||
public String csvIdentifiers(Set<Identifier> ids) {
|
public String csvIdentifiers(Set<Identifier> ids) {
|
||||||
if (ids == null || ids.isEmpty()) {
|
if (ids == null || ids.isEmpty()) {
|
||||||
return "";
|
return "\"\"";
|
||||||
}
|
}
|
||||||
boolean addComma = false;
|
boolean addComma = false;
|
||||||
final StringBuilder sb = new StringBuilder();
|
final StringBuilder sb = new StringBuilder();
|
||||||
@@ -163,7 +163,7 @@ public class EscapeTool {
|
|||||||
*/
|
*/
|
||||||
public String csvCpe(Set<Identifier> ids) {
|
public String csvCpe(Set<Identifier> ids) {
|
||||||
if (ids == null || ids.isEmpty()) {
|
if (ids == null || ids.isEmpty()) {
|
||||||
return "";
|
return "\"\"";
|
||||||
}
|
}
|
||||||
boolean addComma = false;
|
boolean addComma = false;
|
||||||
final StringBuilder sb = new StringBuilder();
|
final StringBuilder sb = new StringBuilder();
|
||||||
@@ -189,7 +189,7 @@ public class EscapeTool {
|
|||||||
*/
|
*/
|
||||||
public String csvCpeConfidence(Set<Identifier> ids) {
|
public String csvCpeConfidence(Set<Identifier> ids) {
|
||||||
if (ids == null || ids.isEmpty()) {
|
if (ids == null || ids.isEmpty()) {
|
||||||
return "";
|
return "\"\"";
|
||||||
}
|
}
|
||||||
boolean addComma = false;
|
boolean addComma = false;
|
||||||
final StringBuilder sb = new StringBuilder();
|
final StringBuilder sb = new StringBuilder();
|
||||||
@@ -215,12 +215,12 @@ public class EscapeTool {
|
|||||||
*/
|
*/
|
||||||
public String csvGav(Set<Identifier> ids) {
|
public String csvGav(Set<Identifier> ids) {
|
||||||
if (ids == null || ids.isEmpty()) {
|
if (ids == null || ids.isEmpty()) {
|
||||||
return "";
|
return "\"\"";
|
||||||
}
|
}
|
||||||
boolean addComma = false;
|
boolean addComma = false;
|
||||||
final StringBuilder sb = new StringBuilder();
|
final StringBuilder sb = new StringBuilder();
|
||||||
for (Identifier id : ids) {
|
for (Identifier id : ids) {
|
||||||
if ("maven".equals(id.getType())) {
|
if ("maven".equals(id.getType()) || "npm".equals(id.getType())) {
|
||||||
if (addComma) {
|
if (addComma) {
|
||||||
sb.append(", ");
|
sb.append(", ");
|
||||||
} else {
|
} else {
|
||||||
@@ -231,5 +231,4 @@ public class EscapeTool {
|
|||||||
}
|
}
|
||||||
return StringEscapeUtils.escapeCsv(sb.toString());
|
return StringEscapeUtils.escapeCsv(sb.toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
|
|||||||
|
|
||||||
@author Jeremy Long <jeremy.long@owasp.org>
|
@author Jeremy Long <jeremy.long@owasp.org>
|
||||||
@version 1 *###
|
@version 1 *###
|
||||||
"Project","ScanDate","DependencyName","DependencyPath","Description","License","Md5","Sha1","Identifiers","CPE","CVE","CWE","Vulnerability","Source","Severity","CVSSv2","GAV","CPE Confidence","Evidence Count"
|
"Project","ScanDate","DependencyName","DependencyPath","Description","License","Md5","Sha1","Identifiers","CPE","CVE","CWE","Vulnerability","Source","Severity","CVSSv2","Build Coordinates","CPE Confidence","Evidence Count"
|
||||||
#macro(writeSev $score)#if($score<4.0)"Low"#elseif($score>=7.0)"High"#else"Medium"#end#end
|
#macro(writeSev $score)#if($score<4.0)"Low"#elseif($score>=7.0)"High"#else"Medium"#end#end
|
||||||
#foreach($dependency in $dependencies)#if($dependency.getVulnerabilities().size()>0)
|
#foreach($dependency in $dependencies)#if($dependency.getVulnerabilities().size()>0)
|
||||||
#foreach($vuln in $dependency.getVulnerabilities(true))
|
#foreach($vuln in $dependency.getVulnerabilities(true))
|
||||||
|
|||||||
@@ -41,22 +41,15 @@
|
|||||||
"identifiers": [
|
"identifiers": [
|
||||||
#set($loopCount=0)
|
#set($loopCount=0)
|
||||||
#foreach($id in $related.getIdentifiers())
|
#foreach($id in $related.getIdentifiers())
|
||||||
#if ($id.type=="maven")
|
#if ($id.type=="maven" || $id.type=="npm")
|
||||||
#set($loopCount=$loopCount+1)
|
#set($loopCount=$loopCount+1)
|
||||||
#if($loopCount>1),#end
|
#if($loopCount>1),#end
|
||||||
{
|
{
|
||||||
"type": "$enc.json($id.type)",
|
"type": "$enc.json($id.type)",
|
||||||
"name": "$id.value"
|
"id": "$id.value"
|
||||||
#if ($id.url),"url": "$enc.json($id.url)"#end
|
#if ($id.url),"url": "$enc.json($id.url)"#end
|
||||||
#if ($id.notes),"notes": "$enc.json($id.notes)"#end
|
#if ($id.notes),"notes": "$enc.json($id.notes)"#end
|
||||||
}
|
#if ($id.description),"description":"$enc.json($id.description)"#end
|
||||||
#end
|
|
||||||
#if ($id.type=="npm")
|
|
||||||
#set($loopCount=$loopCount+1)
|
|
||||||
#if($loopCount>1),#end
|
|
||||||
{
|
|
||||||
"id":"$enc.json($id.value)"
|
|
||||||
,"description":"$enc.json($id.description)"
|
|
||||||
}
|
}
|
||||||
#end
|
#end
|
||||||
#end
|
#end
|
||||||
|
|||||||
@@ -131,7 +131,7 @@ public class EscapeToolTest {
|
|||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
text = "";
|
text = "";
|
||||||
expResult = "";
|
expResult = "\"\"";
|
||||||
result = instance.csv(text);
|
result = instance.csv(text);
|
||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
@@ -148,18 +148,18 @@ public class EscapeToolTest {
|
|||||||
public void testCsvIdentifiers() {
|
public void testCsvIdentifiers() {
|
||||||
EscapeTool instance = new EscapeTool();
|
EscapeTool instance = new EscapeTool();
|
||||||
Set<Identifier> ids = null;
|
Set<Identifier> ids = null;
|
||||||
String expResult = "";
|
String expResult = "\"\"";
|
||||||
String result = instance.csvIdentifiers(ids);
|
String result = instance.csvIdentifiers(ids);
|
||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
ids = new HashSet<>();
|
ids = new HashSet<>();
|
||||||
expResult = "";
|
expResult = "\"\"";
|
||||||
result = instance.csvIdentifiers(ids);
|
result = instance.csvIdentifiers(ids);
|
||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
ids = new HashSet<>();
|
ids = new HashSet<>();
|
||||||
ids.add(new Identifier("cpe", "cpe:/a:somegroup:something:1.0", ""));
|
ids.add(new Identifier("cpe", "cpe:/a:somegroup:something:1.0", ""));
|
||||||
expResult = "";
|
expResult = "\"\"";
|
||||||
result = instance.csvIdentifiers(ids);
|
result = instance.csvIdentifiers(ids);
|
||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
@@ -193,18 +193,18 @@ public class EscapeToolTest {
|
|||||||
public void testCsvCpe() {
|
public void testCsvCpe() {
|
||||||
EscapeTool instance = new EscapeTool();
|
EscapeTool instance = new EscapeTool();
|
||||||
Set<Identifier> ids = null;
|
Set<Identifier> ids = null;
|
||||||
String expResult = "";
|
String expResult = "\"\"";
|
||||||
String result = instance.csvCpe(ids);
|
String result = instance.csvCpe(ids);
|
||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
ids = new HashSet<>();
|
ids = new HashSet<>();
|
||||||
expResult = "";
|
expResult = "\"\"";
|
||||||
result = instance.csvCpe(ids);
|
result = instance.csvCpe(ids);
|
||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
ids = new HashSet<>();
|
ids = new HashSet<>();
|
||||||
ids.add(new Identifier("gav", "somegroup:something:1.0", ""));
|
ids.add(new Identifier("gav", "somegroup:something:1.0", ""));
|
||||||
expResult = "";
|
expResult = "\"\"";
|
||||||
result = instance.csvCpe(ids);
|
result = instance.csvCpe(ids);
|
||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
@@ -238,18 +238,18 @@ public class EscapeToolTest {
|
|||||||
public void testCsvCpeConfidence() {
|
public void testCsvCpeConfidence() {
|
||||||
EscapeTool instance = new EscapeTool();
|
EscapeTool instance = new EscapeTool();
|
||||||
Set<Identifier> ids = null;
|
Set<Identifier> ids = null;
|
||||||
String expResult = "";
|
String expResult = "\"\"";
|
||||||
String result = instance.csvCpeConfidence(ids);
|
String result = instance.csvCpeConfidence(ids);
|
||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
ids = new HashSet<>();
|
ids = new HashSet<>();
|
||||||
expResult = "";
|
expResult = "\"\"";
|
||||||
result = instance.csvCpeConfidence(ids);
|
result = instance.csvCpeConfidence(ids);
|
||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
ids = new HashSet<>();
|
ids = new HashSet<>();
|
||||||
ids.add(new Identifier("gav", "somegroup:something:1.0", ""));
|
ids.add(new Identifier("gav", "somegroup:something:1.0", ""));
|
||||||
expResult = "";
|
expResult = "\"\"";
|
||||||
result = instance.csvCpeConfidence(ids);
|
result = instance.csvCpeConfidence(ids);
|
||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
@@ -285,18 +285,18 @@ public class EscapeToolTest {
|
|||||||
public void testCsvGav() {
|
public void testCsvGav() {
|
||||||
EscapeTool instance = new EscapeTool();
|
EscapeTool instance = new EscapeTool();
|
||||||
Set<Identifier> ids = null;
|
Set<Identifier> ids = null;
|
||||||
String expResult = "";
|
String expResult = "\"\"";
|
||||||
String result = instance.csvGav(ids);
|
String result = instance.csvGav(ids);
|
||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
ids = new HashSet<>();
|
ids = new HashSet<>();
|
||||||
expResult = "";
|
expResult = "\"\"";
|
||||||
result = instance.csvGav(ids);
|
result = instance.csvGav(ids);
|
||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
ids = new HashSet<>();
|
ids = new HashSet<>();
|
||||||
ids.add(new Identifier("cpe", "somegroup:something:1.0", ""));
|
ids.add(new Identifier("cpe", "somegroup:something:1.0", ""));
|
||||||
expResult = "";
|
expResult = "\"\"";
|
||||||
result = instance.csvGav(ids);
|
result = instance.csvGav(ids);
|
||||||
assertEquals(expResult, result);
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user