From a70e6e332391e090b8fb458d1c78d72d4d2af016 Mon Sep 17 00:00:00 2001 From: Nicolas Humblot Date: Sat, 1 Jun 2024 10:49:34 +0200 Subject: [PATCH] fix: #6688 Trim version number when parsin POM --- .../dependencycheck/xml/pom/PomHandler.java | 2 +- .../dependencycheck/xml/pom/PomUtilsTest.java | 11 ++ .../test/resources/pom/pom-with-new-line.xml | 106 ++++++++++++++++++ 3 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 core/src/test/resources/pom/pom-with-new-line.xml diff --git a/core/src/main/java/org/owasp/dependencycheck/xml/pom/PomHandler.java b/core/src/main/java/org/owasp/dependencycheck/xml/pom/PomHandler.java index 32f0b9e2381..6dd415b1a7c 100644 --- a/core/src/main/java/org/owasp/dependencycheck/xml/pom/PomHandler.java +++ b/core/src/main/java/org/owasp/dependencycheck/xml/pom/PomHandler.java @@ -174,7 +174,7 @@ public void endElement(String uri, String localName, String qName) throws SAXExc model.setArtifactId(currentText.toString()); break; case VERSION: - model.setVersion(currentText.toString()); + model.setVersion(currentText.toString().trim()); break; case NAME: model.setName(currentText.toString()); diff --git a/core/src/test/java/org/owasp/dependencycheck/xml/pom/PomUtilsTest.java b/core/src/test/java/org/owasp/dependencycheck/xml/pom/PomUtilsTest.java index 47a8fc48ec2..b47685c23a6 100644 --- a/core/src/test/java/org/owasp/dependencycheck/xml/pom/PomUtilsTest.java +++ b/core/src/test/java/org/owasp/dependencycheck/xml/pom/PomUtilsTest.java @@ -23,6 +23,7 @@ import org.junit.Test; import static org.junit.Assert.*; import org.owasp.dependencycheck.BaseTest; +import org.owasp.dependencycheck.analyzer.exception.AnalysisException; /** * Test the PomUtils object. @@ -69,4 +70,14 @@ public void testReadPom_String_File() throws Exception { assertEquals(expResult, result.getName()); } + @Test + public void testReadPom_should_trim_version() throws AnalysisException { + File input = BaseTest.getResourceAsFile(this, "pom/pom-with-new-line.xml"); + String expectedOutputVersion = "2.2.0"; + + Model output = PomUtils.readPom(input); + + assertEquals(expectedOutputVersion, output.getVersion()); + } + } diff --git a/core/src/test/resources/pom/pom-with-new-line.xml b/core/src/test/resources/pom/pom-with-new-line.xml new file mode 100644 index 00000000000..17e28f66e3c --- /dev/null +++ b/core/src/test/resources/pom/pom-with-new-line.xml @@ -0,0 +1,106 @@ + + + 4.0.0 + Summit AST + Summit - Apex Language Abstract Syntax Tree + https://github.com/google/summit-ast + + + Apache License, Version 2.0 + https://www.apache.org/licenses/LICENSE-2.0.txt + + + + https://github.com/google/summit-ast.git + https://github.com/google/summit-ast.git + 2.2.0 + + https://github.com/google/summit-ast.git + + com.google.summit + summit-ast + 2.2.0 + + + + com.google.guava + listenablefuture + 9999.0-empty-to-avoid-conflict-with-guava + + + com.google.j2objc + j2objc-annotations + 1.3 + + + com.google.code.findbugs + jsr305 + 3.0.2 + + + org.checkerframework + checker-qual + 3.13.0 + + + com.google.errorprone + error_prone_annotations + 2.11.0 + + + com.google.guava + failureaccess + 1.0.1 + + + com.google.guava + guava + 31.1-jre + + + org.checkerframework + checker-compat-qual + 2.5.3 + + + com.google.flogger + flogger + 0.7.4 + + + com.google.flogger + flogger-system-backend + 0.7.4 + + + org.antlr + antlr4-runtime + 4.9.1 + + + io.github.apex-dev-tools + apex-parser + 3.6.0 + + + com.google.code.gson + gson + 2.9.1 + + + javax.annotation + jsr250-api + 1.0 + + + org.danilopianini + gson-extras + 1.0.0 + + + org.apache.commons + commons-lang3 + 3.6 + + +