From ac82bf25ec2ea69d653534ea95657a115f2bbcac Mon Sep 17 00:00:00 2001
From: Christian Kemper <christian.kemper@atruvia.de>
Date: Tue, 15 Feb 2022 08:33:53 +0100
Subject: [PATCH] Fixes logpresso/CVE-2021-44228-Scanner#273 Printed versions
 of secure versions - also in given Files Refactoring report creation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

"Copyright © 2021 Atruvia AG <opensource@atruvia.de>"
---
 .../java/com/logpresso/scanner/Detector.java  | 47 +++++++------------
 1 file changed, 18 insertions(+), 29 deletions(-)

diff --git a/src/main/java/com/logpresso/scanner/Detector.java b/src/main/java/com/logpresso/scanner/Detector.java
index 5a82174..21cbc2d 100644
--- a/src/main/java/com/logpresso/scanner/Detector.java
+++ b/src/main/java/com/logpresso/scanner/Detector.java
@@ -605,25 +605,11 @@ public void addErrorReport(File jarFile, String error) {
 		if (errorReports.size() < 100000)
 			errorReports.add(entry);
 
-		// invoke listeners
-		for (LogListener listener : logListeners) {
-			try {
-				listener.onError(entry);
-			} catch (Throwable t) {
-				// listener should not throw any exception
-				if (config.isDebug())
-					t.printStackTrace();
-			}
-		}
+		addReport(jarFile, entry);
 	}
 
 	private void addReport(File jarFile, List<String> pathChain, String product, String version, String cve, boolean mitigated,
 			boolean potential) {
-		List<ReportEntry> entries = fileReports.get(jarFile);
-		if (entries == null) {
-			entries = new ArrayList<ReportEntry>();
-			fileReports.put(jarFile, entries);
-		}
 
 		Status status = Status.VULNERABLE;
 		if (mitigated)
@@ -632,18 +618,7 @@ else if (potential)
 			status = Status.POTENTIALLY_VULNERABLE;
 
 		ReportEntry entry = new ReportEntry(jarFile, StringUtils.toString(pathChain), product, version, cve, status);
-		entries.add(entry);
-
-		// invoke listeners
-		for (LogListener listener : logListeners) {
-			try {
-				listener.onDetect(entry);
-			} catch (Throwable t) {
-				// listener should not throw any exception
-				if (config.isDebug())
-					t.printStackTrace();
-			}
-		}
+		addReport(jarFile, entry);
 	}
 
 	private void reportError(File jarFile, String msg) {
@@ -652,12 +627,26 @@ private void reportError(File jarFile, String msg) {
 	}
 
 	private void addSafeReport(File jarFile, List<String> pathChain, String product, String version) {
+		ReportEntry entry = new ReportEntry(jarFile, StringUtils.toString(pathChain), product, version);
+		addReport(jarFile, entry);
+	}
+
+	private void addReport(File jarFile, ReportEntry reportEntry) {
 		List<ReportEntry> entries = fileReports.get(jarFile);
 		if (entries == null) {
 			entries = new ArrayList<ReportEntry>();
 			fileReports.put(jarFile, entries);
 		}
-		ReportEntry entry = new ReportEntry(jarFile, StringUtils.toString(pathChain), product, version);
-		entries.add(entry);
+		entries.add(reportEntry);
+		// invoke listeners
+		for (LogListener listener : logListeners) {
+			try {
+				listener.onDetect(reportEntry);
+			} catch (Throwable t) {
+				// listener should not throw any exception
+				if (config.isDebug())
+					t.printStackTrace();
+			}
+		}
 	}
 }