Describe the bug
I use --zipExtensions "mpk" for checking .js files in the zip archive mpk. This does not always work.
not finding the vulnerability except when the mpk is unzipped first:
widgets\RichText.mpk\RichText\ckeditor\ckeditor.js
scanning and finding the vulnerability in zipped archive (as expected):
widgets\HTMLSnippet.mpk\HTMLSnippet\lib\jquery-3.3.1.js
widgets\HTMLSnippet.mpk\HTMLSnippet\widget\HTMLSnippet2.js
Version of dependency-check used
The problem occurs using version 8.0.1 of the cli tool
Log file
enclosed
mylog.zip
To Reproduce
Steps to reproduce the behavior:
scan a mpk file with --zipExtensions "mpk"
Expected behavior
it should scan the zipped mpk always (not sometimes)
Additional context
I will provide the mpk file (in a zip)
RichText.zip
I did a scan on the zipped files with --zipextensions "mpk" and the same scan on the extracted files. Results:
- It found 184 vulnerabilities in the zipped mpk's with --zipextensions "mpk"
- When scanning the extracted files, the check found 192 vulnerabilities. So, a difference of 8
Describe the bug
I use --zipExtensions "mpk" for checking .js files in the zip archive mpk. This does not always work.
not finding the vulnerability except when the mpk is unzipped first:
widgets\RichText.mpk\RichText\ckeditor\ckeditor.js
scanning and finding the vulnerability in zipped archive (as expected):
widgets\HTMLSnippet.mpk\HTMLSnippet\lib\jquery-3.3.1.js
widgets\HTMLSnippet.mpk\HTMLSnippet\widget\HTMLSnippet2.js
Version of dependency-check used
The problem occurs using version 8.0.1 of the cli tool
Log file
enclosed
mylog.zip
To Reproduce
Steps to reproduce the behavior:
scan a mpk file with --zipExtensions "mpk"
Expected behavior
it should scan the zipped mpk always (not sometimes)
Additional context
I will provide the mpk file (in a zip)
RichText.zip
I did a scan on the zipped files with --zipextensions "mpk" and the same scan on the extracted files. Results: