github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 08:39:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

moved string interpolation to Model

Browse Source 
Former-commit-id: 111849899d090f7ca5433fd6c8688e1ba7b80cda
This commit is contained in:
Jeremy Long
2015-05-03 07:22:37 -04:00
parent 2b600290ae
commit 0461a9fc89
1 changed files with 26 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -310,7 +310,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
newDependency.setFileName(displayName); newDependency.setFileName(displayName);
newDependency.setFilePath(displayPath); newDependency.setFilePath(displayPath);
setPomEvidence(newDependency, pom, pomProperties, null); pom.processProperties(pomProperties);
setPomEvidence(newDependency, pom, null);
engine.getDependencies().add(newDependency); engine.getDependencies().add(newDependency);
Collections.sort(engine.getDependencies()); Collections.sort(engine.getDependencies());
} else { } else {
@@ -319,7 +320,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} else { } else {
pom = PomUtils.readPom(externalPom); pom = PomUtils.readPom(externalPom);
} }
foundSomething |= setPomEvidence(dependency, pom, pomProperties, classes); pom.processProperties(pomProperties);
foundSomething |= setPomEvidence(dependency, pom, classes);
} }
} catch (AnalysisException ex) { } catch (AnalysisException ex) {
final String msg = String.format("An error occured while analyzing '%s'.", dependency.getActualFilePath()); final String msg = String.format("An error occured while analyzing '%s'.", dependency.getActualFilePath());
@@ -459,22 +461,21 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* *
* @param dependency the dependency to set data on * @param dependency the dependency to set data on
* @param pom the information from the pom * @param pom the information from the pom
* @param pomProperties the pom properties file (null if none exists)
* @param classes a collection of ClassNameInformation - containing data about the fully qualified class names within the JAR * @param classes a collection of ClassNameInformation - containing data about the fully qualified class names within the JAR
* file being analyzed * file being analyzed
* @return true if there was evidence within the pom that we could use; otherwise false * @return true if there was evidence within the pom that we could use; otherwise false
*/ */
private boolean setPomEvidence(Dependency dependency, Model pom, Properties pomProperties, List<ClassNameInformation> classes) { public static boolean setPomEvidence(Dependency dependency, Model pom, List<ClassNameInformation> classes) {
boolean foundSomething = false; boolean foundSomething = false;
boolean addAsIdentifier = true; boolean addAsIdentifier = true;
if (pom == null) { if (pom == null) {
return foundSomething; return foundSomething;
} }
String groupid = interpolateString(pom.getGroupId(), pomProperties); String groupid = pom.getGroupId();
String parentGroupId = null; String parentGroupId = null;
if (pom.getParentGroupId() != null) { if (pom.getParentGroupId() != null) {
parentGroupId = interpolateString(pom.getParentGroupId(), pomProperties); parentGroupId = pom.getParentGroupId();
if ((groupid == null || groupid.isEmpty()) && parentGroupId != null && !parentGroupId.isEmpty()) { if ((groupid == null || groupid.isEmpty()) && parentGroupId != null && !parentGroupId.isEmpty()) {
groupid = parentGroupId; groupid = parentGroupId;
} }
@@ -497,11 +498,11 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
addAsIdentifier = false; addAsIdentifier = false;
} }
String artifactid = interpolateString(pom.getArtifactId(), pomProperties); String artifactid = pom.getArtifactId();
String parentArtifactId = null; String parentArtifactId = null;
if (pom.getParentArtifactId() != null) { if (pom.getParentArtifactId() != null) {
parentArtifactId = interpolateString(pom.getParentArtifactId(), pomProperties); parentArtifactId = pom.getParentArtifactId();
if ((artifactid == null || artifactid.isEmpty()) && parentArtifactId != null && !parentArtifactId.isEmpty()) { if ((artifactid == null || artifactid.isEmpty()) && parentArtifactId != null && !parentArtifactId.isEmpty()) {
artifactid = parentArtifactId; artifactid = parentArtifactId;
} }
@@ -526,11 +527,11 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
addAsIdentifier = false; addAsIdentifier = false;
} }
//version //version
String version = interpolateString(pom.getVersion(), pomProperties); String version = pom.getVersion();
String parentVersion = null; String parentVersion = null;
if (pom.getParentVersion() != null) { if (pom.getParentVersion() != null) {
parentVersion = interpolateString(pom.getParentVersion(), pomProperties); parentVersion = pom.getParentVersion();
if ((version == null || version.isEmpty()) && parentVersion != null && !parentVersion.isEmpty()) { if ((version == null || version.isEmpty()) && parentVersion != null && !parentVersion.isEmpty()) {
version = parentVersion; version = parentVersion;
} }
@@ -552,16 +553,12 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
// org name // org name
final String org = pom.getOrganization(); final String org = pom.getOrganization();
if (org != null) { if (org != null && !org.isEmpty()) {
foundSomething = true; dependency.getVendorEvidence().addEvidence("pom", "organization name", org, Confidence.HIGH);
final String orgName = interpolateString(org, pomProperties); addMatchingValues(classes, org, dependency.getVendorEvidence());
if (orgName != null && !orgName.isEmpty()) {
dependency.getVendorEvidence().addEvidence("pom", "organization name", orgName, Confidence.HIGH);
addMatchingValues(classes, orgName, dependency.getVendorEvidence());
}
} }
//pom name //pom name
final String pomName = interpolateString(pom.getName(), pomProperties); final String pomName = pom.getName();
if (pomName != null && !pomName.isEmpty()) { if (pomName != null && !pomName.isEmpty()) {
foundSomething = true; foundSomething = true;
dependency.getProductEvidence().addEvidence("pom", "name", pomName, Confidence.HIGH); dependency.getProductEvidence().addEvidence("pom", "name", pomName, Confidence.HIGH);
@@ -571,16 +568,14 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} }
//Description //Description
if (pom.getDescription() != null) { final String description = pom.getDescription();
foundSomething = true;
final String description = interpolateString(pom.getDescription(), pomProperties);
if (description != null && !description.isEmpty()) { if (description != null && !description.isEmpty()) {
foundSomething = true;
final String trimmedDescription = addDescription(dependency, description, "pom", "description"); final String trimmedDescription = addDescription(dependency, description, "pom", "description");
addMatchingValues(classes, trimmedDescription, dependency.getVendorEvidence()); addMatchingValues(classes, trimmedDescription, dependency.getVendorEvidence());
addMatchingValues(classes, trimmedDescription, dependency.getProductEvidence()); addMatchingValues(classes, trimmedDescription, dependency.getProductEvidence());
} }
} extractLicense(pom, dependency);
extractLicense(pom, pomProperties, dependency);
return foundSomething; return foundSomething;
} }
@@ -907,62 +902,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} }
} }
/**
* <p>
* A utility function that will interpolate strings based on values given in the properties file. It will also interpolate the
* strings contained within the properties file so that properties can reference other properties.</p>
* <p>
* <b>Note:</b> if there is no property found the reference will be removed. In other words, if the interpolated string will
* be replaced with an empty string.
* </p>
* <p>
* Example:</p>
* <code>
* Properties p = new Properties();
* p.setProperty("key", "value");
* String s = interpolateString("'${key}' and '${nothing}'", p);
* System.out.println(s);
* </code>
* <p>
* Will result in:</p>
* <code>
* 'value' and ''
* </code>
*
* @param text the string that contains references to properties.
* @param properties a collection of properties that may be referenced within the text.
* @return the interpolated text.
*/
public static String interpolateString(String text, Properties properties) {
final Properties props = properties;
if (text == null) {
return text;
}
if (props == null) {
return text;
}
final int pos = text.indexOf("${");
if (pos < 0) {
return text;
}
final int end = text.indexOf("}");
if (end < pos) {
return text;
}
final String propName = text.substring(pos + 2, end);
String propValue = interpolateString(props.getProperty(propName), props);
if (propValue == null) {
propValue = "";
}
final StringBuilder sb = new StringBuilder(propValue.length() + text.length());
sb.append(text.subSequence(0, pos));
sb.append(propValue);
sb.append(text.substring(end + 1));
return interpolateString(sb.toString(), props); //yes yes, this should be a loop...
}
/** /**
* Determines if the key value pair from the manifest is for an "import" type entry for package names. * Determines if the key value pair from the manifest is for an "import" type entry for package names.
* *
@@ -1070,7 +1009,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @param value the value to check to see if it contains a package name * @param value the value to check to see if it contains a package name
* @param evidence the evidence collection to add new entries too * @param evidence the evidence collection to add new entries too
*/ */
private void addMatchingValues(List<ClassNameInformation> classes, String value, EvidenceCollection evidence) { private static void addMatchingValues(List<ClassNameInformation> classes, String value, EvidenceCollection evidence) {
if (value == null || value.isEmpty() || classes == null || classes.isEmpty()) { if (value == null || value.isEmpty() || classes == null || classes.isEmpty()) {
return; return;
} }
@@ -1102,23 +1041,22 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* Extracts the license information from the pom and adds it to the dependency. * Extracts the license information from the pom and adds it to the dependency.
* *
* @param pom the pom object * @param pom the pom object
* @param pomProperties the properties, used for string interpolation
* @param dependency the dependency to add license information too * @param dependency the dependency to add license information too
*/ */
public static void extractLicense(Model pom, Properties pomProperties, Dependency dependency) { public static void extractLicense(Model pom, Dependency dependency) {
//license //license
if (pom.getLicenses() != null) { if (pom.getLicenses() != null) {
String license = null; String license = null;
for (License lic : pom.getLicenses()) { for (License lic : pom.getLicenses()) {
String tmp = null; String tmp = null;
if (lic.getName() != null) { if (lic.getName() != null) {
tmp = interpolateString(lic.getName(), pomProperties); tmp = lic.getName();
} }
if (lic.getUrl() != null) { if (lic.getUrl() != null) {
if (tmp == null) { if (tmp == null) {
tmp = interpolateString(lic.getUrl(), pomProperties); tmp = lic.getUrl();
} else { } else {
tmp += ": " + interpolateString(lic.getUrl(), pomProperties); tmp += ": " + lic.getUrl();
} }
} }
if (tmp == null) { if (tmp == null) {