From f121430a5d5213dfc522e73889b7a2e5c747c9a4 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Tue, 13 Oct 2015 23:50:41 -0700 Subject: [PATCH 1/4] Simplified getFileExtension by leveraging commons-io. Also cut a line from delete. --- .../org/owasp/dependencycheck/utils/FileUtils.java | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java index 11b0aa3af..9d16cada2 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java @@ -17,6 +17,7 @@ */ package org.owasp.dependencycheck.utils; +import org.apache.commons.io.FilenameUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -58,12 +59,8 @@ public final class FileUtils { * @return the file extension. */ public static String getFileExtension(String fileName) { - String ret = null; - final int pos = fileName.lastIndexOf("."); - if (pos >= 0) { - ret = fileName.substring(pos + 1).toLowerCase(); - } - return ret; + final String fileExt = FilenameUtils.getExtension(fileName); + return null != fileExt ? fileExt.toLowerCase() : null; } /** @@ -73,9 +70,8 @@ public final class FileUtils { * @return true if the file was deleted successfully, otherwise false */ public static boolean delete(File file) { - boolean success = true; - if (!org.apache.commons.io.FileUtils.deleteQuietly(file)) { - success = false; + final boolean success = org.apache.commons.io.FileUtils.deleteQuietly(file); + if (!success) { LOGGER.debug("Failed to delete file: {}; attempting to delete on exit.", file.getPath()); file.deleteOnExit(); } From cd66a9ef61125f84187077cbf691c2b1bd3b12a4 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Tue, 13 Oct 2015 23:59:11 -0700 Subject: [PATCH 2/4] Demonstrating the benefit of commons-io instead of the simpler string dissection. --- .../main/java/org/owasp/dependencycheck/utils/FileUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java index 9d16cada2..84fa670c0 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java @@ -60,7 +60,7 @@ public final class FileUtils { */ public static String getFileExtension(String fileName) { final String fileExt = FilenameUtils.getExtension(fileName); - return null != fileExt ? fileExt.toLowerCase() : null; + return null == fileExt || fileExt.isEmpty() ? null : fileExt.toLowerCase(); } /** From 19a97a1706ffe2b33f8588c1589dc98d771fcdf4 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Tue, 13 Oct 2015 23:59:31 -0700 Subject: [PATCH 3/4] Demonstrating the benefit of commons-io instead of the simpler string dissection. --- .../java/org/owasp/dependencycheck/utils/FileUtilsTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java index 68bb9b7e9..f6fc832b7 100644 --- a/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java +++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java @@ -35,8 +35,8 @@ public class FileUtilsTest extends BaseTest { */ @Test public void testGetFileExtension() { - String[] fileName = {"something-0.9.5.jar", "lib2-1.1.js"}; - String[] expResult = {"jar", "js"}; + String[] fileName = {"something-0.9.5.jar", "lib2-1.1.js", "dir.tmp/noext"}; + String[] expResult = {"jar", "js", null}; for (int i = 0; i < fileName.length; i++) { String result = FileUtils.getFileExtension(fileName[i]); From 7e639db5de6ab0915c39cc35e46e0a0a516e6e4e Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Wed, 14 Oct 2015 00:16:20 -0700 Subject: [PATCH 4/4] Leveraging FilenameUtils rather than string dissection. --- .../owasp/dependencycheck/analyzer/FileNameAnalyzer.java | 9 ++------- .../org/owasp/dependencycheck/analyzer/JarAnalyzer.java | 4 ++-- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java index 645afce07..d21f7b503 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java @@ -18,6 +18,7 @@ package org.owasp.dependencycheck.analyzer; import java.io.File; +import org.apache.commons.io.FilenameUtils; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Confidence; @@ -76,13 +77,7 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer { //strip any path information that may get added by ArchiveAnalyzer, etc. final File f = dependency.getActualFile(); - String fileName = f.getName(); - - //remove file extension - final int pos = fileName.lastIndexOf("."); - if (pos > 0) { - fileName = fileName.substring(0, pos); - } + final String fileName = FilenameUtils.removeExtension(f.getName()); //add version evidence final DependencyVersion version = DependencyVersionUtil.parseVersion(fileName); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 7f806ba0a..92cce15c7 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -42,6 +42,7 @@ import java.util.jar.Manifest; import java.util.regex.Pattern; import java.util.zip.ZipEntry; import org.apache.commons.compress.utils.IOUtils; +import org.apache.commons.io.FilenameUtils; import org.jsoup.Jsoup; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; @@ -269,8 +270,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { } File externalPom = null; if (pomEntries.isEmpty()) { - String pomPath = dependency.getActualFilePath(); - pomPath = pomPath.substring(0, pomPath.lastIndexOf('.')) + ".pom"; + final String pomPath = FilenameUtils.removeExtension(dependency.getActualFilePath()) + ".pom"; externalPom = new File(pomPath); if (externalPom.isFile()) { pomEntries.add(pomPath);