mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 15:53:36 +01:00
Ruby Bundler: Throw AnalysisException in initialize if can't run bundle-audit.
This commit is contained in:
Dale Visser
@@ -97,37 +97,33 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
@Override
|
||||
public void initializeFileTypeAnalyzer() throws Exception {
|
||||
// Now, need to see if bundle-audit actually runs from this location.
|
||||
try {
|
||||
Process process = launchBundleAudit(Settings.getTempDirectory());
|
||||
int exitValue = process.waitFor();
|
||||
if (0 == exitValue) {
|
||||
LOGGER.warn("Unexpected exit code from bundle-audit process. Disabling %s: %d", ANALYZER_NAME, exitValue);
|
||||
setEnabled(false);
|
||||
} else {
|
||||
BufferedReader reader = null;
|
||||
try {
|
||||
reader = new BufferedReader(new InputStreamReader(process.getErrorStream(), "UTF-8"));
|
||||
if (!reader.ready()) {
|
||||
LOGGER.warn("Bundle-audit error stream unexpectedly not ready. Disabling " + ANALYZER_NAME);
|
||||
Process process = launchBundleAudit(Settings.getTempDirectory());
|
||||
int exitValue = process.waitFor();
|
||||
if (0 == exitValue) {
|
||||
LOGGER.warn("Unexpected exit code from bundle-audit process. Disabling {}: {}", ANALYZER_NAME, exitValue);
|
||||
setEnabled(false);
|
||||
throw new AnalysisException("Unexpected exit code from bundle-audit process.");
|
||||
} else {
|
||||
BufferedReader reader = null;
|
||||
try {
|
||||
reader = new BufferedReader(new InputStreamReader(process.getErrorStream(), "UTF-8"));
|
||||
if (!reader.ready()) {
|
||||
LOGGER.warn("Bundle-audit error stream unexpectedly not ready. Disabling " + ANALYZER_NAME);
|
||||
setEnabled(false);
|
||||
throw new AnalysisException("Bundle-audit error stream unexpectedly not ready.");
|
||||
} else {
|
||||
final String line = reader.readLine();
|
||||
if (!line.contains("Errno::ENOENT")) {
|
||||
LOGGER.warn("Unexpected bundle-audit output. Disabling {}: {}", ANALYZER_NAME, line);
|
||||
setEnabled(false);
|
||||
} else {
|
||||
final String line = reader.readLine();
|
||||
if (!line.contains("Errno::ENOENT")) {
|
||||
LOGGER.warn("Unexpected bundle-audit output. Disabling %s: %s", ANALYZER_NAME, line);
|
||||
setEnabled(false);
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
if (null != reader) {
|
||||
reader.close();
|
||||
throw new AnalysisException("Unexpected bundle-audit output.");
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
if (null != reader) {
|
||||
reader.close();
|
||||
}
|
||||
}
|
||||
} catch (AnalysisException ae) {
|
||||
LOGGER.warn("Exception while trying to launch bundle-audit. Disabling " +
|
||||
ANALYZER_NAME + ". See log file for more details.");
|
||||
LOGGER.debug("Exception while trying to launch bundle-audit.", ae);
|
||||
setEnabled(false);
|
||||
}
|
||||
if (isEnabled()) {
|
||||
LOGGER.info(ANALYZER_NAME + " is enabled. It is necessary to manually run \"bundle-audit update\" " +
|
||||
@@ -229,7 +225,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
} else if (nextLine.startsWith(NAME)) {
|
||||
appendToDescription = false;
|
||||
gem = nextLine.substring(NAME.length());
|
||||
if (!map.containsKey(gem)){
|
||||
if (!map.containsKey(gem)) {
|
||||
map.put(gem, createDependencyForGem(engine, parentName, fileName, gem));
|
||||
}
|
||||
dependency = map.get(gem);
|
||||
@@ -240,7 +236,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
setVulnerabilityName(parentName, dependency, vulnerability, nextLine);
|
||||
} else if (nextLine.startsWith(CRITICALITY)) {
|
||||
addCriticalityToVulnerability(parentName, vulnerability, nextLine);
|
||||
} else if (nextLine.startsWith("URL: ")){
|
||||
} else if (nextLine.startsWith("URL: ")) {
|
||||
addReferenceToVulnerability(parentName, vulnerability, nextLine);
|
||||
} else if (nextLine.startsWith("Description:")) {
|
||||
appendToDescription = true;
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Assume;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
@@ -25,6 +26,8 @@ import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import java.io.File;
|
||||
|
||||
@@ -39,6 +42,8 @@ import static org.junit.Assert.assertThat;
|
||||
*/
|
||||
public class RubyBundleAuditAnalyzerTest extends BaseTest {
|
||||
|
||||
private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzerTest.class);
|
||||
|
||||
/**
|
||||
* The analyzer to test.
|
||||
*/
|
||||
@@ -51,9 +56,14 @@ public class RubyBundleAuditAnalyzerTest extends BaseTest {
|
||||
*/
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
analyzer = new RubyBundleAuditAnalyzer();
|
||||
analyzer.setFilesMatched(true);
|
||||
analyzer.initialize();
|
||||
try {
|
||||
analyzer = new RubyBundleAuditAnalyzer();
|
||||
analyzer.setFilesMatched(true);
|
||||
analyzer.initialize();
|
||||
} catch (Exception e) {
|
||||
LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Tests will be incomplete", e);
|
||||
Assume.assumeNoException("Is bundle-audit installed? TESTS WILL BE INCOMPLETE", e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user