github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-22 17:19:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby Bundler: Throw AnalysisException in initialize if can't run bundle-audit.

Browse Source
This commit is contained in:
Dale Visser
2015-09-22 15:07:43 -04:00
parent e57d62b682
commit 0573d0083e
2 changed files with 38 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View File

@@ -97,12 +97,12 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
@Override @Override
public void initializeFileTypeAnalyzer() throws Exception { public void initializeFileTypeAnalyzer() throws Exception {
// Now, need to see if bundle-audit actually runs from this location. // Now, need to see if bundle-audit actually runs from this location.
try {
Process process = launchBundleAudit(Settings.getTempDirectory()); Process process = launchBundleAudit(Settings.getTempDirectory());
int exitValue = process.waitFor(); int exitValue = process.waitFor();
if (0 == exitValue) { if (0 == exitValue) {
LOGGER.warn("Unexpected exit code from bundle-audit process. Disabling %s: %d", ANALYZER_NAME, exitValue); LOGGER.warn("Unexpected exit code from bundle-audit process. Disabling {}: {}", ANALYZER_NAME, exitValue);
setEnabled(false); setEnabled(false);
throw new AnalysisException("Unexpected exit code from bundle-audit process.");
} else { } else {
BufferedReader reader = null; BufferedReader reader = null;
try { try {
@@ -110,11 +110,13 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
if (!reader.ready()) { if (!reader.ready()) {
LOGGER.warn("Bundle-audit error stream unexpectedly not ready. Disabling " + ANALYZER_NAME); LOGGER.warn("Bundle-audit error stream unexpectedly not ready. Disabling " + ANALYZER_NAME);
setEnabled(false); setEnabled(false);
throw new AnalysisException("Bundle-audit error stream unexpectedly not ready.");
} else { } else {
final String line = reader.readLine(); final String line = reader.readLine();
if (!line.contains("Errno::ENOENT")) { if (!line.contains("Errno::ENOENT")) {
LOGGER.warn("Unexpected bundle-audit output. Disabling %s: %s", ANALYZER_NAME, line); LOGGER.warn("Unexpected bundle-audit output. Disabling {}: {}", ANALYZER_NAME, line);
setEnabled(false); setEnabled(false);
throw new AnalysisException("Unexpected bundle-audit output.");
} }
} }
} finally { } finally {
@@ -123,12 +125,6 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
} }
} }
} }
} catch (AnalysisException ae) {
LOGGER.warn("Exception while trying to launch bundle-audit. Disabling " +
ANALYZER_NAME + ". See log file for more details.");
LOGGER.debug("Exception while trying to launch bundle-audit.", ae);
setEnabled(false);
}
if (isEnabled()) { if (isEnabled()) {
LOGGER.info(ANALYZER_NAME + " is enabled. It is necessary to manually run \"bundle-audit update\" " + LOGGER.info(ANALYZER_NAME + " is enabled. It is necessary to manually run \"bundle-audit update\" " +
"occasionally to keep its database up to date."); "occasionally to keep its database up to date.");

10
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java
View File

@@ -18,6 +18,7 @@
package org.owasp.dependencycheck.analyzer; package org.owasp.dependencycheck.analyzer;
import org.junit.After; import org.junit.After;
import org.junit.Assume;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.BaseTest;
@@ -25,6 +26,8 @@ import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException; import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Dependency;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File; import java.io.File;
@@ -39,6 +42,8 @@ import static org.junit.Assert.assertThat;
*/ */
public class RubyBundleAuditAnalyzerTest extends BaseTest { public class RubyBundleAuditAnalyzerTest extends BaseTest {
private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzerTest.class);
/** /**
* The analyzer to test. * The analyzer to test.
*/ */
@@ -51,9 +56,14 @@ public class RubyBundleAuditAnalyzerTest extends BaseTest {
*/ */
@Before @Before
public void setUp() throws Exception { public void setUp() throws Exception {
try {
analyzer = new RubyBundleAuditAnalyzer(); analyzer = new RubyBundleAuditAnalyzer();
analyzer.setFilesMatched(true); analyzer.setFilesMatched(true);
analyzer.initialize(); analyzer.initialize();
} catch (Exception e) {
LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Tests will be incomplete", e);
Assume.assumeNoException("Is bundle-audit installed? TESTS WILL BE INCOMPLETE", e);
}
} }
/** /**