mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-22 17:19:30 +01:00
Ruby Bundler: Throw AnalysisException in initialize if can't run bundle-audit.
This commit is contained in:
Dale Visser
@@ -97,37 +97,33 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
@Override
|
@Override
|
||||||
public void initializeFileTypeAnalyzer() throws Exception {
|
public void initializeFileTypeAnalyzer() throws Exception {
|
||||||
// Now, need to see if bundle-audit actually runs from this location.
|
// Now, need to see if bundle-audit actually runs from this location.
|
||||||
try {
|
Process process = launchBundleAudit(Settings.getTempDirectory());
|
||||||
Process process = launchBundleAudit(Settings.getTempDirectory());
|
int exitValue = process.waitFor();
|
||||||
int exitValue = process.waitFor();
|
if (0 == exitValue) {
|
||||||
if (0 == exitValue) {
|
LOGGER.warn("Unexpected exit code from bundle-audit process. Disabling {}: {}", ANALYZER_NAME, exitValue);
|
||||||
LOGGER.warn("Unexpected exit code from bundle-audit process. Disabling %s: %d", ANALYZER_NAME, exitValue);
|
setEnabled(false);
|
||||||
setEnabled(false);
|
throw new AnalysisException("Unexpected exit code from bundle-audit process.");
|
||||||
} else {
|
} else {
|
||||||
BufferedReader reader = null;
|
BufferedReader reader = null;
|
||||||
try {
|
try {
|
||||||
reader = new BufferedReader(new InputStreamReader(process.getErrorStream(), "UTF-8"));
|
reader = new BufferedReader(new InputStreamReader(process.getErrorStream(), "UTF-8"));
|
||||||
if (!reader.ready()) {
|
if (!reader.ready()) {
|
||||||
LOGGER.warn("Bundle-audit error stream unexpectedly not ready. Disabling " + ANALYZER_NAME);
|
LOGGER.warn("Bundle-audit error stream unexpectedly not ready. Disabling " + ANALYZER_NAME);
|
||||||
|
setEnabled(false);
|
||||||
|
throw new AnalysisException("Bundle-audit error stream unexpectedly not ready.");
|
||||||
|
} else {
|
||||||
|
final String line = reader.readLine();
|
||||||
|
if (!line.contains("Errno::ENOENT")) {
|
||||||
|
LOGGER.warn("Unexpected bundle-audit output. Disabling {}: {}", ANALYZER_NAME, line);
|
||||||
setEnabled(false);
|
setEnabled(false);
|
||||||
} else {
|
throw new AnalysisException("Unexpected bundle-audit output.");
|
||||||
final String line = reader.readLine();
|
|
||||||
if (!line.contains("Errno::ENOENT")) {
|
|
||||||
LOGGER.warn("Unexpected bundle-audit output. Disabling %s: %s", ANALYZER_NAME, line);
|
|
||||||
setEnabled(false);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} finally {
|
|
||||||
if (null != reader) {
|
|
||||||
reader.close();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} finally {
|
||||||
|
if (null != reader) {
|
||||||
|
reader.close();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} catch (AnalysisException ae) {
|
|
||||||
LOGGER.warn("Exception while trying to launch bundle-audit. Disabling " +
|
|
||||||
ANALYZER_NAME + ". See log file for more details.");
|
|
||||||
LOGGER.debug("Exception while trying to launch bundle-audit.", ae);
|
|
||||||
setEnabled(false);
|
|
||||||
}
|
}
|
||||||
if (isEnabled()) {
|
if (isEnabled()) {
|
||||||
LOGGER.info(ANALYZER_NAME + " is enabled. It is necessary to manually run \"bundle-audit update\" " +
|
LOGGER.info(ANALYZER_NAME + " is enabled. It is necessary to manually run \"bundle-audit update\" " +
|
||||||
@@ -229,7 +225,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
} else if (nextLine.startsWith(NAME)) {
|
} else if (nextLine.startsWith(NAME)) {
|
||||||
appendToDescription = false;
|
appendToDescription = false;
|
||||||
gem = nextLine.substring(NAME.length());
|
gem = nextLine.substring(NAME.length());
|
||||||
if (!map.containsKey(gem)){
|
if (!map.containsKey(gem)) {
|
||||||
map.put(gem, createDependencyForGem(engine, parentName, fileName, gem));
|
map.put(gem, createDependencyForGem(engine, parentName, fileName, gem));
|
||||||
}
|
}
|
||||||
dependency = map.get(gem);
|
dependency = map.get(gem);
|
||||||
@@ -240,7 +236,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
setVulnerabilityName(parentName, dependency, vulnerability, nextLine);
|
setVulnerabilityName(parentName, dependency, vulnerability, nextLine);
|
||||||
} else if (nextLine.startsWith(CRITICALITY)) {
|
} else if (nextLine.startsWith(CRITICALITY)) {
|
||||||
addCriticalityToVulnerability(parentName, vulnerability, nextLine);
|
addCriticalityToVulnerability(parentName, vulnerability, nextLine);
|
||||||
} else if (nextLine.startsWith("URL: ")){
|
} else if (nextLine.startsWith("URL: ")) {
|
||||||
addReferenceToVulnerability(parentName, vulnerability, nextLine);
|
addReferenceToVulnerability(parentName, vulnerability, nextLine);
|
||||||
} else if (nextLine.startsWith("Description:")) {
|
} else if (nextLine.startsWith("Description:")) {
|
||||||
appendToDescription = true;
|
appendToDescription = true;
|
||||||
|
|||||||
@@ -18,6 +18,7 @@
|
|||||||
package org.owasp.dependencycheck.analyzer;
|
package org.owasp.dependencycheck.analyzer;
|
||||||
|
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
|
import org.junit.Assume;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.owasp.dependencycheck.BaseTest;
|
import org.owasp.dependencycheck.BaseTest;
|
||||||
@@ -25,6 +26,8 @@ import org.owasp.dependencycheck.Engine;
|
|||||||
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
||||||
import org.owasp.dependencycheck.dependency.Dependency;
|
import org.owasp.dependencycheck.dependency.Dependency;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
|
|
||||||
@@ -39,6 +42,8 @@ import static org.junit.Assert.assertThat;
|
|||||||
*/
|
*/
|
||||||
public class RubyBundleAuditAnalyzerTest extends BaseTest {
|
public class RubyBundleAuditAnalyzerTest extends BaseTest {
|
||||||
|
|
||||||
|
private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzerTest.class);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The analyzer to test.
|
* The analyzer to test.
|
||||||
*/
|
*/
|
||||||
@@ -51,9 +56,14 @@ public class RubyBundleAuditAnalyzerTest extends BaseTest {
|
|||||||
*/
|
*/
|
||||||
@Before
|
@Before
|
||||||
public void setUp() throws Exception {
|
public void setUp() throws Exception {
|
||||||
analyzer = new RubyBundleAuditAnalyzer();
|
try {
|
||||||
analyzer.setFilesMatched(true);
|
analyzer = new RubyBundleAuditAnalyzer();
|
||||||
analyzer.initialize();
|
analyzer.setFilesMatched(true);
|
||||||
|
analyzer.initialize();
|
||||||
|
} catch (Exception e) {
|
||||||
|
LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Tests will be incomplete", e);
|
||||||
|
Assume.assumeNoException("Is bundle-audit installed? TESTS WILL BE INCOMPLETE", e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user