github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed merge conflict

Browse Source 
Former-commit-id: b6832bce2c905ca406d328cbf87d45f1ebb50393
This commit is contained in:
Will Stranathan
2014-03-01 15:07:40 -05:00
parent 865ff7911a 0bec242b2e
commit 05a49ff5db
24 changed files with 114 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
View File

@@ -127,7 +127,7 @@ public class App {
} catch (IOException ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an IO error while attempting to generate the report.");
Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex);
} catch (Exception ex) {
} catch (Throwable ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an error while attempting to generate the report.");
Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex);
}

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -299,13 +299,13 @@ public class Engine {
final String msg = String.format("Initializing %s", a.getName());
Logger.getLogger(Engine.class.getName()).log(Level.FINE, msg);
a.initialize();
} catch (Exception ex) {
} catch (Throwable ex) {
final String msg = String.format("Exception occurred initializing %s.", a.getName());
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, msg);
Logger.getLogger(Engine.class.getName()).log(Level.FINE, null, ex);
try {
a.close();
} catch (Exception ex1) {
} catch (Throwable ex1) {
Logger.getLogger(Engine.class.getName()).log(Level.FINEST, null, ex1);
}
}
@@ -354,7 +354,7 @@ public class Engine {
Logger.getLogger(Engine.class.getName()).log(Level.FINE, msg);
try {
a.close();
} catch (Exception ex) {
} catch (Throwable ex) {
Logger.getLogger(Engine.class.getName()).log(Level.FINEST, null, ex);
}
}

5
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -175,9 +175,10 @@ public class ArchiveAnalyzer extends AbstractAnalyzer implements Analyzer {
public void close() throws Exception {
if (tempFileLocation != null && tempFileLocation.exists()) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, "Attempting to delete temporary files");
boolean success = FileUtils.delete(tempFileLocation);
final boolean success = FileUtils.delete(tempFileLocation);
if (!success) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING, "Failed to delete some temporary files, see the log for more details");
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING,
"Failed to delete some temporary files, see the log for more details");
}
}
}

11
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
View File

@@ -180,14 +180,14 @@ public class AssemblyAnalyzer extends AbstractAnalyzer {
if (fos != null) {
try {
fos.close();
} catch (Exception e) {
} catch (Throwable e) {
LOG.fine("Error closing output stream");
}
}
if (is != null) {
try {
is.close();
} catch (Exception e) {
} catch (Throwable e) {
LOG.fine("Error closing input stream");
}
}
@@ -206,9 +206,10 @@ public class AssemblyAnalyzer extends AbstractAnalyzer {
grokAssemblyExe = null;
throw new AnalysisException("Could not execute .NET AssemblyAnalyzer");
}
} catch (Exception e) {
LOG.warning("An error occured with the .NET AssemblyAnalyzer, please see the log for more details.");
LOG.fine("Could not execute GrokAssembly " + e.getMessage());
} catch (Throwable e) {
LOG.warning("An error occured with the .NET AssemblyAnalyzer; "
+ "this can be ignored unless you are scanning .NET dlls. Please see the log for more details.");
LOG.log(Level.FINE, "Could not execute GrokAssembly {0}", e.getMessage());
throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", e);
}

52
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -25,6 +25,7 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.Reader;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
@@ -393,11 +394,9 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
} finally {
try {
input.close();
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
}
closeStream(bos);
closeStream(fos);
closeStream(input);
}
Model model = null;
FileInputStream fis = null;
@@ -423,17 +422,41 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
throw ex;
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex);
}
}
closeStream(fis);
}
return model;
}
/**
* Silently closes an input stream ignoring errors.
*
* @param stream an input stream to close
*/
private void closeStream(InputStream stream) {
if (stream != null) {
try {
stream.close();
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex);
}
}
}
/**
* Silently closes an output stream ignoring errors.
*
* @param stream an output stream to close
*/
private void closeStream(OutputStream stream) {
if (stream != null) {
try {
stream.close();
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex);
}
}
}
/**
* Retrieves the specified POM from a jar file and converts it to a Model.
*
@@ -938,9 +961,10 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
public void close() {
if (tempFileLocation != null && tempFileLocation.exists()) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, "Attempting to delete temporary files");
boolean success = FileUtils.delete(tempFileLocation);
final boolean success = FileUtils.delete(tempFileLocation);
if (!success) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, "Failed to delete some temporary files, see the log for more details");
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING,
"Failed to delete some temporary files, see the log for more details");
}
}
}

7
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
View File

@@ -17,13 +17,12 @@
*/
package org.owasp.dependencycheck.analyzer;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import java.io.FileInputStream;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nuget.NugetPackage;
import org.owasp.dependencycheck.data.nuget.NuspecParser;
import org.owasp.dependencycheck.data.nuget.XPathNuspecParser;
@@ -128,7 +127,7 @@ public class NuspecAnalyzer extends AbstractAnalyzer {
if (fis != null) {
try {
fis.close();
} catch (Exception e) {
} catch (Throwable e) {
LOGGER.fine("Error closing input stream");
}
}
@@ -143,7 +142,7 @@ public class NuspecAnalyzer extends AbstractAnalyzer {
if (np.getTitle() != null) {
dependency.getProductEvidence().addEvidence("nuspec", "title", np.getTitle(), Confidence.MEDIUM);
}
} catch (Exception e) {
} catch (Throwable e) {
throw new AnalysisException(e);
}
}

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java
View File

@@ -137,7 +137,7 @@ public class NexusSearch {
* Nexus. This is useful upstream for recovery, so we just re-throw it
*/
throw fnfe;
} catch (Exception e) {
} catch (Throwable e) {
// Anything else is jacked-up XML stuff that we really can't recover
// from well
throw new IOException(e.getMessage(), e);
@@ -151,7 +151,7 @@ public class NexusSearch {
*/
public boolean preflightRequest() {
try {
HttpURLConnection conn = URLConnectionFactory.createHttpURLConnection(new URL(rootURL, "status"));
final HttpURLConnection conn = URLConnectionFactory.createHttpURLConnection(new URL(rootURL, "status"));
conn.addRequestProperty("Accept", "application/xml");
conn.connect();
if (conn.getResponseCode() != 200) {
@@ -164,7 +164,7 @@ public class NexusSearch {
LOGGER.warning("Expected root node name of status, got " + doc.getDocumentElement().getNodeName());
return false;
}
} catch (Exception e) {
} catch (Throwable e) {
return false;
}

11
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParser.java
View File

@@ -18,12 +18,10 @@
package org.owasp.dependencycheck.data.nuget;
import java.io.InputStream;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
@@ -33,6 +31,7 @@ import org.w3c.dom.Node;
* @author colezlaw
*/
public class XPathNuspecParser implements NuspecParser {
/**
* Gets the string value of a node or null if it's not present
*
@@ -71,11 +70,11 @@ public class XPathNuspecParser implements NuspecParser {
nuspec.setId(xpath.evaluate("/package/metadata/id", d));
nuspec.setVersion(xpath.evaluate("/package/metadata/version", d));
nuspec.setAuthors(xpath.evaluate("/package/metadata/authors", d));
nuspec.setOwners(getOrNull((Node) xpath.evaluate("/package/metadata/owners", d, XPathConstants.NODE)));
nuspec.setLicenseUrl(getOrNull((Node) xpath.evaluate("/package/metadata/licenseUrl", d, XPathConstants.NODE)));
nuspec.setTitle(getOrNull((Node) xpath.evaluate("/package/metadata/title", d, XPathConstants.NODE)));
nuspec.setOwners(getOrNull((Node) xpath.evaluate("/package/metadata/owners", d, XPathConstants.NODE)));
nuspec.setLicenseUrl(getOrNull((Node) xpath.evaluate("/package/metadata/licenseUrl", d, XPathConstants.NODE)));
nuspec.setTitle(getOrNull((Node) xpath.evaluate("/package/metadata/title", d, XPathConstants.NODE)));
return nuspec;
} catch (Exception e) {
} catch (Throwable e) {
throw new NuspecParseException("Unable to parse nuspec", e);
}
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -300,7 +300,7 @@ public class CveDB {
* @throws DatabaseException thrown when there is an error retrieving the data from the DB
*/
public Set<Pair<String, String>> getVendorProductList() throws DatabaseException {
HashSet data = new HashSet<Pair<String, String>>();
final HashSet data = new HashSet<Pair<String, String>>();
ResultSet rs = null;
PreparedStatement ps = null;
try {

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverShim.java
View File

@@ -116,7 +116,7 @@ class DriverShim implements Driver {
Method m = null;
try {
m = driver.getClass().getMethod("getParentLogger");
} catch (Exception e) {
} catch (Throwable e) {
throw new SQLFeatureNotSupportedException();
}
if (m != null) {

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java
View File

@@ -292,7 +292,7 @@ public class StandardUpdate {
if (cveDB != null) {
try {
cveDB.close();
} catch (Exception ignore) {
} catch (Throwable ignore) {
Logger.getLogger(StandardUpdate.class.getName()).log(Level.FINEST, "Error closing the cveDB", ignore);
}
}

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
View File

@@ -85,13 +85,13 @@ public final class Downloader {
while ((bytesRead = reader.read(buffer)) > 0) {
writer.write(buffer, 0, bytesRead);
}
} catch (Exception ex) {
} catch (Throwable ex) {
throw new DownloadFailedException("Error saving downloaded file.", ex);
} finally {
if (writer != null) {
try {
writer.close();
} catch (Exception ex) {
} catch (Throwable ex) {
Logger.getLogger(Downloader.class.getName()).log(Level.FINEST,
"Error closing the writer in Downloader.", ex);
}
@@ -99,7 +99,7 @@ public final class Downloader {
if (reader != null) {
try {
reader.close();
} catch (Exception ex) {
} catch (Throwable ex) {
Logger.getLogger(Downloader.class.getName()).log(Level.FINEST,
"Error closing the reader in Downloader.", ex);
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/LogUtils.java
View File

@@ -66,7 +66,7 @@ public final class LogUtils {
if (in != null) {
try {
in.close();
} catch (Exception ex) {
} catch (Throwable ex) {
Logger.getLogger(LogUtils.class.getName()).log(Level.FINEST, "Error closing resource stream", ex);
}
}

27
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Pair.java
View File

@@ -20,9 +20,12 @@ package org.owasp.dependencycheck.utils;
/**
* A generic pair of elements.
*
* @param <L> the type for the left element in the pair
* @param <R> the type for the right element in the pair
*
* @author Jeremy Long <jeremy.long@owasp.org>
*/
public class Pair<K, V> {
public class Pair<L, R> {
/**
* Constructs a new empty pair.
@@ -36,52 +39,52 @@ public class Pair<K, V> {
* @param left the value for the left pair
* @param right the value for the right pair
*/
public Pair(K left, V right) {
public Pair(L left, R right) {
this.left = left;
this.right = right;
}
/**
* The left element of the pair.
*/
private K left = null;
private L left = null;
/**
* Get the value of left
* Get the value of left.
*
* @return the value of left
*/
public K getLeft() {
public L getLeft() {
return left;
}
/**
* Set the value of left
* Set the value of left.
*
* @param left new value of left
*/
public void setLeft(K left) {
public void setLeft(L left) {
this.left = left;
}
/**
* The right element of the pair.
*/
private V right = null;
private R right = null;
/**
* Get the value of right
* Get the value of right.
*
* @return the value of right
*/
public V getRight() {
public R getRight() {
return right;
}
/**
* Set the value of right
* Set the value of right.
*
* @param right new value of right
*/
public void setRight(V right) {
public void setRight(R right) {
this.right = right;
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java
View File

@@ -146,7 +146,7 @@ public final class Settings {
*/
public static final String ANALYZER_NEXUS_URL = "analyzer.nexus.url";
/**
* The properties key for using the proxy to reach Nexus
* The properties key for using the proxy to reach Nexus.
*/
public static final String ANALYZER_NEXUS_PROXY = "analyzer.nexus.proxy";
/**

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
View File

@@ -32,7 +32,7 @@ import java.net.URL;
*
* @author Jeremy Long <jeremy.long@owasp.org>
*/
public class URLConnectionFactory {
public final class URLConnectionFactory {
/**
* Private constructor for this factory.

3
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java
View File

@@ -27,6 +27,7 @@ import java.util.logging.Logger;
import org.junit.After;
import org.junit.Assume;
import static org.junit.Assume.assumeFalse;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
@@ -53,7 +54,7 @@ public class AssemblyAnalyzerTest {
* @throws Exception if anything goes sideways
*/
@Before
public void setUp() {
public void setUp() {
try {
analyzer = new AssemblyAnalyzer();
analyzer.initialize();

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java
View File

@@ -73,7 +73,7 @@ public abstract class BaseDBTestCase extends TestCase {
while ((count = zin.read(data, 0, BUFFER_SIZE)) != -1) {
dest.write(data, 0, count);
}
} catch (Exception ex) {
} catch (Throwable ex) {
Logger.getLogger(BaseDBTestCase.class.getName()).log(Level.SEVERE, null, ex);
} finally {
try {

4
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/xml/NvdCve_2_0_HandlerTest.java
View File

@@ -54,7 +54,7 @@ public class NvdCve_2_0_HandlerTest {
@Test
public void testParse() {
Exception results = null;
Throwable results = null;
try {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
@@ -64,7 +64,7 @@ public class NvdCve_2_0_HandlerTest {
NvdCve20Handler instance = new NvdCve20Handler();
saxParser.parse(file, instance);
} catch (Exception ex) {
} catch (Throwable ex) {
results = ex;
}
assertTrue("Exception thrown during parse of 2012 CVE version 2.0?", results == null);

2
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
View File

@@ -340,7 +340,7 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.SEVERE,
"Unexpected exception occurred during analysis; please see the verbose error log for more details.");
Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.FINE, null, ex);
} catch (Exception ex) {
} catch (Throwable ex) {
Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.SEVERE,
"Unexpected exception occurred during analysis; please see the verbose error log for more details.");
Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.FINE, null, ex);

2
pom.xml
View File

@@ -73,7 +73,7 @@ Copyright (c) 2012 - Jeremy Long
<role>developer</role>
</roles>
<properties>
<twitter>@willathome</twitter>
<twitter>@willathome</twitter>
</properties>
</developer>
</developers>

BIN
src/site/resources/images/logos/Button-Built-on-CB-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.3 KiB

BIN
src/site/resources/images/logos/logo_intellij_idea.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.9 KiB

26
src/site/site.xml
View File

@@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
<skin>
<groupId>org.apache.maven.skins</groupId>
<artifactId>maven-fluido-skin</artifactId>
<version>1.3.0</version>
<version>1.3.1</version>
</skin>
<custom>
<fluidoSkin>
@@ -37,6 +37,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
<showUser>true</showUser>
<showFollowers>true</showFollowers>
</twitter>
<googlePlusOne />
</fluidoSkin>
</custom>
<bannerLeft>
@@ -44,6 +45,21 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
</bannerLeft>
<publishDate position="right" />
<version position="right" />
<poweredBy>
<logo name="Maven" href="http://maven.apache.org/"
title="built with maven"
alt="built with maven"
img="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png"/>
<logo name="IntelliJ" href="http://maven.apache.org/"
title="developed using" width="170px"
alt="developed using"
img="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png"/>
<logo name="Cloudbees" href="http://www.cloudbees.com/"
title="built on cloudbees"
alt="built on cloudbees"
img="http://jeremylong.github.io/DependencyCheck/images/logos/Button-Built-on-CB-1.png"/>
</poweredBy>
<body>
<head>
<style type="text/css">
@@ -59,13 +75,13 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
<item name="False Positives" href="./suppression.html">
<description>Suppressing False Positives</description>
</item>
<item name="Project Presentation (pptx)" href="./dependency-check.pptx">
<item name="Project Presentation (pptx)" href="./dependency-check.pptx">
<description>PowerPoint Deck</description>
</item>
<item name="Project Presentation (pdf)" href="./dependency-check.pdf">
<item name="Project Presentation (pdf)" href="./dependency-check.pdf">
<description>PowerPoint Deck</description>
</item>
<item name="Sample Report" href="./SampleReport.html">
<item name="Sample Report" href="./SampleReport.html">
<description>Sample Report</description>
</item>
</menu>
@@ -86,6 +102,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
<description>A Jenkins plugin for dependency-check.</description>
</item>
</menu>
<footer/>
<footer>Copyright © 2012-2014 Jeremy Long. All Rights Reserved.</footer>
</body>
</project>