github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-23 09:31:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

improved error handling of invalid search strings

Browse Source 
Former-commit-id: 97250e44b27e009b2480d25f8c2ebb7566038086
This commit is contained in:
Jeremy Long
2014-10-25 08:04:33 -04:00
parent 70667814f6
commit 06060a6694
1 changed files with 29 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
View File

@@ -188,7 +188,9 @@ public class CPEAnalyzer implements Analyzer {
if (!vendors.isEmpty() && !products.isEmpty()) { if (!vendors.isEmpty() && !products.isEmpty()) {
final List<IndexEntry> entries = searchCPE(vendors, products, dependency.getProductEvidence().getWeighting(), final List<IndexEntry> entries = searchCPE(vendors, products, dependency.getProductEvidence().getWeighting(),
dependency.getVendorEvidence().getWeighting()); dependency.getVendorEvidence().getWeighting());
if (entries == null) {
continue;
}
boolean identifierAdded = false; boolean identifierAdded = false;
for (IndexEntry e : entries) { for (IndexEntry e : entries) {
if (verifyEntry(e, dependency)) { if (verifyEntry(e, dependency)) {
@@ -250,27 +252,24 @@ public class CPEAnalyzer implements Analyzer {
* @param vendorWeightings a list of strings to use to add weighting factors to the vendor field * @param vendorWeightings a list of strings to use to add weighting factors to the vendor field
* @param productWeightings Adds a list of strings that will be used to add weighting factors to the product search * @param productWeightings Adds a list of strings that will be used to add weighting factors to the product search
* @return a list of possible CPE values * @return a list of possible CPE values
* @throws CorruptIndexException when the Lucene index is corrupt
* @throws IOException when the Lucene index is not found
* @throws ParseException when the generated query is not valid
*/ */
protected List<IndexEntry> searchCPE(String vendor, String product, protected List<IndexEntry> searchCPE(String vendor, String product,
Set<String> vendorWeightings, Set<String> productWeightings) Set<String> vendorWeightings, Set<String> productWeightings) {
throws CorruptIndexException, IOException, ParseException {
final ArrayList<IndexEntry> ret = new ArrayList<IndexEntry>(MAX_QUERY_RESULTS); final ArrayList<IndexEntry> ret = new ArrayList<IndexEntry>(MAX_QUERY_RESULTS);
final String searchString = buildSearch(vendor, product, vendorWeightings, productWeightings); final String searchString = buildSearch(vendor, product, vendorWeightings, productWeightings);
if (searchString == null) { if (searchString == null) {
return ret; return ret;
} }
try {
final TopDocs docs = cpe.search(searchString, MAX_QUERY_RESULTS); final TopDocs docs = cpe.search(searchString, MAX_QUERY_RESULTS);
for (ScoreDoc d : docs.scoreDocs) { for (ScoreDoc d : docs.scoreDocs) {
if (d.score >= 0.08) { if (d.score >= 0.08) {
final Document doc = cpe.getDocument(d.doc); final Document doc = cpe.getDocument(d.doc);
final IndexEntry entry = new IndexEntry(); final IndexEntry entry = new IndexEntry();
entry.setVendor(doc.get(Fields.VENDOR)); entry.setVendor(doc.get(Fields.VENDOR));
entry.setProduct(doc.get(Fields.PRODUCT)); entry.setProduct(doc.get(Fields.PRODUCT));
// if (d.score < 0.08) { // if (d.score < 0.08) {
// System.out.print(entry.getVendor()); // System.out.print(entry.getVendor());
// System.out.print(":"); // System.out.print(":");
@@ -278,13 +277,25 @@ public class CPEAnalyzer implements Analyzer {
// System.out.print(":"); // System.out.print(":");
// System.out.println(d.score); // System.out.println(d.score);
// } // }
entry.setSearchScore(d.score); entry.setSearchScore(d.score);
if (!ret.contains(entry)) { if (!ret.contains(entry)) {
ret.add(entry); ret.add(entry);
}
} }
} }
return ret;
} catch (ParseException ex) {
final String msg = String.format("Unable to parse: %s", searchString);
Logger.getLogger(CPEAnalyzer.class.getName()).log(Level.WARNING,
"An error occured querying the CPE data. See the log for more details.");
Logger.getLogger(CPEAnalyzer.class.getName()).log(Level.INFO, msg, ex);
} catch (IOException ex) {
final String msg = String.format("IO Error with search string: %s", searchString);
Logger.getLogger(CPEAnalyzer.class.getName()).log(Level.WARNING,
"An error occured reading CPE data. See the log for more details.");
Logger.getLogger(CPEAnalyzer.class.getName()).log(Level.INFO, msg, ex);
} }
return ret; return null;
} }
/** /**