mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-23 17:41:28 +01:00
Merge branch 'master' of github.com:jeremylong/DependencyCheck
This commit is contained in:
Jeremy Long
@@ -25,10 +25,10 @@ your homebrew installation.
|
|||||||
To scan a folder on the system you can run:
|
To scan a folder on the system you can run:
|
||||||
|
|
||||||
$H$H$H Windows
|
$H$H$H Windows
|
||||||
dependency-check.bat --app "My App Name" --scan "c:\java\application\lib"
|
dependency-check.bat --project "My App Name" --scan "c:\java\application\lib"
|
||||||
|
|
||||||
$H$H$H *nix
|
$H$H$H *nix
|
||||||
dependency-check.sh --app "My App Name" --scan "/java/application/lib"
|
dependency-check.sh --project "My App Name" --scan "/java/application/lib"
|
||||||
|
|
||||||
To view the command line arguments, see the <a href="arguments.html">arguments page</a>, or you can run:
|
To view the command line arguments, see the <a href="arguments.html">arguments page</a>, or you can run:
|
||||||
|
|
||||||
|
|||||||
@@ -17,13 +17,13 @@
|
|||||||
*/
|
*/
|
||||||
package org.owasp.dependencycheck.analyzer;
|
package org.owasp.dependencycheck.analyzer;
|
||||||
|
|
||||||
import java.io.BufferedReader;
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileFilter;
|
import java.io.FileFilter;
|
||||||
import java.io.FileOutputStream;
|
import java.io.FileOutputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.InputStreamReader;
|
import org.apache.commons.io.IOUtils;
|
||||||
|
import org.apache.commons.io.output.NullOutputStream;
|
||||||
import org.owasp.dependencycheck.Engine;
|
import org.owasp.dependencycheck.Engine;
|
||||||
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||||
import org.owasp.dependencycheck.dependency.Confidence;
|
import org.owasp.dependencycheck.dependency.Confidence;
|
||||||
@@ -115,18 +115,15 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
final List<String> args = buildArgumentList();
|
final List<String> args = buildArgumentList();
|
||||||
args.add(dependency.getActualFilePath());
|
args.add(dependency.getActualFilePath());
|
||||||
final ProcessBuilder pb = new ProcessBuilder(args);
|
final ProcessBuilder pb = new ProcessBuilder(args);
|
||||||
BufferedReader rdr = null;
|
|
||||||
Document doc = null;
|
Document doc = null;
|
||||||
try {
|
try {
|
||||||
final Process proc = pb.start();
|
final Process proc = pb.start();
|
||||||
// Try evacuating the error stream
|
// Try evacuating the error stream
|
||||||
rdr = new BufferedReader(new InputStreamReader(proc.getErrorStream(), "UTF-8"));
|
final String errorStream = IOUtils.toString(proc.getErrorStream(), "UTF-8");
|
||||||
String line = null;
|
if (null != errorStream && !errorStream.isEmpty()) {
|
||||||
// CHECKSTYLE:OFF
|
LOGGER.warn("Error from GrokAssembly: {}", errorStream);
|
||||||
while (rdr.ready() && (line = rdr.readLine()) != null) {
|
|
||||||
LOGGER.warn("Error from GrokAssembly: {}", line);
|
|
||||||
}
|
}
|
||||||
// CHECKSTYLE:ON
|
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
doc = builder.parse(proc.getInputStream());
|
doc = builder.parse(proc.getInputStream());
|
||||||
|
|
||||||
@@ -176,14 +173,6 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
} catch (XPathExpressionException xpe) {
|
} catch (XPathExpressionException xpe) {
|
||||||
// This shouldn't happen
|
// This shouldn't happen
|
||||||
throw new AnalysisException(xpe);
|
throw new AnalysisException(xpe);
|
||||||
} finally {
|
|
||||||
if (rdr != null) {
|
|
||||||
try {
|
|
||||||
rdr.close();
|
|
||||||
} catch (IOException ex) {
|
|
||||||
LOGGER.debug("ignore", ex);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -200,11 +189,8 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
try {
|
try {
|
||||||
fos = new FileOutputStream(tempFile);
|
fos = new FileOutputStream(tempFile);
|
||||||
is = AssemblyAnalyzer.class.getClassLoader().getResourceAsStream("GrokAssembly.exe");
|
is = AssemblyAnalyzer.class.getClassLoader().getResourceAsStream("GrokAssembly.exe");
|
||||||
final byte[] buff = new byte[4096];
|
IOUtils.copy(is, fos);
|
||||||
int bread = -1;
|
|
||||||
while ((bread = is.read(buff)) >= 0) {
|
|
||||||
fos.write(buff, 0, bread);
|
|
||||||
}
|
|
||||||
grokAssemblyExe = tempFile;
|
grokAssemblyExe = tempFile;
|
||||||
// Set the temp file to get deleted when we're done
|
// Set the temp file to get deleted when we're done
|
||||||
grokAssemblyExe.deleteOnExit();
|
grokAssemblyExe.deleteOnExit();
|
||||||
@@ -232,17 +218,12 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
|
|
||||||
// Now, need to see if GrokAssembly actually runs from this location.
|
// Now, need to see if GrokAssembly actually runs from this location.
|
||||||
final List<String> args = buildArgumentList();
|
final List<String> args = buildArgumentList();
|
||||||
BufferedReader rdr = null;
|
|
||||||
try {
|
try {
|
||||||
final ProcessBuilder pb = new ProcessBuilder(args);
|
final ProcessBuilder pb = new ProcessBuilder(args);
|
||||||
final Process p = pb.start();
|
final Process p = pb.start();
|
||||||
// Try evacuating the error stream
|
// Try evacuating the error stream
|
||||||
rdr = new BufferedReader(new InputStreamReader(p.getErrorStream(), "UTF-8"));
|
IOUtils.copy(p.getErrorStream(), NullOutputStream.NULL_OUTPUT_STREAM);
|
||||||
// CHECKSTYLE:OFF
|
|
||||||
while (rdr.ready() && rdr.readLine() != null) {
|
|
||||||
// We expect this to complain
|
|
||||||
}
|
|
||||||
// CHECKSTYLE:ON
|
|
||||||
final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream());
|
final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream());
|
||||||
final XPath xpath = XPathFactory.newInstance().newXPath();
|
final XPath xpath = XPathFactory.newInstance().newXPath();
|
||||||
final String error = xpath.evaluate("/assembly/error", doc);
|
final String error = xpath.evaluate("/assembly/error", doc);
|
||||||
@@ -263,14 +244,6 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
this.setEnabled(false);
|
this.setEnabled(false);
|
||||||
throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", e);
|
throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", e);
|
||||||
}
|
}
|
||||||
} finally {
|
|
||||||
if (rdr != null) {
|
|
||||||
try {
|
|
||||||
rdr.close();
|
|
||||||
} catch (IOException ex) {
|
|
||||||
LOGGER.trace("ignore", ex);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
|
builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,11 +17,9 @@
|
|||||||
*/
|
*/
|
||||||
package org.owasp.dependencycheck.data.nvdcve;
|
package org.owasp.dependencycheck.data.nvdcve;
|
||||||
|
|
||||||
import java.io.BufferedReader;
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.InputStreamReader;
|
|
||||||
import java.sql.CallableStatement;
|
import java.sql.CallableStatement;
|
||||||
import java.sql.Connection;
|
import java.sql.Connection;
|
||||||
import java.sql.Driver;
|
import java.sql.Driver;
|
||||||
@@ -30,6 +28,7 @@ import java.sql.ResultSet;
|
|||||||
import java.sql.SQLException;
|
import java.sql.SQLException;
|
||||||
import java.sql.Statement;
|
import java.sql.Statement;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
|
import org.apache.commons.io.IOUtils;
|
||||||
import org.owasp.dependencycheck.utils.DBUtils;
|
import org.owasp.dependencycheck.utils.DBUtils;
|
||||||
import org.owasp.dependencycheck.utils.DependencyVersion;
|
import org.owasp.dependencycheck.utils.DependencyVersion;
|
||||||
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
|
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
|
||||||
@@ -250,22 +249,15 @@ public final class ConnectionFactory {
|
|||||||
*/
|
*/
|
||||||
private static void createTables(Connection conn) throws DatabaseException {
|
private static void createTables(Connection conn) throws DatabaseException {
|
||||||
LOGGER.debug("Creating database structure");
|
LOGGER.debug("Creating database structure");
|
||||||
InputStream is;
|
InputStream is = null;
|
||||||
InputStreamReader reader;
|
|
||||||
BufferedReader in = null;
|
|
||||||
try {
|
try {
|
||||||
is = ConnectionFactory.class.getClassLoader().getResourceAsStream(DB_STRUCTURE_RESOURCE);
|
is = ConnectionFactory.class.getClassLoader().getResourceAsStream(DB_STRUCTURE_RESOURCE);
|
||||||
reader = new InputStreamReader(is, "UTF-8");
|
final String dbStructure = IOUtils.toString(is, "UTF-8");
|
||||||
in = new BufferedReader(reader);
|
|
||||||
final StringBuilder sb = new StringBuilder(2110);
|
|
||||||
String tmp;
|
|
||||||
while ((tmp = in.readLine()) != null) {
|
|
||||||
sb.append(tmp);
|
|
||||||
}
|
|
||||||
Statement statement = null;
|
Statement statement = null;
|
||||||
try {
|
try {
|
||||||
statement = conn.createStatement();
|
statement = conn.createStatement();
|
||||||
statement.execute(sb.toString());
|
statement.execute(dbStructure);
|
||||||
} catch (SQLException ex) {
|
} catch (SQLException ex) {
|
||||||
LOGGER.debug("", ex);
|
LOGGER.debug("", ex);
|
||||||
throw new DatabaseException("Unable to create database statement", ex);
|
throw new DatabaseException("Unable to create database statement", ex);
|
||||||
@@ -275,13 +267,7 @@ public final class ConnectionFactory {
|
|||||||
} catch (IOException ex) {
|
} catch (IOException ex) {
|
||||||
throw new DatabaseException("Unable to create database schema", ex);
|
throw new DatabaseException("Unable to create database schema", ex);
|
||||||
} finally {
|
} finally {
|
||||||
if (in != null) {
|
IOUtils.closeQuietly(is);
|
||||||
try {
|
|
||||||
in.close();
|
|
||||||
} catch (IOException ex) {
|
|
||||||
LOGGER.trace("", ex);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -303,9 +289,7 @@ public final class ConnectionFactory {
|
|||||||
}
|
}
|
||||||
if ("h2".equalsIgnoreCase(databaseProductName)) {
|
if ("h2".equalsIgnoreCase(databaseProductName)) {
|
||||||
LOGGER.debug("Updating database structure");
|
LOGGER.debug("Updating database structure");
|
||||||
InputStream is;
|
InputStream is = null;
|
||||||
InputStreamReader reader;
|
|
||||||
BufferedReader in = null;
|
|
||||||
String updateFile = null;
|
String updateFile = null;
|
||||||
try {
|
try {
|
||||||
updateFile = String.format(DB_STRUCTURE_UPDATE_RESOURCE, schema);
|
updateFile = String.format(DB_STRUCTURE_UPDATE_RESOURCE, schema);
|
||||||
@@ -313,17 +297,12 @@ public final class ConnectionFactory {
|
|||||||
if (is == null) {
|
if (is == null) {
|
||||||
throw new DatabaseException(String.format("Unable to load update file '%s'", updateFile));
|
throw new DatabaseException(String.format("Unable to load update file '%s'", updateFile));
|
||||||
}
|
}
|
||||||
reader = new InputStreamReader(is, "UTF-8");
|
final String dbStructureUpdate = IOUtils.toString(is, "UTF-8");
|
||||||
in = new BufferedReader(reader);
|
|
||||||
final StringBuilder sb = new StringBuilder(is.available());
|
|
||||||
String tmp;
|
|
||||||
while ((tmp = in.readLine()) != null) {
|
|
||||||
sb.append(tmp);
|
|
||||||
}
|
|
||||||
Statement statement = null;
|
Statement statement = null;
|
||||||
try {
|
try {
|
||||||
statement = conn.createStatement();
|
statement = conn.createStatement();
|
||||||
boolean success = statement.execute(sb.toString());
|
boolean success = statement.execute(dbStructureUpdate);
|
||||||
if (!success && statement.getUpdateCount() <= 0) {
|
if (!success && statement.getUpdateCount() <= 0) {
|
||||||
throw new DatabaseException(String.format("Unable to upgrade the database schema to %s", schema));
|
throw new DatabaseException(String.format("Unable to upgrade the database schema to %s", schema));
|
||||||
}
|
}
|
||||||
@@ -337,13 +316,7 @@ public final class ConnectionFactory {
|
|||||||
final String msg = String.format("Upgrade SQL file does not exist: %s", updateFile);
|
final String msg = String.format("Upgrade SQL file does not exist: %s", updateFile);
|
||||||
throw new DatabaseException(msg, ex);
|
throw new DatabaseException(msg, ex);
|
||||||
} finally {
|
} finally {
|
||||||
if (in != null) {
|
IOUtils.closeQuietly(is);
|
||||||
try {
|
|
||||||
in.close();
|
|
||||||
} catch (IOException ex) {
|
|
||||||
LOGGER.trace("", ex);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.", UPGRADE_HELP_URL);
|
LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.", UPGRADE_HELP_URL);
|
||||||
|
|||||||
@@ -308,10 +308,7 @@ public class Model {
|
|||||||
*/
|
*/
|
||||||
public static String interpolateString(String text, Properties properties) {
|
public static String interpolateString(String text, Properties properties) {
|
||||||
final Properties props = properties;
|
final Properties props = properties;
|
||||||
if (text == null) {
|
if (text == null || props == null) {
|
||||||
return text;
|
|
||||||
}
|
|
||||||
if (props == null) {
|
|
||||||
return text;
|
return text;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -319,7 +316,7 @@ public class Model {
|
|||||||
if (pos < 0) {
|
if (pos < 0) {
|
||||||
return text;
|
return text;
|
||||||
}
|
}
|
||||||
final int end = text.indexOf("}");
|
final int end = text.indexOf('}', pos + 2);
|
||||||
if (end < pos) {
|
if (end < pos) {
|
||||||
return text;
|
return text;
|
||||||
}
|
}
|
||||||
@@ -330,10 +327,9 @@ public class Model {
|
|||||||
propValue = "";
|
propValue = "";
|
||||||
}
|
}
|
||||||
final StringBuilder sb = new StringBuilder(propValue.length() + text.length());
|
final StringBuilder sb = new StringBuilder(propValue.length() + text.length());
|
||||||
sb.append(text.subSequence(0, pos));
|
sb.append(text.subSequence(0, pos))
|
||||||
sb.append(propValue);
|
.append(propValue)
|
||||||
sb.append(text.substring(end + 1));
|
.append(text.substring(end + 1));
|
||||||
return interpolateString(sb.toString(), props); //yes yes, this should be a loop...
|
return interpolateString(sb.toString(), props); //yes yes, this should be a loop...
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user