mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-20 08:14:44 +01:00
added additional verbose logging capabilities
Former-commit-id: 8ea1b36130c5dbc86641768de929e1b0f3e928c6
This commit is contained in:
Jeremy Long
@@ -23,12 +23,15 @@ import java.util.HashSet;
|
|||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
import java.util.ListIterator;
|
import java.util.ListIterator;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
import java.util.logging.Level;
|
||||||
|
import java.util.logging.Logger;
|
||||||
import java.util.regex.Matcher;
|
import java.util.regex.Matcher;
|
||||||
import java.util.regex.Pattern;
|
import java.util.regex.Pattern;
|
||||||
import org.owasp.dependencycheck.Engine;
|
import org.owasp.dependencycheck.Engine;
|
||||||
import org.owasp.dependencycheck.dependency.Dependency;
|
import org.owasp.dependencycheck.dependency.Dependency;
|
||||||
import org.owasp.dependencycheck.utils.DependencyVersion;
|
import org.owasp.dependencycheck.utils.DependencyVersion;
|
||||||
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
|
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
|
||||||
|
import org.owasp.dependencycheck.utils.LogUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>This analyzer ensures dependencies that should be grouped together, to
|
* <p>This analyzer ensures dependencies that should be grouped together, to
|
||||||
@@ -144,16 +147,14 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
|||||||
}
|
}
|
||||||
dependenciesToRemove.add(nextDependency);
|
dependenciesToRemove.add(nextDependency);
|
||||||
} else {
|
} else {
|
||||||
if (isCore(nextDependency, dependency)) {
|
nextDependency.addRelatedDependency(dependency);
|
||||||
nextDependency.addRelatedDependency(dependency);
|
//move any "related dependencies" to the new "parent" dependency
|
||||||
//move any "related dependencies" to the new "parent" dependency
|
final Iterator<Dependency> i = dependency.getRelatedDependencies().iterator();
|
||||||
final Iterator<Dependency> i = dependency.getRelatedDependencies().iterator();
|
while (i.hasNext()) {
|
||||||
while (i.hasNext()) {
|
nextDependency.addRelatedDependency(i.next());
|
||||||
nextDependency.addRelatedDependency(i.next());
|
i.remove();
|
||||||
i.remove();
|
|
||||||
}
|
|
||||||
dependenciesToRemove.add(dependency);
|
|
||||||
}
|
}
|
||||||
|
dependenciesToRemove.add(dependency);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -260,8 +261,13 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
|||||||
|| dependency2 == null || dependency2.getIdentifiers() == null) {
|
|| dependency2 == null || dependency2.getIdentifiers() == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return dependency1.getIdentifiers().size() > 0
|
final boolean matches = dependency1.getIdentifiers().size() > 0
|
||||||
&& dependency2.getIdentifiers().equals(dependency1.getIdentifiers());
|
&& dependency2.getIdentifiers().equals(dependency1.getIdentifiers());
|
||||||
|
if (LogUtils.isVerboseLoggingEnabled()) {
|
||||||
|
final String msg = String.format("IdentifiersMatch=%s (%s, %s)", matches, dependency1.getFileName(), dependency2.getFileName());
|
||||||
|
Logger.getLogger(DependencyBundlingAnalyzer.class.getName()).log(Level.FINE, "currentVersion and nextVersion are both null?");
|
||||||
|
}
|
||||||
|
return matches;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -299,10 +305,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
|||||||
* This is likely a very broken attempt at determining if the 'left'
|
* This is likely a very broken attempt at determining if the 'left'
|
||||||
* dependency is the 'core' library in comparison to the 'right' library.
|
* dependency is the 'core' library in comparison to the 'right' library.
|
||||||
*
|
*
|
||||||
* TODO - consider splitting on /\._-\s/ and checking if all of one side is
|
|
||||||
* fully contained in the other With the exception of the word "core". This
|
|
||||||
* might work even on groups when we don't have a CVE.
|
|
||||||
*
|
|
||||||
* @param left the dependency to test
|
* @param left the dependency to test
|
||||||
* @param right the dependency to test against
|
* @param right the dependency to test against
|
||||||
* @return a boolean indicating whether or not the left dependency should be
|
* @return a boolean indicating whether or not the left dependency should be
|
||||||
@@ -311,18 +313,31 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
|||||||
private boolean isCore(Dependency left, Dependency right) {
|
private boolean isCore(Dependency left, Dependency right) {
|
||||||
final String leftName = left.getFileName().toLowerCase();
|
final String leftName = left.getFileName().toLowerCase();
|
||||||
final String rightName = right.getFileName().toLowerCase();
|
final String rightName = right.getFileName().toLowerCase();
|
||||||
|
final boolean returnVal;
|
||||||
if (rightName.contains("core") && !leftName.contains("core")) {
|
if (rightName.contains("core") && !leftName.contains("core")) {
|
||||||
return false;
|
returnVal = false;
|
||||||
} else if (!rightName.contains("core") && leftName.contains("core")) {
|
} else if (!rightName.contains("core") && leftName.contains("core")) {
|
||||||
return true;
|
returnVal = true;
|
||||||
} else {
|
} else {
|
||||||
//TODO should we be splitting the name on [-_(.\d)+] and seeing if the
|
/*
|
||||||
// parts are contained in the other side?
|
* considered splitting the names up and comparing the components,
|
||||||
|
* but decided that the file name length should be sufficient as the
|
||||||
|
* "core" component, if this follows a normal namming protocol should
|
||||||
|
* be shorter:
|
||||||
|
* axis2-saaj-1.4.1.jar
|
||||||
|
* axis2-1.4.1.jar <-----
|
||||||
|
* axis2-kernal-1.4.1.jar
|
||||||
|
*/
|
||||||
if (leftName.length() > rightName.length()) {
|
if (leftName.length() > rightName.length()) {
|
||||||
return false;
|
returnVal = false;
|
||||||
|
} else {
|
||||||
|
returnVal = true;
|
||||||
}
|
}
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
if (LogUtils.isVerboseLoggingEnabled()) {
|
||||||
|
final String msg = String.format("IsCore=%s (%s, %s)", returnVal, left.getFileName(), right.getFileName());
|
||||||
|
Logger.getLogger(DependencyBundlingAnalyzer.class.getName()).log(Level.FINE, "currentVersion and nextVersion are both null?");
|
||||||
|
}
|
||||||
|
return returnVal;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -50,6 +50,7 @@ public final class LogUtils {
|
|||||||
LogManager.getLogManager().reset();
|
LogManager.getLogManager().reset();
|
||||||
LogManager.getLogManager().readConfiguration(in);
|
LogManager.getLogManager().readConfiguration(in);
|
||||||
if (verboseLogFile != null && !verboseLogFile.isEmpty()) {
|
if (verboseLogFile != null && !verboseLogFile.isEmpty()) {
|
||||||
|
verboseLoggingEnabled = true;
|
||||||
final Logger logger = Logger.getLogger("");
|
final Logger logger = Logger.getLogger("");
|
||||||
final FileHandler handler = new FileHandler(verboseLogFile, true);
|
final FileHandler handler = new FileHandler(verboseLogFile, true);
|
||||||
handler.setFormatter(new SimpleFormatter());
|
handler.setFormatter(new SimpleFormatter());
|
||||||
@@ -72,4 +73,17 @@ public final class LogUtils {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
/**
|
||||||
|
* Whether or not verbose logging is enabled.
|
||||||
|
*/
|
||||||
|
private static boolean verboseLoggingEnabled = false;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the value of verboseLoggingEnabled.
|
||||||
|
*
|
||||||
|
* @return the value of verboseLoggingEnabled
|
||||||
|
*/
|
||||||
|
public static boolean isVerboseLoggingEnabled() {
|
||||||
|
return verboseLoggingEnabled;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user