Normalize Ruby analyzers

2026-03-31 14:13:29 +02:00 · 2017-09-21 21:44:49 -04:00
parent 69323bf0a4
commit 1564f11b89
4 changed files with 33 additions and 5 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzer.java
@@ -53,7 +53,10 @@ public class RubyBundlerAnalyzer extends RubyGemspecAnalyzer {
     * The name of the analyzer.
     */
    private static final String ANALYZER_NAME = "Ruby Bundler Analyzer";
-
+    /**
     * The types of files on which this will work.
     */
    static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
    /**
     * Folder name that contains .gemspec files created by "bundle install"
     */
@@ -97,7 +100,7 @@ public class RubyBundlerAnalyzer extends RubyGemspecAnalyzer {
    protected void analyzeDependency(Dependency dependency, Engine engine)
            throws AnalysisException {
        super.analyzeDependency(dependency, engine);
-
+        dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
        //find the corresponding gem folder for this .gemspec stub by "bundle install --deployment"
        final File gemspecFile = dependency.getActualFile();
        final String gemFileName = gemspecFile.getName();
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java
@@ -56,7 +56,10 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
     * The name of the analyzer.
     */
    private static final String ANALYZER_NAME = "Ruby Gemspec Analyzer";
-
+    /**
     * The Dependency's ecosystem.
     */
    static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
    /**
     * The phase that this analyzer is intended to run in.
     */
@@ -132,6 +135,7 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
    @Override
    protected void analyzeDependency(Dependency dependency, Engine engine)
            throws AnalysisException {
    	    dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
        String contents;
        try {
            contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());
@@ -148,6 +152,7 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
            final EvidenceCollection product = dependency.getProductEvidence();
            final String name = addStringEvidence(product, contents, blockVariable, "name", "name", Confidence.HIGHEST);
            if (!name.isEmpty()) {
            		dependency.setName(name);
                vendor.addEvidence(GEMSPEC, "name_project", name + "_project", Confidence.LOW);
            }
            addStringEvidence(product, contents, blockVariable, "summary", "summary", Confidence.LOW);
@@ -162,6 +167,10 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
            if (value.length() < 1) {
                addEvidenceFromVersionFile(dependency.getActualFile(), dependency.getVersionEvidence());
            }
            else
            {
            		dependency.setVersion(value);
            }
        }
        setPackagePath(dependency);
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzerTest.java
@@ -80,6 +80,7 @@ public class RubyBundlerAnalyzerTest extends BaseTest {
    public void testSupportsFiles() {
        assertThat(analyzer.accept(new File("test.gemspec")), is(false));
        assertThat(analyzer.accept(new File("specifications" + File.separator + "test.gemspec")), is(true));
        assertThat(analyzer.accept(new File("gemspec.lock")), is(false));
    }
    /**
@@ -100,7 +101,12 @@ public class RubyBundlerAnalyzerTest extends BaseTest {
        assertThat(vendorString, containsString("https://github.com/petergoldstein/dalli"));
        assertThat(vendorString, containsString("MIT"));
        assertThat(result.getProductEvidence().toString(), containsString("dalli"));
        assertEquals("dalli",result.getName());
        assertThat(result.getProductEvidence().toString(), containsString("High performance memcached client for Ruby"));
        assertThat(result.getVersionEvidence().toString(), containsString("2.7.5"));
        assertEquals("2.7.5",result.getVersion());
        assertEquals(RubyBundlerAnalyzer.DEPENDENCY_ECOSYSTEM, result.getDependencyEcosystem());
        assertEquals("dalli:2.7.5",result.getDisplayFileName());
    }
 }
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java
@@ -79,6 +79,7 @@ public class RubyGemspecAnalyzerTest extends BaseTest {
    @Test
    public void testSupportsFiles() {
        assertThat(analyzer.accept(new File("test.gemspec")), is(true));
        assertThat(analyzer.accept(new File("gemspec.lock")), is(false));
 //        assertThat(analyzer.accept(new File("Rakefile")), is(true));
    }
@@ -93,12 +94,16 @@ public class RubyGemspecAnalyzerTest extends BaseTest {
                "ruby/vulnerable/gems/specifications/rest-client-1.7.2.gemspec"));
        analyzer.analyze(result, null);
        final String vendorString = result.getVendorEvidence().toString();
        assertEquals(RubyGemspecAnalyzer.DEPENDENCY_ECOSYSTEM, result.getDependencyEcosystem());
        assertThat(vendorString, containsString("REST Client Team"));
        assertThat(vendorString, containsString("rest-client_project"));
        assertThat(vendorString, containsString("rest.client@librelist.com"));
        assertThat(vendorString, containsString("https://github.com/rest-client/rest-client"));
        assertThat(result.getProductEvidence().toString(), containsString("rest-client"));
        assertEquals("rest-client",result.getName());
        assertThat(result.getVersionEvidence().toString(), containsString("1.7.2"));
        assertEquals("1.7.2",result.getVersion());
        assertEquals("rest-client:1.7.2",result.getDisplayFileName());
    }
    /**
@@ -106,11 +111,16 @@ public class RubyGemspecAnalyzerTest extends BaseTest {
     *
     * @throws AnalysisException is thrown when an exception occurs.
     */
-    //@Test  TODO: place holder to test Rakefile support
+    //@Test  
    //TODO: place holder to test Rakefile support
    public void testAnalyzeRakefile() throws AnalysisException {
        final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
                "ruby/vulnerable/gems/rails-4.1.15/vendor/bundle/ruby/2.2.0/gems/pg-0.18.4/Rakefile"));
        analyzer.analyze(result, null);
        assertTrue(result.getEvidence().size()>0);
        assertEquals(RubyGemspecAnalyzer.DEPENDENCY_ECOSYSTEM, result.getDependencyEcosystem());
        assertEquals("pg",result.getName());
        assertEquals("0.18.4",result.getVersion());
        assertEquals("pg:0.18.4",result.getDisplayFileName());
    }
 }