mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 15:53:36 +01:00
minor bug fixes
Former-commit-id: f79fdb279ef60bebace4061a9df6d9a6e0cf818b
This commit is contained in:
Jeremy Long
@@ -229,10 +229,17 @@ public class JarAnalyzer extends AbstractAnalyzer {
|
||||
}
|
||||
} else if (!entry.isDirectory() && "pom.properties".equals(entryName)) {
|
||||
if (pomProperties == null) {
|
||||
Reader reader = new InputStreamReader(zin, "UTF-8");
|
||||
pomProperties = new Properties();
|
||||
pomProperties.load(reader);
|
||||
zin.closeEntry();
|
||||
Reader reader = null;
|
||||
try {
|
||||
reader = new InputStreamReader(zin, "UTF-8");
|
||||
pomProperties = new Properties();
|
||||
pomProperties.load(reader);
|
||||
}
|
||||
finally {
|
||||
//zin.closeEntry closes the reader
|
||||
//reader.close();
|
||||
zin.closeEntry();
|
||||
}
|
||||
} else {
|
||||
throw new AnalysisException("JAR file contains multiple pom.properties files - unable to process POM");
|
||||
}
|
||||
@@ -327,7 +334,10 @@ public class JarAnalyzer extends AbstractAnalyzer {
|
||||
*/
|
||||
protected void analyzePackageNames(Dependency dependency) throws IOException {
|
||||
|
||||
JarFile jar = new JarFile(dependency.getActualFilePath());
|
||||
JarFile jar = null;
|
||||
try {
|
||||
jar = new JarFile(dependency.getActualFilePath());
|
||||
|
||||
java.util.Enumeration en = jar.entries();
|
||||
|
||||
HashMap<String, Integer> level0 = new HashMap<String, Integer>();
|
||||
@@ -466,6 +476,11 @@ public class JarAnalyzer extends AbstractAnalyzer {
|
||||
}
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
if (jar != null) {
|
||||
jar.close();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -480,81 +495,89 @@ public class JarAnalyzer extends AbstractAnalyzer {
|
||||
* @throws IOException if there is an issue reading the JAR file.
|
||||
*/
|
||||
protected void parseManifest(Dependency dependency) throws IOException {
|
||||
JarFile jar = new JarFile(dependency.getActualFilePath());
|
||||
Manifest manifest = jar.getManifest();
|
||||
if (manifest == null) {
|
||||
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE,
|
||||
"Jar file '{0}' does not contain a manifest.",
|
||||
dependency.getFileName());
|
||||
return;
|
||||
}
|
||||
Attributes atts = manifest.getMainAttributes();
|
||||
JarFile jar = null;
|
||||
try {
|
||||
jar = new JarFile(dependency.getActualFilePath());
|
||||
|
||||
EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
|
||||
EvidenceCollection productEvidence = dependency.getProductEvidence();
|
||||
EvidenceCollection versionEvidence = dependency.getVersionEvidence();
|
||||
Manifest manifest = jar.getManifest();
|
||||
if (manifest == null) {
|
||||
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE,
|
||||
"Jar file '{0}' does not contain a manifest.",
|
||||
dependency.getFileName());
|
||||
return;
|
||||
}
|
||||
Attributes atts = manifest.getMainAttributes();
|
||||
|
||||
String source = "Manifest";
|
||||
EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
|
||||
EvidenceCollection productEvidence = dependency.getProductEvidence();
|
||||
EvidenceCollection versionEvidence = dependency.getVersionEvidence();
|
||||
|
||||
for (Entry<Object, Object> entry : atts.entrySet()) {
|
||||
String key = entry.getKey().toString();
|
||||
String value = atts.getValue(key);
|
||||
if (key.equals(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
|
||||
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
|
||||
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
|
||||
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
|
||||
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) {
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.equals(BUNDLE_DESCRIPTION)) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
dependency.setDescription(value);
|
||||
} else if (key.equals(BUNDLE_NAME)) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.equals(BUNDLE_VENDOR)) {
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
|
||||
} else if (key.equals(BUNDLE_VERSION)) {
|
||||
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
|
||||
} else if (key.equals(Attributes.Name.MAIN_CLASS.toString())) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else {
|
||||
key = key.toLowerCase();
|
||||
String source = "Manifest";
|
||||
|
||||
if (!IGNORE_LIST.contains(key) && !key.endsWith("jdk")
|
||||
&& !key.contains("lastmodified") && !key.endsWith("package")) {
|
||||
for (Entry<Object, Object> entry : atts.entrySet()) {
|
||||
String key = entry.getKey().toString();
|
||||
String value = atts.getValue(key);
|
||||
if (key.equals(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
|
||||
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
|
||||
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
|
||||
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
|
||||
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) {
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.equals(BUNDLE_DESCRIPTION)) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
dependency.setDescription(value);
|
||||
} else if (key.equals(BUNDLE_NAME)) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.equals(BUNDLE_VENDOR)) {
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
|
||||
} else if (key.equals(BUNDLE_VERSION)) {
|
||||
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
|
||||
} else if (key.equals(Attributes.Name.MAIN_CLASS.toString())) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else {
|
||||
key = key.toLowerCase();
|
||||
|
||||
if (key.contains("version")) {
|
||||
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.contains("title")) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.contains("vendor")) {
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.contains("name")) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.contains("license")) {
|
||||
addLicense(dependency, value);
|
||||
} else {
|
||||
if (key.contains("description")) {
|
||||
addDescription(dependency, value);
|
||||
}
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
|
||||
if (value.matches(".*\\d.*")) {
|
||||
StringTokenizer tokenizer = new StringTokenizer(value, " ");
|
||||
while (tokenizer.hasMoreElements()) {
|
||||
String s = tokenizer.nextToken();
|
||||
if (s.matches("^[0-9.]+$")) {
|
||||
versionEvidence.addEvidence(source, key, s, Evidence.Confidence.LOW);
|
||||
}
|
||||
if (!IGNORE_LIST.contains(key) && !key.endsWith("jdk")
|
||||
&& !key.contains("lastmodified") && !key.endsWith("package")) {
|
||||
|
||||
if (key.contains("version")) {
|
||||
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.contains("title")) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.contains("vendor")) {
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.contains("name")) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.contains("license")) {
|
||||
addLicense(dependency, value);
|
||||
} else {
|
||||
if (key.contains("description")) {
|
||||
addDescription(dependency, value);
|
||||
}
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
|
||||
if (value.matches(".*\\d.*")) {
|
||||
StringTokenizer tokenizer = new StringTokenizer(value, " ");
|
||||
while (tokenizer.hasMoreElements()) {
|
||||
String s = tokenizer.nextToken();
|
||||
if (s.matches("^[0-9.]+$")) {
|
||||
versionEvidence.addEvidence(source, key, s, Evidence.Confidence.LOW);
|
||||
}
|
||||
}
|
||||
//versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
|
||||
}
|
||||
//versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
if (jar != null) {
|
||||
jar.close();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -395,7 +395,7 @@ public class IndexUpdater extends Index implements CachedWebDataSource {
|
||||
* @return whether or not the date is within the range.
|
||||
*/
|
||||
private boolean withinRange(long date, long compareTo, int range) {
|
||||
double differenceInDays = (compareTo - date) / 1000 / 60 / 60 / 24;
|
||||
double differenceInDays = (compareTo - date) / 1000.0 / 60.0 / 60.0 / 24.0;
|
||||
return differenceInDays < range;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user