github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-19 07:44:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

minor bug fixes

Browse Source 
Former-commit-id: f79fdb279ef60bebace4061a9df6d9a6e0cf818b
This commit is contained in:
Jeremy Long
2012-12-30 09:30:12 -05:00
parent 86416292d6
commit 172558ed8c
2 changed files with 94 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -229,10 +229,17 @@ public class JarAnalyzer extends AbstractAnalyzer {
} }
} else if (!entry.isDirectory() && "pom.properties".equals(entryName)) { } else if (!entry.isDirectory() && "pom.properties".equals(entryName)) {
if (pomProperties == null) { if (pomProperties == null) {
Reader reader = new InputStreamReader(zin, "UTF-8"); Reader reader = null;
pomProperties = new Properties(); try {
pomProperties.load(reader); reader = new InputStreamReader(zin, "UTF-8");
zin.closeEntry(); pomProperties = new Properties();
pomProperties.load(reader);
}
finally {
//zin.closeEntry closes the reader
//reader.close();
zin.closeEntry();
}
} else { } else {
throw new AnalysisException("JAR file contains multiple pom.properties files - unable to process POM"); throw new AnalysisException("JAR file contains multiple pom.properties files - unable to process POM");
} }
@@ -327,7 +334,10 @@ public class JarAnalyzer extends AbstractAnalyzer {
*/ */
protected void analyzePackageNames(Dependency dependency) throws IOException { protected void analyzePackageNames(Dependency dependency) throws IOException {
JarFile jar = new JarFile(dependency.getActualFilePath()); JarFile jar = null;
try {
jar = new JarFile(dependency.getActualFilePath());
java.util.Enumeration en = jar.entries(); java.util.Enumeration en = jar.entries();
HashMap<String, Integer> level0 = new HashMap<String, Integer>(); HashMap<String, Integer> level0 = new HashMap<String, Integer>();
@@ -466,6 +476,11 @@ public class JarAnalyzer extends AbstractAnalyzer {
} }
} }
} }
} finally {
if (jar != null) {
jar.close();
}
}
} }
/** /**
@@ -480,81 +495,89 @@ public class JarAnalyzer extends AbstractAnalyzer {
* @throws IOException if there is an issue reading the JAR file. * @throws IOException if there is an issue reading the JAR file.
*/ */
protected void parseManifest(Dependency dependency) throws IOException { protected void parseManifest(Dependency dependency) throws IOException {
JarFile jar = new JarFile(dependency.getActualFilePath()); JarFile jar = null;
Manifest manifest = jar.getManifest(); try {
if (manifest == null) { jar = new JarFile(dependency.getActualFilePath());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE,
"Jar file '{0}' does not contain a manifest.",
dependency.getFileName());
return;
}
Attributes atts = manifest.getMainAttributes();
EvidenceCollection vendorEvidence = dependency.getVendorEvidence(); Manifest manifest = jar.getManifest();
EvidenceCollection productEvidence = dependency.getProductEvidence(); if (manifest == null) {
EvidenceCollection versionEvidence = dependency.getVersionEvidence(); Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE,
"Jar file '{0}' does not contain a manifest.",
dependency.getFileName());
return;
}
Attributes atts = manifest.getMainAttributes();
String source = "Manifest"; EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
EvidenceCollection productEvidence = dependency.getProductEvidence();
EvidenceCollection versionEvidence = dependency.getVersionEvidence();
for (Entry<Object, Object> entry : atts.entrySet()) { String source = "Manifest";
String key = entry.getKey().toString();
String value = atts.getValue(key);
if (key.equals(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_DESCRIPTION)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
dependency.setDescription(value);
} else if (key.equals(BUNDLE_NAME)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_VENDOR)) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(BUNDLE_VERSION)) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.MAIN_CLASS.toString())) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else {
key = key.toLowerCase();
if (!IGNORE_LIST.contains(key) && !key.endsWith("jdk") for (Entry<Object, Object> entry : atts.entrySet()) {
&& !key.contains("lastmodified") && !key.endsWith("package")) { String key = entry.getKey().toString();
String value = atts.getValue(key);
if (key.equals(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_DESCRIPTION)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
dependency.setDescription(value);
} else if (key.equals(BUNDLE_NAME)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_VENDOR)) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(BUNDLE_VERSION)) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.MAIN_CLASS.toString())) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else {
key = key.toLowerCase();
if (key.contains("version")) { if (!IGNORE_LIST.contains(key) && !key.endsWith("jdk")
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); && !key.contains("lastmodified") && !key.endsWith("package")) {
} else if (key.contains("title")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); if (key.contains("version")) {
} else if (key.contains("vendor")) { versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); } else if (key.contains("title")) {
} else if (key.contains("name")) { productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); } else if (key.contains("vendor")) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("license")) { } else if (key.contains("name")) {
addLicense(dependency, value); productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else { vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
if (key.contains("description")) { } else if (key.contains("license")) {
addDescription(dependency, value); addLicense(dependency, value);
} } else {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW); if (key.contains("description")) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW); addDescription(dependency, value);
if (value.matches(".*\\d.*")) { }
StringTokenizer tokenizer = new StringTokenizer(value, " "); productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
while (tokenizer.hasMoreElements()) { vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
String s = tokenizer.nextToken(); if (value.matches(".*\\d.*")) {
if (s.matches("^[0-9.]+$")) { StringTokenizer tokenizer = new StringTokenizer(value, " ");
versionEvidence.addEvidence(source, key, s, Evidence.Confidence.LOW); while (tokenizer.hasMoreElements()) {
} String s = tokenizer.nextToken();
if (s.matches("^[0-9.]+$")) {
versionEvidence.addEvidence(source, key, s, Evidence.Confidence.LOW);
}
}
//versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
} }
//versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
} }
} }
} }
} }
} finally {
if (jar != null) {
jar.close();
}
} }
} }

2
src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/IndexUpdater.java
View File

@@ -395,7 +395,7 @@ public class IndexUpdater extends Index implements CachedWebDataSource {
* @return whether or not the date is within the range. * @return whether or not the date is within the range.
*/ */
private boolean withinRange(long date, long compareTo, int range) { private boolean withinRange(long date, long compareTo, int range) {
double differenceInDays = (compareTo - date) / 1000 / 60 / 60 / 24; double differenceInDays = (compareTo - date) / 1000.0 / 60.0 / 60.0 / 24.0;
return differenceInDays < range; return differenceInDays < range;
} }