From 198d73acfa2bcae1eaf54d88fdc9f9ded0ad4d2a Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 19 Apr 2013 18:46:01 -0400 Subject: [PATCH] Updates to abstract analyzer and subclasses - removed duplicate code Former-commit-id: e0acf33d81dcf5e2d6383345927287dbe918d03c --- .../analyzer/AbstractAnalyzer.java | 24 +++++++++++++++++++ .../dependencycheck/analyzer/Analyzer.java | 7 ++++++ .../analyzer/FalsePositiveAnalyzer.java | 17 ------------- .../analyzer/FileNameAnalyzer.java | 16 +------------ .../analyzer/HintAnalyzer.java | 16 +------------ .../analyzer/SpringCleaningAnalyzer.java | 20 +--------------- .../dependencycheck/data/cpe/CPEAnalyzer.java | 12 ++++++++-- .../data/nvdcve/NvdCveAnalyzer.java | 13 ++++++++-- .../dependency/Dependency.java | 6 ++++- 9 files changed, 60 insertions(+), 71 deletions(-) diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java index aef479cc2..d3776b6b7 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java @@ -43,4 +43,28 @@ public abstract class AbstractAnalyzer implements Analyzer { Collections.addAll(set, strings); return set; } + + + /** + * The initialize method does nothing for this Analyzer. + */ + public void initialize() { + //do nothing + } + + /** + * The close method does nothing for this Analyzer. + */ + public void close() { + //do nothing + } + + /** + * Used to indicate if any steps should be taken after the analysis. The + * abstract implementation returns NOTHING. + * @return NOTHING + */ + public PostAnalysisAction getPostAnalysisAction() { + return PostAnalysisAction.NOTHING; + } } diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java index ad594ffdb..baee83432 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java @@ -99,4 +99,11 @@ public interface Analyzer { * @throws Exception is thrown if an exception occurs closing the analyzer. */ void close() throws Exception; + + public enum PostAnalysisAction { + NOTHING, + REMOVE_JAR + } + + PostAnalysisAction getPostAnalysisAction(); } diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java index cb34f7a97..b793f7a4c 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java @@ -84,23 +84,6 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { return ANALYSIS_PHASE; } - /** - * The initialize method does nothing for this Analyzer. - * - * @throws Exception never thrown by this analyzer - */ - public void initialize() throws Exception { - //do nothing - } - - /** - * The close method does nothing for this Analyzer. - * - * @throws Exception never thrown by this analyzer - */ - public void close() throws Exception { - //do nothing - } /** * a list of spring versions. */ diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java index 4fb507f99..642cfd78a 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java @@ -29,7 +29,7 @@ import org.owasp.dependencycheck.Engine; * * @author Jeremy Long (jeremy.long@gmail.com) */ -public class FileNameAnalyzer implements Analyzer { +public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer { /** * The name of the analyzer. @@ -109,18 +109,4 @@ public class FileNameAnalyzer implements Analyzer { fileName, Evidence.Confidence.HIGH); } } - - /** - * The initialize method does nothing for this Analyzer. - */ - public void initialize() { - //do nothing - } - - /** - * The close method does nothing for this Analyzer. - */ - public void close() { - //do nothing - } } diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java index 93b3fb3e9..bd72262db 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java @@ -27,7 +27,7 @@ import org.owasp.dependencycheck.dependency.Evidence; * * @author Jeremy Long (jeremy.long@gmail.com) */ -public class HintAnalyzer implements Analyzer { +public class HintAnalyzer extends AbstractAnalyzer implements Analyzer { /** * The name of the analyzer. @@ -106,18 +106,4 @@ public class HintAnalyzer implements Analyzer { } } - - /** - * The initialize method does nothing for this Analyzer. - */ - public void initialize() { - //do nothing - } - - /** - * The close method does nothing for this Analyzer. - */ - public void close() { - //do nothing - } } diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/SpringCleaningAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/SpringCleaningAnalyzer.java index 5c6bd2c95..2b3a5c5ff 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/SpringCleaningAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/SpringCleaningAnalyzer.java @@ -33,7 +33,7 @@ import org.owasp.dependencycheck.dependency.Identifier; * * @author Jeremy Long (jeremy.long@gmail.com) */ -public class SpringCleaningAnalyzer extends AbstractAnalyzer { +public class SpringCleaningAnalyzer extends AbstractAnalyzer implements Analyzer { /** * The set of file extensions supported by this analyzer. @@ -86,23 +86,6 @@ public class SpringCleaningAnalyzer extends AbstractAnalyzer { return ANALYSIS_PHASE; } - /** - * The initialize method does nothing for this Analyzer. - * - * @throws Exception never thrown by this analyzer - */ - public void initialize() throws Exception { - //do nothing - } - - /** - * The close method does nothing for this Analyzer. - * - * @throws Exception never thrown by this analyzer - */ - public void close() throws Exception { - //do nothing - } /** * a list of spring versions. */ @@ -119,7 +102,6 @@ public class SpringCleaningAnalyzer extends AbstractAnalyzer { * file. */ public void analyze(Dependency dependency, Engine engine) throws AnalysisException { - collectSpringFrameworkIdentifiers(engine); final List identifiersToRemove = new ArrayList(); diff --git a/src/main/java/org/owasp/dependencycheck/data/cpe/CPEAnalyzer.java b/src/main/java/org/owasp/dependencycheck/data/cpe/CPEAnalyzer.java index 15f7bf0e5..dd5f76710 100644 --- a/src/main/java/org/owasp/dependencycheck/data/cpe/CPEAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/data/cpe/CPEAnalyzer.java @@ -37,7 +37,7 @@ import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; import org.owasp.dependencycheck.dependency.Evidence.Confidence; import org.owasp.dependencycheck.dependency.EvidenceCollection; - +import org.owasp.dependencycheck.analyzer.Analyzer; /** * CPEAnalyzer is a utility class that takes a project dependency and attempts * to discern if there is an associated CPE. It uses the evidence contained @@ -45,7 +45,7 @@ import org.owasp.dependencycheck.dependency.EvidenceCollection; * * @author Jeremy Long (jeremy.long@gmail.com) */ -public class CPEAnalyzer implements org.owasp.dependencycheck.analyzer.Analyzer { +public class CPEAnalyzer implements Analyzer { /** * The maximum number of query results to return. @@ -512,4 +512,12 @@ public class CPEAnalyzer implements org.owasp.dependencycheck.analyzer.Analyzer public void initialize() throws Exception { this.open(); } + /** + * Used to indicate if any steps should be taken after the analysis. The + * abstract implementation returns NOTHING. + * @return NOTHING + */ + public PostAnalysisAction getPostAnalysisAction() { + return PostAnalysisAction.NOTHING; + } } diff --git a/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCveAnalyzer.java b/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCveAnalyzer.java index b53ca5fc9..90299d782 100644 --- a/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCveAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCveAnalyzer.java @@ -28,7 +28,7 @@ import org.owasp.dependencycheck.analyzer.AnalysisPhase; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Vulnerability; import org.owasp.dependencycheck.dependency.Identifier; - +import org.owasp.dependencycheck.analyzer.Analyzer; /** * NvdCveAnalyzer is a utility class that takes a project dependency and * attempts to discern if there is an associated CVEs. It uses the the @@ -36,7 +36,7 @@ import org.owasp.dependencycheck.dependency.Identifier; * * @author Jeremy Long (jeremy.long@gmail.com) */ -public class NvdCveAnalyzer implements org.owasp.dependencycheck.analyzer.Analyzer { +public class NvdCveAnalyzer implements Analyzer { /** * The maximum number of query results to return. @@ -159,4 +159,13 @@ public class NvdCveAnalyzer implements org.owasp.dependencycheck.analyzer.Analyz public void initialize() throws Exception { this.open(); } + + /** + * Used to indicate if any steps should be taken after the analysis. The + * abstract implementation returns NOTHING. + * @return NOTHING + */ + public PostAnalysisAction getPostAnalysisAction() { + return PostAnalysisAction.NOTHING; + } } diff --git a/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java index 38499f556..69ad74952 100644 --- a/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java +++ b/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java @@ -39,7 +39,7 @@ import org.owasp.dependencycheck.utils.FileUtils; * * @author Jeremy Long (jeremy.long@gmail.com) */ -public class Dependency { +public class Dependency implements Comparable { /** * The actual file path of the dependency on disk. @@ -473,4 +473,8 @@ public class Dependency { public void addRelatedDependency(Dependency dependency) { relatedDependencies.add(dependency); } + + public int compareTo(Dependency o) { + return this.getFileName().compareToIgnoreCase(o.getFileName()); + } }