added better version analysis for dependency bundling

Former-commit-id: c089750bbb5b23c7cca31138590b1dada55f59e5

src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java

@@ -0,0 +1,115 @@
+/*
+ * This file is part of DependencyCheck.
+ *
+ * DependencyCheck is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option) any
+ * later version.
+ *
+ * DependencyCheck is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * DependencyCheck. If not, see http://www.gnu.org/licenses/.
+ *
+ * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.utils;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import org.apache.commons.lang.StringUtils;
+
+/**
+ * <p>Simple object to track the parts of a version number. The parts are
+ * contained in a List such that version 1.2.3 will be stored as:
+ * <code>versionParts[0] = 1;
+ * versionParts[1] = 2;
+ * versionParts[2] = 3;
+ * </code></p>
+ * <p>Note, the parser contained in this class expects the version numbers to be
+ * seperated by periods. If a different seperator is used the parser will likely
+ * fail.</p>
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class DependencyVersion implements Iterable {
+
+    /**
+     * Constructor for a empty DependencyVersion.
+     */
+    public DependencyVersion() {
+        versionParts = new ArrayList<String>();
+    }
+
+    /**
+     * Constructor for a DependencyVersion that will parse a version string.
+     * @param version the version number to parse
+     */
+    public DependencyVersion(String version) {
+        parseVersion(version);
+    }
+
+    /**
+     * Parses a version string into its sub parts: major, minor, revision, build, etc.
+     * @param version the version string to parse
+     */
+    public final void parseVersion(String version) {
+        versionParts = new ArrayList<String>();
+        if (version != null) {
+            final Pattern rx = Pattern.compile("(\\d+|[a-z]+\\d+)");
+            Matcher matcher = rx.matcher(version.toLowerCase());
+            while (matcher.find()) {
+                versionParts.add(matcher.group());
+            }
+            if (versionParts.isEmpty()) {
+                versionParts.add(version);
+            }
+        }
+    }
+    /**
+     * A list of the version parts.
+     */
+    private List<String> versionParts;
+
+    /**
+     * Get the value of versionParts
+     *
+     * @return the value of versionParts
+     */
+    public List<String> getVersionParts() {
+        return versionParts;
+    }
+
+    /**
+     * Set the value of versionParts
+     *
+     * @param versionParts new value of versionParts
+     */
+    public void setVersionParts(List<String> versionParts) {
+        this.versionParts = versionParts;
+    }
+
+    /**
+     * Retrieves an iterator for the version parts.
+     *
+     * @return an iterator for the version parts
+     */
+    public Iterator iterator() {
+        return versionParts.iterator();
+    }
+
+    /**
+     * Reconstructs the version string from the split version parts.
+     * @return a string reprenting the version.
+     */
+    @Override
+    public String toString() {
+        return StringUtils.join(versionParts.toArray(), ".");
+    }
+}

src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java

@@ -0,0 +1,68 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.dependencycheck.utils;
+
+import java.util.regex.MatchResult;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public final class DependencyVersionUtil {
+    //private final static Pattern RX_VERSION = Pattern.compile("\\d+(\\.\\d+)*(\\d+[a-zA-Z]{1,3}\\d+)?");
+    private final static Pattern RX_VERSION = Pattern.compile("\\d+(\\.\\d+)+(\\.?[a-zA-Z_-]{1,3}\\d+)?");
+
+    /**
+     * Private constructor for utility class.
+     */
+    private DependencyVersionUtil() {
+    }
+
+    public static DependencyVersion parseVersionFromFileName(String filename) {
+        if (filename == null) {
+            return null;
+        }
+        String version = null;
+        Matcher matcher = RX_VERSION.matcher(filename);
+        if (matcher.find()) {
+            version = matcher.group();
+        }
+        //throw away the results if there are two things that look like version numbers
+        if (matcher.find()) {
+            return null;
+        }
+        if (version == null) {
+            return null;
+        }
+        return new DependencyVersion(version);
+
+
+//        String name = null;
+//        final int pos = filename.lastIndexOf('.');
+//        if (pos>0) {
+//            name = filename.substring(0, pos).toLowerCase();
+//        } else {
+//            name = filename.toLowerCase();
+//        }
+////        if (name.endsWith("-snapshot")) {
+////            name = name.substring(0,name.length() - 9);
+////        }
+////        if (name.endsWith("-release")) {
+////            name = name.substring(0,name.length() - 8);
+////        }
+//        final String[] parts = name.split("[_-]");
+//        if (parts == null || parts.length == 0) {
+//            return null;
+//        }
+//        for (int x = parts.length - 1; x >= 0; x--) {
+//            if (RX_VERSION.matcher(parts[x]).matches()) {
+//                return new DependencyVersion(parts[x]);
+//            }
+//        }
+//        return null;
+    }
+}