mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-18 07:14:09 +01:00
Random fixes to issues found by IntelliJ IDEA code inspection.
This commit is contained in:
Dale Visser
@@ -173,10 +173,10 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// copy, alter and set in case some other thread is iterating over
|
// copy, alter and set in case some other thread is iterating over
|
||||||
final List<Dependency> deps = new ArrayList<Dependency>(
|
final List<Dependency> dependencies = new ArrayList<Dependency>(
|
||||||
engine.getDependencies());
|
engine.getDependencies());
|
||||||
deps.remove(dependency);
|
dependencies.remove(dependency);
|
||||||
engine.setDependencies(deps);
|
engine.setDependencies(dependencies);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -225,7 +225,7 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
contents = FileUtils.readFileToString(actualFile).trim();
|
contents = FileUtils.readFileToString(actualFile).trim();
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
throw new AnalysisException(
|
throw new AnalysisException(
|
||||||
"Problem occured while reading dependency file.", e);
|
"Problem occurred while reading dependency file.", e);
|
||||||
}
|
}
|
||||||
return contents;
|
return contents;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -53,7 +53,7 @@ import org.owasp.dependencycheck.utils.UrlStringUtils;
|
|||||||
public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
|
public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Name of egg metatdata files to analyze.
|
* Name of egg metadata files to analyze.
|
||||||
*/
|
*/
|
||||||
private static final String PKG_INFO = "PKG-INFO";
|
private static final String PKG_INFO = "PKG-INFO";
|
||||||
|
|
||||||
@@ -269,10 +269,8 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
*
|
*
|
||||||
* @param dependency the dependency being analyzed
|
* @param dependency the dependency being analyzed
|
||||||
* @param file a reference to the manifest/properties file
|
* @param file a reference to the manifest/properties file
|
||||||
* @throws AnalysisException thrown when there is an error
|
|
||||||
*/
|
*/
|
||||||
private static void collectWheelMetadata(Dependency dependency, File file)
|
private static void collectWheelMetadata(Dependency dependency, File file) {
|
||||||
throws AnalysisException {
|
|
||||||
final InternetHeaders headers = getManifestProperties(file);
|
final InternetHeaders headers = getManifestProperties(file);
|
||||||
addPropertyToEvidence(headers, dependency.getVersionEvidence(),
|
addPropertyToEvidence(headers, dependency.getVersionEvidence(),
|
||||||
"Version", Confidence.HIGHEST);
|
"Version", Confidence.HIGHEST);
|
||||||
@@ -352,7 +350,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieves the next temporary destingation directory for extracting an archive.
|
* Retrieves the next temporary destination directory for extracting an archive.
|
||||||
*
|
*
|
||||||
* @return a directory
|
* @return a directory
|
||||||
* @throws AnalysisException thrown if unable to create temporary directory
|
* @throws AnalysisException thrown if unable to create temporary directory
|
||||||
|
|||||||
@@ -28,13 +28,10 @@ import org.owasp.dependencycheck.dependency.EvidenceCollection;
|
|||||||
import org.owasp.dependencycheck.utils.FileFilterBuilder;
|
import org.owasp.dependencycheck.utils.FileFilterBuilder;
|
||||||
import org.owasp.dependencycheck.utils.Settings;
|
import org.owasp.dependencycheck.utils.Settings;
|
||||||
import org.owasp.dependencycheck.utils.UrlStringUtils;
|
import org.owasp.dependencycheck.utils.UrlStringUtils;
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileFilter;
|
import java.io.FileFilter;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.MalformedURLException;
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.regex.Matcher;
|
import java.util.regex.Matcher;
|
||||||
@@ -53,12 +50,6 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
private static final int REGEX_OPTIONS = Pattern.DOTALL
|
private static final int REGEX_OPTIONS = Pattern.DOTALL
|
||||||
| Pattern.CASE_INSENSITIVE;
|
| Pattern.CASE_INSENSITIVE;
|
||||||
|
|
||||||
/**
|
|
||||||
* The logger.
|
|
||||||
*/
|
|
||||||
private static final Logger LOGGER = LoggerFactory
|
|
||||||
.getLogger(PythonPackageAnalyzer.class);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filename extensions for files to be analyzed.
|
* Filename extensions for files to be analyzed.
|
||||||
*/
|
*/
|
||||||
@@ -184,8 +175,8 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
final String parentName = parent.getName();
|
final String parentName = parent.getName();
|
||||||
boolean found = false;
|
boolean found = false;
|
||||||
if (INIT_PY_FILTER.accept(file)) {
|
if (INIT_PY_FILTER.accept(file)) {
|
||||||
for (final File sourcefile : parent.listFiles(PY_FILTER)) {
|
for (final File sourceFile : parent.listFiles(PY_FILTER)) {
|
||||||
found |= analyzeFileContents(dependency, sourcefile);
|
found |= analyzeFileContents(dependency, sourceFile);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (found) {
|
if (found) {
|
||||||
@@ -194,10 +185,10 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
"PackageName", parentName, Confidence.MEDIUM);
|
"PackageName", parentName, Confidence.MEDIUM);
|
||||||
} else {
|
} else {
|
||||||
// copy, alter and set in case some other thread is iterating over
|
// copy, alter and set in case some other thread is iterating over
|
||||||
final List<Dependency> deps = new ArrayList<Dependency>(
|
final List<Dependency> dependencies = new ArrayList<Dependency>(
|
||||||
engine.getDependencies());
|
engine.getDependencies());
|
||||||
deps.remove(dependency);
|
dependencies.remove(dependency);
|
||||||
engine.setDependencies(deps);
|
engine.setDependencies(dependencies);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -238,14 +229,10 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
.getVendorEvidence();
|
.getVendorEvidence();
|
||||||
found |= gatherEvidence(AUTHOR_PATTERN, contents, source,
|
found |= gatherEvidence(AUTHOR_PATTERN, contents, source,
|
||||||
vendorEvidence, "SourceAuthor", Confidence.MEDIUM);
|
vendorEvidence, "SourceAuthor", Confidence.MEDIUM);
|
||||||
try {
|
|
||||||
found |= gatherHomePageEvidence(URI_PATTERN, vendorEvidence,
|
found |= gatherHomePageEvidence(URI_PATTERN, vendorEvidence,
|
||||||
source, "URL", contents);
|
source, "URL", contents);
|
||||||
found |= gatherHomePageEvidence(HOMEPAGE_PATTERN,
|
found |= gatherHomePageEvidence(HOMEPAGE_PATTERN,
|
||||||
vendorEvidence, source, "HomePage", contents);
|
vendorEvidence, source, "HomePage", contents);
|
||||||
} catch (MalformedURLException e) {
|
|
||||||
LOGGER.warn(e.getMessage());
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return found;
|
return found;
|
||||||
}
|
}
|
||||||
@@ -281,11 +268,10 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
* @param name the name of the evidence
|
* @param name the name of the evidence
|
||||||
* @param contents the home page URL
|
* @param contents the home page URL
|
||||||
* @return true if evidence was collected; otherwise false
|
* @return true if evidence was collected; otherwise false
|
||||||
* @throws MalformedURLException thrown if the URL is malformed
|
|
||||||
*/
|
*/
|
||||||
private boolean gatherHomePageEvidence(Pattern pattern,
|
private boolean gatherHomePageEvidence(Pattern pattern,
|
||||||
EvidenceCollection evidence, String source, String name,
|
EvidenceCollection evidence, String source, String name,
|
||||||
String contents) throws MalformedURLException {
|
String contents) {
|
||||||
final Matcher matcher = pattern.matcher(contents);
|
final Matcher matcher = pattern.matcher(contents);
|
||||||
boolean found = false;
|
boolean found = false;
|
||||||
if (matcher.find()) {
|
if (matcher.find()) {
|
||||||
@@ -299,7 +285,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gather evidence from a Python source file usin the given string assignment regex pattern.
|
* Gather evidence from a Python source file using the given string assignment regex pattern.
|
||||||
*
|
*
|
||||||
* @param pattern to scan contents with
|
* @param pattern to scan contents with
|
||||||
* @param contents of Python source file
|
* @param contents of Python source file
|
||||||
|
|||||||
@@ -39,10 +39,10 @@ public class OpenSSLAnalyzerTest extends BaseTest {
|
|||||||
/**
|
/**
|
||||||
* The package analyzer to test.
|
* The package analyzer to test.
|
||||||
*/
|
*/
|
||||||
OpenSSLAnalyzer analyzer;
|
private OpenSSLAnalyzer analyzer;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Setup the PtyhonPackageAnalyzer.
|
* Setup the {@link OpenSSLAnalyzer}.
|
||||||
*
|
*
|
||||||
* @throws Exception if there is a problem
|
* @throws Exception if there is a problem
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
|
|||||||
/**
|
/**
|
||||||
* The analyzer to test.
|
* The analyzer to test.
|
||||||
*/
|
*/
|
||||||
PythonDistributionAnalyzer analyzer;
|
private PythonDistributionAnalyzer analyzer;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Correctly setup the analyzer for testing.
|
* Correctly setup the analyzer for testing.
|
||||||
|
|||||||
@@ -40,10 +40,10 @@ public class PythonPackageAnalyzerTest extends BaseTest {
|
|||||||
/**
|
/**
|
||||||
* The package analyzer to test.
|
* The package analyzer to test.
|
||||||
*/
|
*/
|
||||||
PythonPackageAnalyzer analyzer;
|
private PythonPackageAnalyzer analyzer;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Setup the PtyhonPackageAnalyzer.
|
* Setup the {@link PythonPackageAnalyzer}.
|
||||||
*
|
*
|
||||||
* @throws Exception if there is a problem
|
* @throws Exception if there is a problem
|
||||||
*/
|
*/
|
||||||
@@ -85,14 +85,9 @@ public class PythonPackageAnalyzerTest extends BaseTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testAnalyzeSourceMetadata() throws AnalysisException {
|
public void testAnalyzeSourceMetadata() throws AnalysisException {
|
||||||
eggtestAssertions(this,
|
|
||||||
"python/eggtest/__init__.py");
|
|
||||||
}
|
|
||||||
|
|
||||||
public void eggtestAssertions(Object context, final String resource) throws AnalysisException {
|
|
||||||
boolean found = false;
|
boolean found = false;
|
||||||
final Dependency result = new Dependency(BaseTest.getResourceAsFile(
|
final Dependency result = new Dependency(BaseTest.getResourceAsFile(
|
||||||
context, resource));
|
this, "python/eggtest/__init__.py"));
|
||||||
analyzer.analyze(result, null);
|
analyzer.analyze(result, null);
|
||||||
assertTrue("Expected vendor evidence to contain \"example\".", result
|
assertTrue("Expected vendor evidence to contain \"example\".", result
|
||||||
.getVendorEvidence().toString().contains("example"));
|
.getVendorEvidence().toString().contains("example"));
|
||||||
@@ -104,4 +99,5 @@ public class PythonPackageAnalyzerTest extends BaseTest {
|
|||||||
}
|
}
|
||||||
assertTrue("Version 0.0.1 not found in EggTest dependency.", found);
|
assertTrue("Version 0.0.1 not found in EggTest dependency.", found);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user