From 5c874cafd1e8f72351e3d1409fd88368247329c6 Mon Sep 17 00:00:00 2001 From: Will Stranathan Date: Thu, 26 Jun 2014 15:14:55 -0400 Subject: [PATCH] Fixed suppression analyzer to load from input stream fixing failure Former-commit-id: 4e6f8d7fddcf7ed26ad60b7aa8bc3a6b22ae19cc --- .../analyzer/AbstractSuppressionAnalyzer.java | 3 +-- .../suppression/SuppressionParser.java | 20 +++++++++++++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java index 3c66004e1..3a8c008ed 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java @@ -100,9 +100,8 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer { private void loadSuppressionData() throws SuppressionParseException { final SuppressionParser parser = new SuppressionParser(); File file = null; - file = new File(this.getClass().getClassLoader().getResource("dependencycheck-base-suppression.xml").getPath()); try { - rules = parser.parseSuppressionRules(file); + rules = parser.parseSuppressionRules(this.getClass().getClassLoader().getResourceAsStream("dependencycheck-base-suppression.xml")); } catch (SuppressionParseException ex) { LOGGER.log(Level.FINE, "Unable to parse the base suppression data file", ex); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionParser.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionParser.java index c47398cde..c3cc9c7d6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionParser.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionParser.java @@ -27,9 +27,11 @@ import java.io.Reader; import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; + import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; + import org.xml.sax.InputSource; import org.xml.sax.SAXException; import org.xml.sax.XMLReader; @@ -66,10 +68,25 @@ public class SuppressionParser { * @throws SuppressionParseException thrown if the xml file cannot be parsed */ public List parseSuppressionRules(File file) throws SuppressionParseException { + try { + return parseSuppressionRules(new FileInputStream(file)); + } catch (IOException ex) { + LOGGER.log(Level.FINE, null, ex); + throw new SuppressionParseException(ex); + } + } + + /** + * Parses the given xml stream and returns a list of the suppression rules contained. + * + * @param inputStream an InputStream containing suppression rues + * @return a list of suppression rules + * @throws SuppressionParseException if the xml cannot be parsed + */ + public List parseSuppressionRules(InputStream inputStream) throws SuppressionParseException { try { final InputStream schemaStream = this.getClass().getClassLoader().getResourceAsStream("schema/suppression.xsd"); final SuppressionHandler handler = new SuppressionHandler(); - final SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setNamespaceAware(true); factory.setValidating(true); @@ -80,7 +97,6 @@ public class SuppressionParser { xmlReader.setErrorHandler(new SuppressionErrorHandler()); xmlReader.setContentHandler(handler); - final InputStream inputStream = new FileInputStream(file); final Reader reader = new InputStreamReader(inputStream, "UTF-8"); final InputSource in = new InputSource(reader); //in.setEncoding("UTF-8");