github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-24 10:01:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

ensured resources are closed

Browse Source
This commit is contained in:
Jeremy Long
2016-11-22 06:39:50 -05:00
parent 6838b9b950
commit 316b936326
1 changed files with 29 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -280,31 +280,39 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
return false; return false;
} }
if (pomEntries != null && pomEntries.size() <= 1) { if (pomEntries != null && pomEntries.size() <= 1) {
String path = null; try {
Properties pomProperties = null; String path = null;
File pomFile = null; Properties pomProperties = null;
if (pomEntries.size() == 1) { File pomFile = null;
path = pomEntries.get(0); if (pomEntries.size() == 1) {
pomFile = extractPom(path, jar); path = pomEntries.get(0);
pomProperties = retrievePomProperties(path, jar); pomFile = extractPom(path, jar);
} else { pomProperties = retrievePomProperties(path, jar);
path = FilenameUtils.removeExtension(dependency.getActualFilePath()) + ".pom"; } else {
pomFile = new File(path); path = FilenameUtils.removeExtension(dependency.getActualFilePath()) + ".pom";
} pomFile = new File(path);
if (pomFile.isFile()) {
Model pom = PomUtils.readPom(pomFile);
if (pom != null && pomProperties != null) {
pom.processProperties(pomProperties);
} }
if (pom != null) { if (pomFile.isFile()) {
return setPomEvidence(dependency, pom, classes); Model pom = PomUtils.readPom(pomFile);
if (pom != null && pomProperties != null) {
pom.processProperties(pomProperties);
}
if (pom != null) {
return setPomEvidence(dependency, pom, classes);
}
return false;
} else {
return false;
}
} finally {
try {
jar.close();
} catch (IOException ex) {
LOGGER.trace("", ex);
} }
return false;
} else {
return false;
} }
} }
//reported possible null dereference on pomEntries is on a non-feasible path //reported possible null dereference on pomEntries is on a non-feasible path
for (String path : pomEntries) { for (String path : pomEntries) {
//TODO - one of these is likely the pom for the main JAR we are analyzing //TODO - one of these is likely the pom for the main JAR we are analyzing