github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-04-30 20:24:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

updated to version 1.0.5

Browse Source
This commit is contained in:
Jeremy Long
2013-11-16 13:44:16 -05:00
parent d6ec751081
commit 352e9de762
795 changed files with 12839 additions and 11400 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dependency-check-core/xref/allclasses-frame.html
View File

@@ -49,6 +49,9 @@
</li>
<li>
<a href="org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.html" target="classFrame">ArchiveAnalyzer</a>
</li>
<li>
<a href="org/owasp/dependencycheck/analyzer/ArchiveExtractionException.html" target="classFrame">ArchiveExtractionException</a>
</li>
<li>
<a href="org/owasp/dependencycheck/data/cpe/BaseIndex.html" target="classFrame">BaseIndex</a>
@@ -292,6 +295,9 @@
</li>
<li>
<a href="org/owasp/dependencycheck/jaxb/pom/generated/Profile.html" target="classFrame">Modules</a>
</li>
<li>
<a href="org/owasp/dependencycheck/data/NoDataException.html" target="classFrame">NoDataException</a>
</li>
<li>
<a href="org/owasp/dependencycheck/utils/NonClosingStream.html" target="classFrame">NonClosingStream</a>

2
dependency-check-core/xref/index.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference</title>
<title>Dependency-Check Core 1.0.5 Reference</title>
</head>
<frameset cols="20%,80%">
<frameset rows="30%,70%">

798
dependency-check-core/xref/org/owasp/dependencycheck/Engine.html
View File

@@ -30,383 +30,429 @@
<a class="jxr_linenumber" name="20" href="#20">20</a>
<a class="jxr_linenumber" name="21" href="#21">21</a> <strong class="jxr_keyword">import</strong> java.util.EnumMap;
<a class="jxr_linenumber" name="22" href="#22">22</a> <strong class="jxr_keyword">import</strong> java.io.File;
<a class="jxr_linenumber" name="23" href="#23">23</a> <strong class="jxr_keyword">import</strong> java.util.ArrayList;
<a class="jxr_linenumber" name="24" href="#24">24</a> <strong class="jxr_keyword">import</strong> java.util.HashSet;
<a class="jxr_linenumber" name="25" href="#25">25</a> <strong class="jxr_keyword">import</strong> java.util.Iterator;
<a class="jxr_linenumber" name="26" href="#26">26</a> <strong class="jxr_keyword">import</strong> java.util.List;
<a class="jxr_linenumber" name="27" href="#27">27</a> <strong class="jxr_keyword">import</strong> java.util.Set;
<a class="jxr_linenumber" name="28" href="#28">28</a> <strong class="jxr_keyword">import</strong> java.util.logging.Level;
<a class="jxr_linenumber" name="29" href="#29">29</a> <strong class="jxr_keyword">import</strong> java.util.logging.Logger;
<a class="jxr_linenumber" name="30" href="#30">30</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.AnalysisException;
<a class="jxr_linenumber" name="31" href="#31">31</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.AnalysisPhase;
<a class="jxr_linenumber" name="32" href="#32">32</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.Analyzer;
<a class="jxr_linenumber" name="33" href="#33">33</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.AnalyzerService;
<a class="jxr_linenumber" name="34" href="#34">34</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.CachedWebDataSource;
<a class="jxr_linenumber" name="35" href="#35">35</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.UpdateException;
<a class="jxr_linenumber" name="36" href="#36">36</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.UpdateService;
<a class="jxr_linenumber" name="37" href="#37">37</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
<a class="jxr_linenumber" name="38" href="#38">38</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.FileUtils;
<a class="jxr_linenumber" name="39" href="#39">39</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.InvalidSettingException;
<a class="jxr_linenumber" name="40" href="#40">40</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
<a class="jxr_linenumber" name="41" href="#41">41</a>
<a class="jxr_linenumber" name="42" href="#42">42</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="43" href="#43">43</a> <em class="jxr_javadoccomment"> * Scans files, directories, etc. for Dependencies. Analyzers are loaded and</em>
<a class="jxr_linenumber" name="44" href="#44">44</a> <em class="jxr_javadoccomment"> * used to process the files found by the scan, if a file is encountered and an</em>
<a class="jxr_linenumber" name="45" href="#45">45</a> <em class="jxr_javadoccomment"> * Analyzer is associated with the file type then the file is turned into a</em>
<a class="jxr_linenumber" name="46" href="#46">46</a> <em class="jxr_javadoccomment"> * dependency.</em>
<a class="jxr_linenumber" name="47" href="#47">47</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="48" href="#48">48</a> <em class="jxr_javadoccomment"> * @author Jeremy Long (jeremy.long@owasp.org)</em>
<a class="jxr_linenumber" name="49" href="#49">49</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="50" href="#50">50</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../org/owasp/dependencycheck/Engine.html">Engine</a> {
<a class="jxr_linenumber" name="51" href="#51">51</a>
<a class="jxr_linenumber" name="52" href="#52">52</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="53" href="#53">53</a> <em class="jxr_javadoccomment"> * The list of dependencies.</em>
<a class="jxr_linenumber" name="54" href="#54">54</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="55" href="#55">55</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> List&lt;Dependency&gt; dependencies = <strong class="jxr_keyword">new</strong> ArrayList&lt;Dependency&gt;();
<a class="jxr_linenumber" name="56" href="#56">56</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="57" href="#57">57</a> <em class="jxr_javadoccomment"> * A Map of analyzers grouped by Analysis phase.</em>
<a class="jxr_linenumber" name="58" href="#58">58</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="59" href="#59">59</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> EnumMap&lt;AnalysisPhase, List&lt;Analyzer&gt;&gt; analyzers =
<a class="jxr_linenumber" name="60" href="#60">60</a> <strong class="jxr_keyword">new</strong> EnumMap&lt;AnalysisPhase, List&lt;Analyzer&gt;&gt;(AnalysisPhase.<strong class="jxr_keyword">class</strong>);
<a class="jxr_linenumber" name="61" href="#61">61</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="62" href="#62">62</a> <em class="jxr_javadoccomment"> * A set of extensions supported by the analyzers.</em>
<a class="jxr_linenumber" name="63" href="#63">63</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="64" href="#64">64</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> Set&lt;String&gt; extensions = <strong class="jxr_keyword">new</strong> HashSet&lt;String&gt;();
<a class="jxr_linenumber" name="65" href="#65">65</a>
<a class="jxr_linenumber" name="66" href="#66">66</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="67" href="#67">67</a> <em class="jxr_javadoccomment"> * Creates a new Engine.</em>
<a class="jxr_linenumber" name="68" href="#68">68</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="69" href="#69">69</a> <strong class="jxr_keyword">public</strong> <a href="../../../org/owasp/dependencycheck/Engine.html">Engine</a>() {
<a class="jxr_linenumber" name="70" href="#70">70</a> <strong class="jxr_keyword">boolean</strong> autoUpdate = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="71" href="#71">71</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="72" href="#72">72</a> autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
<a class="jxr_linenumber" name="73" href="#73">73</a> } <strong class="jxr_keyword">catch</strong> (InvalidSettingException ex) {
<a class="jxr_linenumber" name="74" href="#74">74</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <span class="jxr_string">"Invalid setting for auto-update; using true."</span>);
<a class="jxr_linenumber" name="75" href="#75">75</a> }
<a class="jxr_linenumber" name="76" href="#76">76</a> <strong class="jxr_keyword">if</strong> (autoUpdate) {
<a class="jxr_linenumber" name="77" href="#77">77</a> doUpdates();
<a class="jxr_linenumber" name="23" href="#23">23</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
<a class="jxr_linenumber" name="24" href="#24">24</a> <strong class="jxr_keyword">import</strong> java.util.ArrayList;
<a class="jxr_linenumber" name="25" href="#25">25</a> <strong class="jxr_keyword">import</strong> java.util.HashSet;
<a class="jxr_linenumber" name="26" href="#26">26</a> <strong class="jxr_keyword">import</strong> java.util.Iterator;
<a class="jxr_linenumber" name="27" href="#27">27</a> <strong class="jxr_keyword">import</strong> java.util.List;
<a class="jxr_linenumber" name="28" href="#28">28</a> <strong class="jxr_keyword">import</strong> java.util.Set;
<a class="jxr_linenumber" name="29" href="#29">29</a> <strong class="jxr_keyword">import</strong> java.util.logging.Level;
<a class="jxr_linenumber" name="30" href="#30">30</a> <strong class="jxr_keyword">import</strong> java.util.logging.Logger;
<a class="jxr_linenumber" name="31" href="#31">31</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.AnalysisException;
<a class="jxr_linenumber" name="32" href="#32">32</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.AnalysisPhase;
<a class="jxr_linenumber" name="33" href="#33">33</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.Analyzer;
<a class="jxr_linenumber" name="34" href="#34">34</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.AnalyzerService;
<a class="jxr_linenumber" name="35" href="#35">35</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.CachedWebDataSource;
<a class="jxr_linenumber" name="36" href="#36">36</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.NoDataException;
<a class="jxr_linenumber" name="37" href="#37">37</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.UpdateException;
<a class="jxr_linenumber" name="38" href="#38">38</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.UpdateService;
<a class="jxr_linenumber" name="39" href="#39">39</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.cpe.CpeIndexReader;
<a class="jxr_linenumber" name="40" href="#40">40</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
<a class="jxr_linenumber" name="41" href="#41">41</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.FileUtils;
<a class="jxr_linenumber" name="42" href="#42">42</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.InvalidSettingException;
<a class="jxr_linenumber" name="43" href="#43">43</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
<a class="jxr_linenumber" name="44" href="#44">44</a>
<a class="jxr_linenumber" name="45" href="#45">45</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="46" href="#46">46</a> <em class="jxr_javadoccomment"> * Scans files, directories, etc. for Dependencies. Analyzers are loaded and</em>
<a class="jxr_linenumber" name="47" href="#47">47</a> <em class="jxr_javadoccomment"> * used to process the files found by the scan, if a file is encountered and an</em>
<a class="jxr_linenumber" name="48" href="#48">48</a> <em class="jxr_javadoccomment"> * Analyzer is associated with the file type then the file is turned into a</em>
<a class="jxr_linenumber" name="49" href="#49">49</a> <em class="jxr_javadoccomment"> * dependency.</em>
<a class="jxr_linenumber" name="50" href="#50">50</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="51" href="#51">51</a> <em class="jxr_javadoccomment"> * @author Jeremy Long (jeremy.long@owasp.org)</em>
<a class="jxr_linenumber" name="52" href="#52">52</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="53" href="#53">53</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../org/owasp/dependencycheck/Engine.html">Engine</a> {
<a class="jxr_linenumber" name="54" href="#54">54</a>
<a class="jxr_linenumber" name="55" href="#55">55</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="56" href="#56">56</a> <em class="jxr_javadoccomment"> * The list of dependencies.</em>
<a class="jxr_linenumber" name="57" href="#57">57</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="58" href="#58">58</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> List&lt;Dependency&gt; dependencies = <strong class="jxr_keyword">new</strong> ArrayList&lt;Dependency&gt;();
<a class="jxr_linenumber" name="59" href="#59">59</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="60" href="#60">60</a> <em class="jxr_javadoccomment"> * A Map of analyzers grouped by Analysis phase.</em>
<a class="jxr_linenumber" name="61" href="#61">61</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="62" href="#62">62</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> EnumMap&lt;AnalysisPhase, List&lt;Analyzer&gt;&gt; analyzers =
<a class="jxr_linenumber" name="63" href="#63">63</a> <strong class="jxr_keyword">new</strong> EnumMap&lt;AnalysisPhase, List&lt;Analyzer&gt;&gt;(AnalysisPhase.<strong class="jxr_keyword">class</strong>);
<a class="jxr_linenumber" name="64" href="#64">64</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="65" href="#65">65</a> <em class="jxr_javadoccomment"> * A set of extensions supported by the analyzers.</em>
<a class="jxr_linenumber" name="66" href="#66">66</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="67" href="#67">67</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> Set&lt;String&gt; extensions = <strong class="jxr_keyword">new</strong> HashSet&lt;String&gt;();
<a class="jxr_linenumber" name="68" href="#68">68</a>
<a class="jxr_linenumber" name="69" href="#69">69</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="70" href="#70">70</a> <em class="jxr_javadoccomment"> * Creates a new Engine.</em>
<a class="jxr_linenumber" name="71" href="#71">71</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="72" href="#72">72</a> <strong class="jxr_keyword">public</strong> <a href="../../../org/owasp/dependencycheck/Engine.html">Engine</a>() {
<a class="jxr_linenumber" name="73" href="#73">73</a> <strong class="jxr_keyword">boolean</strong> autoUpdate = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="74" href="#74">74</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="75" href="#75">75</a> autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
<a class="jxr_linenumber" name="76" href="#76">76</a> } <strong class="jxr_keyword">catch</strong> (InvalidSettingException ex) {
<a class="jxr_linenumber" name="77" href="#77">77</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <span class="jxr_string">"Invalid setting for auto-update; using true."</span>);
<a class="jxr_linenumber" name="78" href="#78">78</a> }
<a class="jxr_linenumber" name="79" href="#79">79</a> loadAnalyzers();
<a class="jxr_linenumber" name="80" href="#80">80</a> }
<a class="jxr_linenumber" name="81" href="#81">81</a>
<a class="jxr_linenumber" name="82" href="#82">82</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="83" href="#83">83</a> <em class="jxr_javadoccomment"> * Creates a new Engine.</em>
<a class="jxr_linenumber" name="84" href="#84">84</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="85" href="#85">85</a> <em class="jxr_javadoccomment"> * @param autoUpdate indicates whether or not data should be updated from</em>
<a class="jxr_linenumber" name="86" href="#86">86</a> <em class="jxr_javadoccomment"> * the Internet</em>
<a class="jxr_linenumber" name="87" href="#87">87</a> <em class="jxr_javadoccomment"> * @deprecated This function should no longer be used; the autoupdate flag</em>
<a class="jxr_linenumber" name="88" href="#88">88</a> <em class="jxr_javadoccomment"> * should be set using:</em>
<a class="jxr_linenumber" name="89" href="#89">89</a> <em class="jxr_javadoccomment"> * &lt;code&gt;Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, value);&lt;/code&gt;</em>
<a class="jxr_linenumber" name="90" href="#90">90</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="91" href="#91">91</a> @Deprecated
<a class="jxr_linenumber" name="92" href="#92">92</a> <strong class="jxr_keyword">public</strong> <a href="../../../org/owasp/dependencycheck/Engine.html">Engine</a>(<strong class="jxr_keyword">boolean</strong> autoUpdate) {
<a class="jxr_linenumber" name="93" href="#93">93</a> <strong class="jxr_keyword">if</strong> (autoUpdate) {
<a class="jxr_linenumber" name="94" href="#94">94</a> doUpdates();
<a class="jxr_linenumber" name="95" href="#95">95</a> }
<a class="jxr_linenumber" name="96" href="#96">96</a> loadAnalyzers();
<a class="jxr_linenumber" name="97" href="#97">97</a> }
<a class="jxr_linenumber" name="98" href="#98">98</a>
<a class="jxr_linenumber" name="99" href="#99">99</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="100" href="#100">100</a> <em class="jxr_javadoccomment"> * Loads the analyzers specified in the configuration file (or system</em>
<a class="jxr_linenumber" name="101" href="#101">101</a> <em class="jxr_javadoccomment"> * properties).</em>
<a class="jxr_linenumber" name="102" href="#102">102</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="103" href="#103">103</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> loadAnalyzers() {
<a class="jxr_linenumber" name="104" href="#104">104</a>
<a class="jxr_linenumber" name="105" href="#105">105</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
<a class="jxr_linenumber" name="106" href="#106">106</a> analyzers.put(phase, <strong class="jxr_keyword">new</strong> ArrayList&lt;Analyzer&gt;());
<a class="jxr_linenumber" name="107" href="#107">107</a> }
<a class="jxr_linenumber" name="108" href="#108">108</a>
<a class="jxr_linenumber" name="109" href="#109">109</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/analyzer/AnalyzerService.html">AnalyzerService</a> service = AnalyzerService.getInstance();
<a class="jxr_linenumber" name="110" href="#110">110</a> <strong class="jxr_keyword">final</strong> Iterator&lt;Analyzer&gt; iterator = service.getAnalyzers();
<a class="jxr_linenumber" name="111" href="#111">111</a> <strong class="jxr_keyword">while</strong> (iterator.hasNext()) {
<a class="jxr_linenumber" name="112" href="#112">112</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> a = iterator.next();
<a class="jxr_linenumber" name="113" href="#113">113</a> analyzers.get(a.getAnalysisPhase()).add(a);
<a class="jxr_linenumber" name="114" href="#114">114</a> <strong class="jxr_keyword">if</strong> (a.getSupportedExtensions() != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="115" href="#115">115</a> extensions.addAll(a.getSupportedExtensions());
<a class="jxr_linenumber" name="116" href="#116">116</a> }
<a class="jxr_linenumber" name="117" href="#117">117</a> }
<a class="jxr_linenumber" name="118" href="#118">118</a> }
<a class="jxr_linenumber" name="119" href="#119">119</a>
<a class="jxr_linenumber" name="120" href="#120">120</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="121" href="#121">121</a> <em class="jxr_javadoccomment"> * Get the List of the analyzers for a specific phase of analysis.</em>
<a class="jxr_linenumber" name="122" href="#122">122</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="123" href="#123">123</a> <em class="jxr_javadoccomment"> * @param phase the phase to get the configured analyzers.</em>
<a class="jxr_linenumber" name="124" href="#124">124</a> <em class="jxr_javadoccomment"> * @return the analyzers loaded</em>
<a class="jxr_linenumber" name="125" href="#125">125</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="126" href="#126">126</a> <strong class="jxr_keyword">public</strong> List&lt;Analyzer&gt; getAnalyzers(<a href="../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> phase) {
<a class="jxr_linenumber" name="127" href="#127">127</a> <strong class="jxr_keyword">return</strong> analyzers.get(phase);
<a class="jxr_linenumber" name="128" href="#128">128</a> }
<a class="jxr_linenumber" name="129" href="#129">129</a>
<a class="jxr_linenumber" name="130" href="#130">130</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="131" href="#131">131</a> <em class="jxr_javadoccomment"> * Get the dependencies identified.</em>
<a class="jxr_linenumber" name="132" href="#132">132</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="133" href="#133">133</a> <em class="jxr_javadoccomment"> * @return the dependencies identified</em>
<a class="jxr_linenumber" name="134" href="#134">134</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="135" href="#135">135</a> <strong class="jxr_keyword">public</strong> List&lt;Dependency&gt; getDependencies() {
<a class="jxr_linenumber" name="136" href="#136">136</a> <strong class="jxr_keyword">return</strong> dependencies;
<a class="jxr_linenumber" name="137" href="#137">137</a> }
<a class="jxr_linenumber" name="138" href="#138">138</a>
<a class="jxr_linenumber" name="139" href="#139">139</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="140" href="#140">140</a> <em class="jxr_javadoccomment"> * Scans an array of files or directories. If a directory is specified, it</em>
<a class="jxr_linenumber" name="141" href="#141">141</a> <em class="jxr_javadoccomment"> * will be scanned recursively. Any dependencies identified are added to the</em>
<a class="jxr_linenumber" name="142" href="#142">142</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="143" href="#143">143</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="144" href="#144">144</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
<a class="jxr_linenumber" name="145" href="#145">145</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="146" href="#146">146</a> <em class="jxr_javadoccomment"> * @param paths an array of paths to files or directories to be analyzed.</em>
<a class="jxr_linenumber" name="147" href="#147">147</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="148" href="#148">148</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(String[] paths) {
<a class="jxr_linenumber" name="149" href="#149">149</a> <strong class="jxr_keyword">for</strong> (String path : paths) {
<a class="jxr_linenumber" name="150" href="#150">150</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(path);
<a class="jxr_linenumber" name="151" href="#151">151</a> scan(file);
<a class="jxr_linenumber" name="152" href="#152">152</a> }
<a class="jxr_linenumber" name="153" href="#153">153</a> }
<a class="jxr_linenumber" name="154" href="#154">154</a>
<a class="jxr_linenumber" name="155" href="#155">155</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="156" href="#156">156</a> <em class="jxr_javadoccomment"> * Scans a given file or directory. If a directory is specified, it will be</em>
<a class="jxr_linenumber" name="157" href="#157">157</a> <em class="jxr_javadoccomment"> * scanned recursively. Any dependencies identified are added to the</em>
<a class="jxr_linenumber" name="158" href="#158">158</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="159" href="#159">159</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="160" href="#160">160</a> <em class="jxr_javadoccomment"> * @param path the path to a file or directory to be analyzed.</em>
<a class="jxr_linenumber" name="161" href="#161">161</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="162" href="#162">162</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(String path) {
<a class="jxr_linenumber" name="163" href="#163">163</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(path);
<a class="jxr_linenumber" name="164" href="#164">164</a> scan(file);
<a class="jxr_linenumber" name="165" href="#165">165</a> }
<a class="jxr_linenumber" name="166" href="#166">166</a>
<a class="jxr_linenumber" name="167" href="#167">167</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="168" href="#168">168</a> <em class="jxr_javadoccomment"> * Scans an array of files or directories. If a directory is specified, it</em>
<a class="jxr_linenumber" name="169" href="#169">169</a> <em class="jxr_javadoccomment"> * will be scanned recursively. Any dependencies identified are added to the</em>
<a class="jxr_linenumber" name="170" href="#170">170</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="171" href="#171">171</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="172" href="#172">172</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
<a class="jxr_linenumber" name="173" href="#173">173</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="174" href="#174">174</a> <em class="jxr_javadoccomment"> * @param files an array of paths to files or directories to be analyzed.</em>
<a class="jxr_linenumber" name="175" href="#175">175</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="176" href="#176">176</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(File[] files) {
<a class="jxr_linenumber" name="177" href="#177">177</a> <strong class="jxr_keyword">for</strong> (File file : files) {
<a class="jxr_linenumber" name="178" href="#178">178</a> scan(file);
<a class="jxr_linenumber" name="179" href="#179">179</a> }
<a class="jxr_linenumber" name="180" href="#180">180</a> }
<a class="jxr_linenumber" name="181" href="#181">181</a>
<a class="jxr_linenumber" name="182" href="#182">182</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="183" href="#183">183</a> <em class="jxr_javadoccomment"> * Scans a list of files or directories. If a directory is specified, it</em>
<a class="jxr_linenumber" name="184" href="#184">184</a> <em class="jxr_javadoccomment"> * will be scanned recursively. Any dependencies identified are added to the</em>
<a class="jxr_linenumber" name="185" href="#185">185</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="186" href="#186">186</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="187" href="#187">187</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
<a class="jxr_linenumber" name="188" href="#188">188</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="189" href="#189">189</a> <em class="jxr_javadoccomment"> * @param files a set of paths to files or directories to be analyzed.</em>
<a class="jxr_linenumber" name="190" href="#190">190</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="191" href="#191">191</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(Set&lt;File&gt; files) {
<a class="jxr_linenumber" name="192" href="#192">192</a> <strong class="jxr_keyword">for</strong> (File file : files) {
<a class="jxr_linenumber" name="193" href="#193">193</a> scan(file);
<a class="jxr_linenumber" name="194" href="#194">194</a> }
<a class="jxr_linenumber" name="195" href="#195">195</a> }
<a class="jxr_linenumber" name="196" href="#196">196</a>
<a class="jxr_linenumber" name="197" href="#197">197</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="198" href="#198">198</a> <em class="jxr_javadoccomment"> * Scans a list of files or directories. If a directory is specified, it</em>
<a class="jxr_linenumber" name="199" href="#199">199</a> <em class="jxr_javadoccomment"> * will be scanned recursively. Any dependencies identified are added to the</em>
<a class="jxr_linenumber" name="200" href="#200">200</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="201" href="#201">201</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="202" href="#202">202</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
<a class="jxr_linenumber" name="203" href="#203">203</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="204" href="#204">204</a> <em class="jxr_javadoccomment"> * @param files a set of paths to files or directories to be analyzed.</em>
<a class="jxr_linenumber" name="205" href="#205">205</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="206" href="#206">206</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(List&lt;File&gt; files) {
<a class="jxr_linenumber" name="207" href="#207">207</a> <strong class="jxr_keyword">for</strong> (File file : files) {
<a class="jxr_linenumber" name="208" href="#208">208</a> scan(file);
<a class="jxr_linenumber" name="209" href="#209">209</a> }
<a class="jxr_linenumber" name="210" href="#210">210</a> }
<a class="jxr_linenumber" name="211" href="#211">211</a>
<a class="jxr_linenumber" name="212" href="#212">212</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="213" href="#213">213</a> <em class="jxr_javadoccomment"> * Scans a given file or directory. If a directory is specified, it will be</em>
<a class="jxr_linenumber" name="214" href="#214">214</a> <em class="jxr_javadoccomment"> * scanned recursively. Any dependencies identified are added to the</em>
<a class="jxr_linenumber" name="215" href="#215">215</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="216" href="#216">216</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="217" href="#217">217</a> <em class="jxr_javadoccomment"> * @since v0.3.2.4</em>
<a class="jxr_linenumber" name="218" href="#218">218</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="219" href="#219">219</a> <em class="jxr_javadoccomment"> * @param file the path to a file or directory to be analyzed.</em>
<a class="jxr_linenumber" name="220" href="#220">220</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="221" href="#221">221</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(File file) {
<a class="jxr_linenumber" name="222" href="#222">222</a> <strong class="jxr_keyword">if</strong> (file.exists()) {
<a class="jxr_linenumber" name="223" href="#223">223</a> <strong class="jxr_keyword">if</strong> (file.isDirectory()) {
<a class="jxr_linenumber" name="224" href="#224">224</a> scanDirectory(file);
<a class="jxr_linenumber" name="225" href="#225">225</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="226" href="#226">226</a> scanFile(file);
<a class="jxr_linenumber" name="227" href="#227">227</a> }
<a class="jxr_linenumber" name="228" href="#228">228</a> }
<a class="jxr_linenumber" name="229" href="#229">229</a> }
<a class="jxr_linenumber" name="230" href="#230">230</a>
<a class="jxr_linenumber" name="231" href="#231">231</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="232" href="#232">232</a> <em class="jxr_javadoccomment"> * Recursively scans files and directories. Any dependencies identified are</em>
<a class="jxr_linenumber" name="233" href="#233">233</a> <em class="jxr_javadoccomment"> * added to the dependency collection.</em>
<a class="jxr_linenumber" name="234" href="#234">234</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="235" href="#235">235</a> <em class="jxr_javadoccomment"> * @param dir the directory to scan.</em>
<a class="jxr_linenumber" name="236" href="#236">236</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="237" href="#237">237</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> scanDirectory(File dir) {
<a class="jxr_linenumber" name="238" href="#238">238</a> <strong class="jxr_keyword">final</strong> File[] files = dir.listFiles();
<a class="jxr_linenumber" name="239" href="#239">239</a> <strong class="jxr_keyword">if</strong> (files != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="240" href="#240">240</a> <strong class="jxr_keyword">for</strong> (File f : files) {
<a class="jxr_linenumber" name="241" href="#241">241</a> <strong class="jxr_keyword">if</strong> (f.isDirectory()) {
<a class="jxr_linenumber" name="242" href="#242">242</a> scanDirectory(f);
<a class="jxr_linenumber" name="243" href="#243">243</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="244" href="#244">244</a> scanFile(f);
<a class="jxr_linenumber" name="245" href="#245">245</a> }
<a class="jxr_linenumber" name="246" href="#246">246</a> }
<a class="jxr_linenumber" name="247" href="#247">247</a> }
<a class="jxr_linenumber" name="248" href="#248">248</a> }
<a class="jxr_linenumber" name="249" href="#249">249</a>
<a class="jxr_linenumber" name="250" href="#250">250</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="251" href="#251">251</a> <em class="jxr_javadoccomment"> * Scans a specified file. If a dependency is identified it is added to the</em>
<a class="jxr_linenumber" name="252" href="#252">252</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="253" href="#253">253</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="254" href="#254">254</a> <em class="jxr_javadoccomment"> * @param file The file to scan.</em>
<a class="jxr_linenumber" name="255" href="#255">255</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="256" href="#256">256</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> scanFile(File file) {
<a class="jxr_linenumber" name="257" href="#257">257</a> <strong class="jxr_keyword">if</strong> (!file.isFile()) {
<a class="jxr_linenumber" name="258" href="#258">258</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Path passed to scanFile(File) is not a file: %s. Skipping the file."</span>, file.toString());
<a class="jxr_linenumber" name="259" href="#259">259</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, msg);
<a class="jxr_linenumber" name="260" href="#260">260</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="261" href="#261">261</a> }
<a class="jxr_linenumber" name="262" href="#262">262</a> <strong class="jxr_keyword">final</strong> String fileName = file.getName();
<a class="jxr_linenumber" name="263" href="#263">263</a> <strong class="jxr_keyword">final</strong> String extension = FileUtils.getFileExtension(fileName);
<a class="jxr_linenumber" name="264" href="#264">264</a> <strong class="jxr_keyword">if</strong> (extension != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="265" href="#265">265</a> <strong class="jxr_keyword">if</strong> (extensions.contains(extension)) {
<a class="jxr_linenumber" name="266" href="#266">266</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency = <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(file);
<a class="jxr_linenumber" name="267" href="#267">267</a> dependencies.add(dependency);
<a class="jxr_linenumber" name="268" href="#268">268</a> }
<a class="jxr_linenumber" name="269" href="#269">269</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="270" href="#270">270</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"No file extension found on file '%s'. The file was not analyzed."</span>,
<a class="jxr_linenumber" name="271" href="#271">271</a> file.toString());
<a class="jxr_linenumber" name="272" href="#272">272</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, msg);
<a class="jxr_linenumber" name="273" href="#273">273</a> }
<a class="jxr_linenumber" name="274" href="#274">274</a> }
<a class="jxr_linenumber" name="275" href="#275">275</a>
<a class="jxr_linenumber" name="276" href="#276">276</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="277" href="#277">277</a> <em class="jxr_javadoccomment"> * Runs the analyzers against all of the dependencies.</em>
<a class="jxr_linenumber" name="278" href="#278">278</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="279" href="#279">279</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyzeDependencies() {
<a class="jxr_linenumber" name="280" href="#280">280</a> <em class="jxr_comment">//phase one initialize</em>
<a class="jxr_linenumber" name="281" href="#281">281</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
<a class="jxr_linenumber" name="282" href="#282">282</a> <strong class="jxr_keyword">final</strong> List&lt;Analyzer&gt; analyzerList = analyzers.get(phase);
<a class="jxr_linenumber" name="283" href="#283">283</a> <strong class="jxr_keyword">for</strong> (Analyzer a : analyzerList) {
<a class="jxr_linenumber" name="284" href="#284">284</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="285" href="#285">285</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Initializing %s"</span>, a.getName());
<a class="jxr_linenumber" name="286" href="#286">286</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, msg);
<a class="jxr_linenumber" name="287" href="#287">287</a> a.initialize();
<a class="jxr_linenumber" name="288" href="#288">288</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="289" href="#289">289</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Exception occurred initializing %s."</span>, a.getName());
<a class="jxr_linenumber" name="290" href="#290">290</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.SEVERE, msg);
<a class="jxr_linenumber" name="291" href="#291">291</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.INFO, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="292" href="#292">292</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="293" href="#293">293</a> a.close();
<a class="jxr_linenumber" name="294" href="#294">294</a> } <strong class="jxr_keyword">catch</strong> (Exception ex1) {
<a class="jxr_linenumber" name="295" href="#295">295</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex1);
<a class="jxr_linenumber" name="296" href="#296">296</a> }
<a class="jxr_linenumber" name="297" href="#297">297</a> }
<a class="jxr_linenumber" name="298" href="#298">298</a> }
<a class="jxr_linenumber" name="299" href="#299">299</a> }
<a class="jxr_linenumber" name="300" href="#300">300</a>
<a class="jxr_linenumber" name="301" href="#301">301</a> <em class="jxr_comment">// analysis phases</em>
<a class="jxr_linenumber" name="302" href="#302">302</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
<a class="jxr_linenumber" name="303" href="#303">303</a> <strong class="jxr_keyword">final</strong> List&lt;Analyzer&gt; analyzerList = analyzers.get(phase);
<a class="jxr_linenumber" name="304" href="#304">304</a>
<a class="jxr_linenumber" name="305" href="#305">305</a> <strong class="jxr_keyword">for</strong> (Analyzer a : analyzerList) {
<a class="jxr_linenumber" name="306" href="#306">306</a> <em class="jxr_comment">/*<em class="jxr_comment"> need to create a copy of the collection because some of the</em></em>
<a class="jxr_linenumber" name="307" href="#307">307</a> <em class="jxr_comment"> * analyzers may modify it. This prevents ConcurrentModificationExceptions.</em>
<a class="jxr_linenumber" name="308" href="#308">308</a> <em class="jxr_comment"> * This is okay for adds/deletes because it happens per analyzer.</em>
<a class="jxr_linenumber" name="309" href="#309">309</a> <em class="jxr_comment"> */</em>
<a class="jxr_linenumber" name="310" href="#310">310</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Begin Analyzer '%s'"</span>, a.getName());
<a class="jxr_linenumber" name="311" href="#311">311</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, msg);
<a class="jxr_linenumber" name="312" href="#312">312</a> <strong class="jxr_keyword">final</strong> Set&lt;Dependency&gt; dependencySet = <strong class="jxr_keyword">new</strong> HashSet&lt;Dependency&gt;();
<a class="jxr_linenumber" name="313" href="#313">313</a> dependencySet.addAll(dependencies);
<a class="jxr_linenumber" name="314" href="#314">314</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencySet) {
<a class="jxr_linenumber" name="315" href="#315">315</a> <strong class="jxr_keyword">final</strong> String msgFile = String.format(<span class="jxr_string">"Begin Analysis of '%s'"</span>, d.getActualFilePath());
<a class="jxr_linenumber" name="316" href="#316">316</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, msgFile);
<a class="jxr_linenumber" name="317" href="#317">317</a> <strong class="jxr_keyword">if</strong> (a.supportsExtension(d.getFileExtension())) {
<a class="jxr_linenumber" name="318" href="#318">318</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="319" href="#319">319</a> a.analyze(d, <strong class="jxr_keyword">this</strong>);
<a class="jxr_linenumber" name="320" href="#320">320</a> } <strong class="jxr_keyword">catch</strong> (AnalysisException ex) {
<a class="jxr_linenumber" name="321" href="#321">321</a> d.addAnalysisException(ex);
<a class="jxr_linenumber" name="322" href="#322">322</a> }
<a class="jxr_linenumber" name="323" href="#323">323</a> }
<a class="jxr_linenumber" name="324" href="#324">324</a> }
<a class="jxr_linenumber" name="325" href="#325">325</a> }
<a class="jxr_linenumber" name="326" href="#326">326</a> }
<a class="jxr_linenumber" name="327" href="#327">327</a>
<a class="jxr_linenumber" name="328" href="#328">328</a> <em class="jxr_comment">//close/cleanup</em>
<a class="jxr_linenumber" name="329" href="#329">329</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
<a class="jxr_linenumber" name="330" href="#330">330</a> <strong class="jxr_keyword">final</strong> List&lt;Analyzer&gt; analyzerList = analyzers.get(phase);
<a class="jxr_linenumber" name="331" href="#331">331</a> <strong class="jxr_keyword">for</strong> (Analyzer a : analyzerList) {
<a class="jxr_linenumber" name="332" href="#332">332</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Closing Analyzer '%s'"</span>, a.getName());
<a class="jxr_linenumber" name="333" href="#333">333</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, msg);
<a class="jxr_linenumber" name="334" href="#334">334</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="335" href="#335">335</a> a.close();
<a class="jxr_linenumber" name="336" href="#336">336</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="337" href="#337">337</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="338" href="#338">338</a> }
<a class="jxr_linenumber" name="339" href="#339">339</a> }
<a class="jxr_linenumber" name="340" href="#340">340</a> }
<a class="jxr_linenumber" name="341" href="#341">341</a> }
<a class="jxr_linenumber" name="342" href="#342">342</a>
<a class="jxr_linenumber" name="343" href="#343">343</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="344" href="#344">344</a> <em class="jxr_javadoccomment"> * Cycles through the cached web data sources and calls update on all of</em>
<a class="jxr_linenumber" name="345" href="#345">345</a> <em class="jxr_javadoccomment"> * them.</em>
<a class="jxr_linenumber" name="346" href="#346">346</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="347" href="#347">347</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> doUpdates() {
<a class="jxr_linenumber" name="348" href="#348">348</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/data/UpdateService.html">UpdateService</a> service = UpdateService.getInstance();
<a class="jxr_linenumber" name="349" href="#349">349</a> <strong class="jxr_keyword">final</strong> Iterator&lt;CachedWebDataSource&gt; iterator = service.getDataSources();
<a class="jxr_linenumber" name="350" href="#350">350</a> <strong class="jxr_keyword">while</strong> (iterator.hasNext()) {
<a class="jxr_linenumber" name="351" href="#351">351</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/data/CachedWebDataSource.html">CachedWebDataSource</a> source = iterator.next();
<a class="jxr_linenumber" name="352" href="#352">352</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="353" href="#353">353</a> source.update();
<a class="jxr_linenumber" name="354" href="#354">354</a> } <strong class="jxr_keyword">catch</strong> (UpdateException ex) {
<a class="jxr_linenumber" name="355" href="#355">355</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.WARNING,
<a class="jxr_linenumber" name="356" href="#356">356</a> <span class="jxr_string">"Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities."</span>);
<a class="jxr_linenumber" name="357" href="#357">357</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE,
<a class="jxr_linenumber" name="358" href="#358">358</a> String.format(<span class="jxr_string">"Unable to update details for %s"</span>, source.getClass().getName()), ex);
<a class="jxr_linenumber" name="359" href="#359">359</a> }
<a class="jxr_linenumber" name="360" href="#360">360</a> }
<a class="jxr_linenumber" name="361" href="#361">361</a> }
<a class="jxr_linenumber" name="362" href="#362">362</a>
<a class="jxr_linenumber" name="363" href="#363">363</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="364" href="#364">364</a> <em class="jxr_javadoccomment"> * Returns a full list of all of the analyzers. This is useful for reporting</em>
<a class="jxr_linenumber" name="365" href="#365">365</a> <em class="jxr_javadoccomment"> * which analyzers where used.</em>
<a class="jxr_linenumber" name="366" href="#366">366</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="367" href="#367">367</a> <em class="jxr_javadoccomment"> * @return a list of Analyzers</em>
<a class="jxr_linenumber" name="368" href="#368">368</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="369" href="#369">369</a> <strong class="jxr_keyword">public</strong> List&lt;Analyzer&gt; getAnalyzers() {
<a class="jxr_linenumber" name="370" href="#370">370</a> <strong class="jxr_keyword">final</strong> List&lt;Analyzer&gt; ret = <strong class="jxr_keyword">new</strong> ArrayList&lt;Analyzer&gt;();
<a class="jxr_linenumber" name="371" href="#371">371</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
<a class="jxr_linenumber" name="372" href="#372">372</a> <strong class="jxr_keyword">final</strong> List&lt;Analyzer&gt; analyzerList = analyzers.get(phase);
<a class="jxr_linenumber" name="373" href="#373">373</a> ret.addAll(analyzerList);
<a class="jxr_linenumber" name="374" href="#374">374</a> }
<a class="jxr_linenumber" name="375" href="#375">375</a> <strong class="jxr_keyword">return</strong> ret;
<a class="jxr_linenumber" name="376" href="#376">376</a> }
<a class="jxr_linenumber" name="377" href="#377">377</a>
<a class="jxr_linenumber" name="378" href="#378">378</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="379" href="#379">379</a> <em class="jxr_javadoccomment"> * Checks all analyzers to see if an extension is supported.</em>
<a class="jxr_linenumber" name="380" href="#380">380</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="381" href="#381">381</a> <em class="jxr_javadoccomment"> * @param ext a file extension</em>
<a class="jxr_linenumber" name="382" href="#382">382</a> <em class="jxr_javadoccomment"> * @return true or false depending on whether or not the file extension is</em>
<a class="jxr_linenumber" name="383" href="#383">383</a> <em class="jxr_javadoccomment"> * supported</em>
<a class="jxr_linenumber" name="384" href="#384">384</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="385" href="#385">385</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> supportsExtension(String ext) {
<a class="jxr_linenumber" name="386" href="#386">386</a> <strong class="jxr_keyword">if</strong> (ext == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="387" href="#387">387</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="388" href="#388">388</a> }
<a class="jxr_linenumber" name="389" href="#389">389</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
<a class="jxr_linenumber" name="390" href="#390">390</a> <strong class="jxr_keyword">final</strong> List&lt;Analyzer&gt; analyzerList = analyzers.get(phase);
<a class="jxr_linenumber" name="391" href="#391">391</a> <strong class="jxr_keyword">for</strong> (Analyzer a : analyzerList) {
<a class="jxr_linenumber" name="392" href="#392">392</a> <strong class="jxr_keyword">if</strong> (a.getSupportedExtensions() != <strong class="jxr_keyword">null</strong> &amp;&amp; a.supportsExtension(ext)) {
<a class="jxr_linenumber" name="393" href="#393">393</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="394" href="#394">394</a> }
<a class="jxr_linenumber" name="395" href="#395">395</a> }
<a class="jxr_linenumber" name="396" href="#396">396</a> }
<a class="jxr_linenumber" name="397" href="#397">397</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="398" href="#398">398</a> }
<a class="jxr_linenumber" name="399" href="#399">399</a> }
<a class="jxr_linenumber" name="79" href="#79">79</a> <strong class="jxr_keyword">if</strong> (autoUpdate) {
<a class="jxr_linenumber" name="80" href="#80">80</a> doUpdates();
<a class="jxr_linenumber" name="81" href="#81">81</a> }
<a class="jxr_linenumber" name="82" href="#82">82</a> loadAnalyzers();
<a class="jxr_linenumber" name="83" href="#83">83</a> }
<a class="jxr_linenumber" name="84" href="#84">84</a>
<a class="jxr_linenumber" name="85" href="#85">85</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="86" href="#86">86</a> <em class="jxr_javadoccomment"> * Creates a new Engine.</em>
<a class="jxr_linenumber" name="87" href="#87">87</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="88" href="#88">88</a> <em class="jxr_javadoccomment"> * @param autoUpdate indicates whether or not data should be updated from</em>
<a class="jxr_linenumber" name="89" href="#89">89</a> <em class="jxr_javadoccomment"> * the Internet</em>
<a class="jxr_linenumber" name="90" href="#90">90</a> <em class="jxr_javadoccomment"> * @deprecated This function should no longer be used; the autoupdate flag</em>
<a class="jxr_linenumber" name="91" href="#91">91</a> <em class="jxr_javadoccomment"> * should be set using:</em>
<a class="jxr_linenumber" name="92" href="#92">92</a> <em class="jxr_javadoccomment"> * &lt;code&gt;Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, value);&lt;/code&gt;</em>
<a class="jxr_linenumber" name="93" href="#93">93</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="94" href="#94">94</a> @Deprecated
<a class="jxr_linenumber" name="95" href="#95">95</a> <strong class="jxr_keyword">public</strong> <a href="../../../org/owasp/dependencycheck/Engine.html">Engine</a>(<strong class="jxr_keyword">boolean</strong> autoUpdate) {
<a class="jxr_linenumber" name="96" href="#96">96</a> <strong class="jxr_keyword">if</strong> (autoUpdate) {
<a class="jxr_linenumber" name="97" href="#97">97</a> doUpdates();
<a class="jxr_linenumber" name="98" href="#98">98</a> }
<a class="jxr_linenumber" name="99" href="#99">99</a> loadAnalyzers();
<a class="jxr_linenumber" name="100" href="#100">100</a> }
<a class="jxr_linenumber" name="101" href="#101">101</a>
<a class="jxr_linenumber" name="102" href="#102">102</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="103" href="#103">103</a> <em class="jxr_javadoccomment"> * Loads the analyzers specified in the configuration file (or system</em>
<a class="jxr_linenumber" name="104" href="#104">104</a> <em class="jxr_javadoccomment"> * properties).</em>
<a class="jxr_linenumber" name="105" href="#105">105</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="106" href="#106">106</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> loadAnalyzers() {
<a class="jxr_linenumber" name="107" href="#107">107</a>
<a class="jxr_linenumber" name="108" href="#108">108</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
<a class="jxr_linenumber" name="109" href="#109">109</a> analyzers.put(phase, <strong class="jxr_keyword">new</strong> ArrayList&lt;Analyzer&gt;());
<a class="jxr_linenumber" name="110" href="#110">110</a> }
<a class="jxr_linenumber" name="111" href="#111">111</a>
<a class="jxr_linenumber" name="112" href="#112">112</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/analyzer/AnalyzerService.html">AnalyzerService</a> service = AnalyzerService.getInstance();
<a class="jxr_linenumber" name="113" href="#113">113</a> <strong class="jxr_keyword">final</strong> Iterator&lt;Analyzer&gt; iterator = service.getAnalyzers();
<a class="jxr_linenumber" name="114" href="#114">114</a> <strong class="jxr_keyword">while</strong> (iterator.hasNext()) {
<a class="jxr_linenumber" name="115" href="#115">115</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> a = iterator.next();
<a class="jxr_linenumber" name="116" href="#116">116</a> analyzers.get(a.getAnalysisPhase()).add(a);
<a class="jxr_linenumber" name="117" href="#117">117</a> <strong class="jxr_keyword">if</strong> (a.getSupportedExtensions() != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="118" href="#118">118</a> extensions.addAll(a.getSupportedExtensions());
<a class="jxr_linenumber" name="119" href="#119">119</a> }
<a class="jxr_linenumber" name="120" href="#120">120</a> }
<a class="jxr_linenumber" name="121" href="#121">121</a> }
<a class="jxr_linenumber" name="122" href="#122">122</a>
<a class="jxr_linenumber" name="123" href="#123">123</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="124" href="#124">124</a> <em class="jxr_javadoccomment"> * Get the List of the analyzers for a specific phase of analysis.</em>
<a class="jxr_linenumber" name="125" href="#125">125</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="126" href="#126">126</a> <em class="jxr_javadoccomment"> * @param phase the phase to get the configured analyzers.</em>
<a class="jxr_linenumber" name="127" href="#127">127</a> <em class="jxr_javadoccomment"> * @return the analyzers loaded</em>
<a class="jxr_linenumber" name="128" href="#128">128</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="129" href="#129">129</a> <strong class="jxr_keyword">public</strong> List&lt;Analyzer&gt; getAnalyzers(<a href="../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> phase) {
<a class="jxr_linenumber" name="130" href="#130">130</a> <strong class="jxr_keyword">return</strong> analyzers.get(phase);
<a class="jxr_linenumber" name="131" href="#131">131</a> }
<a class="jxr_linenumber" name="132" href="#132">132</a>
<a class="jxr_linenumber" name="133" href="#133">133</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="134" href="#134">134</a> <em class="jxr_javadoccomment"> * Get the dependencies identified.</em>
<a class="jxr_linenumber" name="135" href="#135">135</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="136" href="#136">136</a> <em class="jxr_javadoccomment"> * @return the dependencies identified</em>
<a class="jxr_linenumber" name="137" href="#137">137</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="138" href="#138">138</a> <strong class="jxr_keyword">public</strong> List&lt;Dependency&gt; getDependencies() {
<a class="jxr_linenumber" name="139" href="#139">139</a> <strong class="jxr_keyword">return</strong> dependencies;
<a class="jxr_linenumber" name="140" href="#140">140</a> }
<a class="jxr_linenumber" name="141" href="#141">141</a>
<a class="jxr_linenumber" name="142" href="#142">142</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="143" href="#143">143</a> <em class="jxr_javadoccomment"> * Scans an array of files or directories. If a directory is specified, it</em>
<a class="jxr_linenumber" name="144" href="#144">144</a> <em class="jxr_javadoccomment"> * will be scanned recursively. Any dependencies identified are added to the</em>
<a class="jxr_linenumber" name="145" href="#145">145</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="146" href="#146">146</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="147" href="#147">147</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
<a class="jxr_linenumber" name="148" href="#148">148</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="149" href="#149">149</a> <em class="jxr_javadoccomment"> * @param paths an array of paths to files or directories to be analyzed.</em>
<a class="jxr_linenumber" name="150" href="#150">150</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="151" href="#151">151</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(String[] paths) {
<a class="jxr_linenumber" name="152" href="#152">152</a> <strong class="jxr_keyword">for</strong> (String path : paths) {
<a class="jxr_linenumber" name="153" href="#153">153</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(path);
<a class="jxr_linenumber" name="154" href="#154">154</a> scan(file);
<a class="jxr_linenumber" name="155" href="#155">155</a> }
<a class="jxr_linenumber" name="156" href="#156">156</a> }
<a class="jxr_linenumber" name="157" href="#157">157</a>
<a class="jxr_linenumber" name="158" href="#158">158</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="159" href="#159">159</a> <em class="jxr_javadoccomment"> * Scans a given file or directory. If a directory is specified, it will be</em>
<a class="jxr_linenumber" name="160" href="#160">160</a> <em class="jxr_javadoccomment"> * scanned recursively. Any dependencies identified are added to the</em>
<a class="jxr_linenumber" name="161" href="#161">161</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="162" href="#162">162</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="163" href="#163">163</a> <em class="jxr_javadoccomment"> * @param path the path to a file or directory to be analyzed.</em>
<a class="jxr_linenumber" name="164" href="#164">164</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="165" href="#165">165</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(String path) {
<a class="jxr_linenumber" name="166" href="#166">166</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(path);
<a class="jxr_linenumber" name="167" href="#167">167</a> scan(file);
<a class="jxr_linenumber" name="168" href="#168">168</a> }
<a class="jxr_linenumber" name="169" href="#169">169</a>
<a class="jxr_linenumber" name="170" href="#170">170</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="171" href="#171">171</a> <em class="jxr_javadoccomment"> * Scans an array of files or directories. If a directory is specified, it</em>
<a class="jxr_linenumber" name="172" href="#172">172</a> <em class="jxr_javadoccomment"> * will be scanned recursively. Any dependencies identified are added to the</em>
<a class="jxr_linenumber" name="173" href="#173">173</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="174" href="#174">174</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="175" href="#175">175</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
<a class="jxr_linenumber" name="176" href="#176">176</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="177" href="#177">177</a> <em class="jxr_javadoccomment"> * @param files an array of paths to files or directories to be analyzed.</em>
<a class="jxr_linenumber" name="178" href="#178">178</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="179" href="#179">179</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(File[] files) {
<a class="jxr_linenumber" name="180" href="#180">180</a> <strong class="jxr_keyword">for</strong> (File file : files) {
<a class="jxr_linenumber" name="181" href="#181">181</a> scan(file);
<a class="jxr_linenumber" name="182" href="#182">182</a> }
<a class="jxr_linenumber" name="183" href="#183">183</a> }
<a class="jxr_linenumber" name="184" href="#184">184</a>
<a class="jxr_linenumber" name="185" href="#185">185</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="186" href="#186">186</a> <em class="jxr_javadoccomment"> * Scans a list of files or directories. If a directory is specified, it</em>
<a class="jxr_linenumber" name="187" href="#187">187</a> <em class="jxr_javadoccomment"> * will be scanned recursively. Any dependencies identified are added to the</em>
<a class="jxr_linenumber" name="188" href="#188">188</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="189" href="#189">189</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="190" href="#190">190</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
<a class="jxr_linenumber" name="191" href="#191">191</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="192" href="#192">192</a> <em class="jxr_javadoccomment"> * @param files a set of paths to files or directories to be analyzed.</em>
<a class="jxr_linenumber" name="193" href="#193">193</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="194" href="#194">194</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(Set&lt;File&gt; files) {
<a class="jxr_linenumber" name="195" href="#195">195</a> <strong class="jxr_keyword">for</strong> (File file : files) {
<a class="jxr_linenumber" name="196" href="#196">196</a> scan(file);
<a class="jxr_linenumber" name="197" href="#197">197</a> }
<a class="jxr_linenumber" name="198" href="#198">198</a> }
<a class="jxr_linenumber" name="199" href="#199">199</a>
<a class="jxr_linenumber" name="200" href="#200">200</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="201" href="#201">201</a> <em class="jxr_javadoccomment"> * Scans a list of files or directories. If a directory is specified, it</em>
<a class="jxr_linenumber" name="202" href="#202">202</a> <em class="jxr_javadoccomment"> * will be scanned recursively. Any dependencies identified are added to the</em>
<a class="jxr_linenumber" name="203" href="#203">203</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="204" href="#204">204</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="205" href="#205">205</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
<a class="jxr_linenumber" name="206" href="#206">206</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="207" href="#207">207</a> <em class="jxr_javadoccomment"> * @param files a set of paths to files or directories to be analyzed.</em>
<a class="jxr_linenumber" name="208" href="#208">208</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="209" href="#209">209</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(List&lt;File&gt; files) {
<a class="jxr_linenumber" name="210" href="#210">210</a> <strong class="jxr_keyword">for</strong> (File file : files) {
<a class="jxr_linenumber" name="211" href="#211">211</a> scan(file);
<a class="jxr_linenumber" name="212" href="#212">212</a> }
<a class="jxr_linenumber" name="213" href="#213">213</a> }
<a class="jxr_linenumber" name="214" href="#214">214</a>
<a class="jxr_linenumber" name="215" href="#215">215</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="216" href="#216">216</a> <em class="jxr_javadoccomment"> * Scans a given file or directory. If a directory is specified, it will be</em>
<a class="jxr_linenumber" name="217" href="#217">217</a> <em class="jxr_javadoccomment"> * scanned recursively. Any dependencies identified are added to the</em>
<a class="jxr_linenumber" name="218" href="#218">218</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="219" href="#219">219</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="220" href="#220">220</a> <em class="jxr_javadoccomment"> * @since v0.3.2.4</em>
<a class="jxr_linenumber" name="221" href="#221">221</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="222" href="#222">222</a> <em class="jxr_javadoccomment"> * @param file the path to a file or directory to be analyzed.</em>
<a class="jxr_linenumber" name="223" href="#223">223</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="224" href="#224">224</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(File file) {
<a class="jxr_linenumber" name="225" href="#225">225</a> <strong class="jxr_keyword">if</strong> (file.exists()) {
<a class="jxr_linenumber" name="226" href="#226">226</a> <strong class="jxr_keyword">if</strong> (file.isDirectory()) {
<a class="jxr_linenumber" name="227" href="#227">227</a> scanDirectory(file);
<a class="jxr_linenumber" name="228" href="#228">228</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="229" href="#229">229</a> scanFile(file);
<a class="jxr_linenumber" name="230" href="#230">230</a> }
<a class="jxr_linenumber" name="231" href="#231">231</a> }
<a class="jxr_linenumber" name="232" href="#232">232</a> }
<a class="jxr_linenumber" name="233" href="#233">233</a>
<a class="jxr_linenumber" name="234" href="#234">234</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="235" href="#235">235</a> <em class="jxr_javadoccomment"> * Recursively scans files and directories. Any dependencies identified are</em>
<a class="jxr_linenumber" name="236" href="#236">236</a> <em class="jxr_javadoccomment"> * added to the dependency collection.</em>
<a class="jxr_linenumber" name="237" href="#237">237</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="238" href="#238">238</a> <em class="jxr_javadoccomment"> * @param dir the directory to scan.</em>
<a class="jxr_linenumber" name="239" href="#239">239</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="240" href="#240">240</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> scanDirectory(File dir) {
<a class="jxr_linenumber" name="241" href="#241">241</a> <strong class="jxr_keyword">final</strong> File[] files = dir.listFiles();
<a class="jxr_linenumber" name="242" href="#242">242</a> <strong class="jxr_keyword">if</strong> (files != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="243" href="#243">243</a> <strong class="jxr_keyword">for</strong> (File f : files) {
<a class="jxr_linenumber" name="244" href="#244">244</a> <strong class="jxr_keyword">if</strong> (f.isDirectory()) {
<a class="jxr_linenumber" name="245" href="#245">245</a> scanDirectory(f);
<a class="jxr_linenumber" name="246" href="#246">246</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="247" href="#247">247</a> scanFile(f);
<a class="jxr_linenumber" name="248" href="#248">248</a> }
<a class="jxr_linenumber" name="249" href="#249">249</a> }
<a class="jxr_linenumber" name="250" href="#250">250</a> }
<a class="jxr_linenumber" name="251" href="#251">251</a> }
<a class="jxr_linenumber" name="252" href="#252">252</a>
<a class="jxr_linenumber" name="253" href="#253">253</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="254" href="#254">254</a> <em class="jxr_javadoccomment"> * Scans a specified file. If a dependency is identified it is added to the</em>
<a class="jxr_linenumber" name="255" href="#255">255</a> <em class="jxr_javadoccomment"> * dependency collection.</em>
<a class="jxr_linenumber" name="256" href="#256">256</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="257" href="#257">257</a> <em class="jxr_javadoccomment"> * @param file The file to scan.</em>
<a class="jxr_linenumber" name="258" href="#258">258</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="259" href="#259">259</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> scanFile(File file) {
<a class="jxr_linenumber" name="260" href="#260">260</a> <strong class="jxr_keyword">if</strong> (!file.isFile()) {
<a class="jxr_linenumber" name="261" href="#261">261</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Path passed to scanFile(File) is not a file: %s. Skipping the file."</span>, file.toString());
<a class="jxr_linenumber" name="262" href="#262">262</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, msg);
<a class="jxr_linenumber" name="263" href="#263">263</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="264" href="#264">264</a> }
<a class="jxr_linenumber" name="265" href="#265">265</a> <strong class="jxr_keyword">final</strong> String fileName = file.getName();
<a class="jxr_linenumber" name="266" href="#266">266</a> <strong class="jxr_keyword">final</strong> String extension = FileUtils.getFileExtension(fileName);
<a class="jxr_linenumber" name="267" href="#267">267</a> <strong class="jxr_keyword">if</strong> (extension != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="268" href="#268">268</a> <strong class="jxr_keyword">if</strong> (extensions.contains(extension)) {
<a class="jxr_linenumber" name="269" href="#269">269</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency = <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(file);
<a class="jxr_linenumber" name="270" href="#270">270</a> dependencies.add(dependency);
<a class="jxr_linenumber" name="271" href="#271">271</a> }
<a class="jxr_linenumber" name="272" href="#272">272</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="273" href="#273">273</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"No file extension found on file '%s'. The file was not analyzed."</span>,
<a class="jxr_linenumber" name="274" href="#274">274</a> file.toString());
<a class="jxr_linenumber" name="275" href="#275">275</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, msg);
<a class="jxr_linenumber" name="276" href="#276">276</a> }
<a class="jxr_linenumber" name="277" href="#277">277</a> }
<a class="jxr_linenumber" name="278" href="#278">278</a>
<a class="jxr_linenumber" name="279" href="#279">279</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="280" href="#280">280</a> <em class="jxr_javadoccomment"> * Runs the analyzers against all of the dependencies.</em>
<a class="jxr_linenumber" name="281" href="#281">281</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="282" href="#282">282</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyzeDependencies() {
<a class="jxr_linenumber" name="283" href="#283">283</a> <em class="jxr_comment">//need to ensure that data exists</em>
<a class="jxr_linenumber" name="284" href="#284">284</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="285" href="#285">285</a> ensureDataExists();
<a class="jxr_linenumber" name="286" href="#286">286</a> } <strong class="jxr_keyword">catch</strong> (NoDataException ex) {
<a class="jxr_linenumber" name="287" href="#287">287</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%n%n%s%n%nUnable to continue dependency-check analysis."</span>, ex.getMessage());
<a class="jxr_linenumber" name="288" href="#288">288</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.SEVERE, msg);
<a class="jxr_linenumber" name="289" href="#289">289</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="290" href="#290">290</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="291" href="#291">291</a> }
<a class="jxr_linenumber" name="292" href="#292">292</a>
<a class="jxr_linenumber" name="293" href="#293">293</a> <em class="jxr_comment">//phase one initialize</em>
<a class="jxr_linenumber" name="294" href="#294">294</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
<a class="jxr_linenumber" name="295" href="#295">295</a> <strong class="jxr_keyword">final</strong> List&lt;Analyzer&gt; analyzerList = analyzers.get(phase);
<a class="jxr_linenumber" name="296" href="#296">296</a> <strong class="jxr_keyword">for</strong> (Analyzer a : analyzerList) {
<a class="jxr_linenumber" name="297" href="#297">297</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="298" href="#298">298</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Initializing %s"</span>, a.getName());
<a class="jxr_linenumber" name="299" href="#299">299</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, msg);
<a class="jxr_linenumber" name="300" href="#300">300</a> a.initialize();
<a class="jxr_linenumber" name="301" href="#301">301</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="302" href="#302">302</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Exception occurred initializing %s."</span>, a.getName());
<a class="jxr_linenumber" name="303" href="#303">303</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.SEVERE, msg);
<a class="jxr_linenumber" name="304" href="#304">304</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.INFO, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="305" href="#305">305</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="306" href="#306">306</a> a.close();
<a class="jxr_linenumber" name="307" href="#307">307</a> } <strong class="jxr_keyword">catch</strong> (Exception ex1) {
<a class="jxr_linenumber" name="308" href="#308">308</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex1);
<a class="jxr_linenumber" name="309" href="#309">309</a> }
<a class="jxr_linenumber" name="310" href="#310">310</a> }
<a class="jxr_linenumber" name="311" href="#311">311</a> }
<a class="jxr_linenumber" name="312" href="#312">312</a> }
<a class="jxr_linenumber" name="313" href="#313">313</a>
<a class="jxr_linenumber" name="314" href="#314">314</a> <em class="jxr_comment">// analysis phases</em>
<a class="jxr_linenumber" name="315" href="#315">315</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
<a class="jxr_linenumber" name="316" href="#316">316</a> <strong class="jxr_keyword">final</strong> List&lt;Analyzer&gt; analyzerList = analyzers.get(phase);
<a class="jxr_linenumber" name="317" href="#317">317</a>
<a class="jxr_linenumber" name="318" href="#318">318</a> <strong class="jxr_keyword">for</strong> (Analyzer a : analyzerList) {
<a class="jxr_linenumber" name="319" href="#319">319</a> <em class="jxr_comment">/*<em class="jxr_comment"> need to create a copy of the collection because some of the</em></em>
<a class="jxr_linenumber" name="320" href="#320">320</a> <em class="jxr_comment"> * analyzers may modify it. This prevents ConcurrentModificationExceptions.</em>
<a class="jxr_linenumber" name="321" href="#321">321</a> <em class="jxr_comment"> * This is okay for adds/deletes because it happens per analyzer.</em>
<a class="jxr_linenumber" name="322" href="#322">322</a> <em class="jxr_comment"> */</em>
<a class="jxr_linenumber" name="323" href="#323">323</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Begin Analyzer '%s'"</span>, a.getName());
<a class="jxr_linenumber" name="324" href="#324">324</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, msg);
<a class="jxr_linenumber" name="325" href="#325">325</a> <strong class="jxr_keyword">final</strong> Set&lt;Dependency&gt; dependencySet = <strong class="jxr_keyword">new</strong> HashSet&lt;Dependency&gt;();
<a class="jxr_linenumber" name="326" href="#326">326</a> dependencySet.addAll(dependencies);
<a class="jxr_linenumber" name="327" href="#327">327</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencySet) {
<a class="jxr_linenumber" name="328" href="#328">328</a> <strong class="jxr_keyword">final</strong> String msgFile = String.format(<span class="jxr_string">"Begin Analysis of '%s'"</span>, d.getActualFilePath());
<a class="jxr_linenumber" name="329" href="#329">329</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, msgFile);
<a class="jxr_linenumber" name="330" href="#330">330</a> <strong class="jxr_keyword">if</strong> (a.supportsExtension(d.getFileExtension())) {
<a class="jxr_linenumber" name="331" href="#331">331</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="332" href="#332">332</a> a.analyze(d, <strong class="jxr_keyword">this</strong>);
<a class="jxr_linenumber" name="333" href="#333">333</a> } <strong class="jxr_keyword">catch</strong> (AnalysisException ex) {
<a class="jxr_linenumber" name="334" href="#334">334</a> d.addAnalysisException(ex);
<a class="jxr_linenumber" name="335" href="#335">335</a> }
<a class="jxr_linenumber" name="336" href="#336">336</a> }
<a class="jxr_linenumber" name="337" href="#337">337</a> }
<a class="jxr_linenumber" name="338" href="#338">338</a> }
<a class="jxr_linenumber" name="339" href="#339">339</a> }
<a class="jxr_linenumber" name="340" href="#340">340</a>
<a class="jxr_linenumber" name="341" href="#341">341</a> <em class="jxr_comment">//close/cleanup</em>
<a class="jxr_linenumber" name="342" href="#342">342</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
<a class="jxr_linenumber" name="343" href="#343">343</a> <strong class="jxr_keyword">final</strong> List&lt;Analyzer&gt; analyzerList = analyzers.get(phase);
<a class="jxr_linenumber" name="344" href="#344">344</a> <strong class="jxr_keyword">for</strong> (Analyzer a : analyzerList) {
<a class="jxr_linenumber" name="345" href="#345">345</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Closing Analyzer '%s'"</span>, a.getName());
<a class="jxr_linenumber" name="346" href="#346">346</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, msg);
<a class="jxr_linenumber" name="347" href="#347">347</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="348" href="#348">348</a> a.close();
<a class="jxr_linenumber" name="349" href="#349">349</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="350" href="#350">350</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="351" href="#351">351</a> }
<a class="jxr_linenumber" name="352" href="#352">352</a> }
<a class="jxr_linenumber" name="353" href="#353">353</a> }
<a class="jxr_linenumber" name="354" href="#354">354</a> }
<a class="jxr_linenumber" name="355" href="#355">355</a>
<a class="jxr_linenumber" name="356" href="#356">356</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="357" href="#357">357</a> <em class="jxr_javadoccomment"> * Cycles through the cached web data sources and calls update on all of</em>
<a class="jxr_linenumber" name="358" href="#358">358</a> <em class="jxr_javadoccomment"> * them.</em>
<a class="jxr_linenumber" name="359" href="#359">359</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="360" href="#360">360</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> doUpdates() {
<a class="jxr_linenumber" name="361" href="#361">361</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/data/UpdateService.html">UpdateService</a> service = UpdateService.getInstance();
<a class="jxr_linenumber" name="362" href="#362">362</a> <strong class="jxr_keyword">final</strong> Iterator&lt;CachedWebDataSource&gt; iterator = service.getDataSources();
<a class="jxr_linenumber" name="363" href="#363">363</a> <strong class="jxr_keyword">while</strong> (iterator.hasNext()) {
<a class="jxr_linenumber" name="364" href="#364">364</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/data/CachedWebDataSource.html">CachedWebDataSource</a> source = iterator.next();
<a class="jxr_linenumber" name="365" href="#365">365</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="366" href="#366">366</a> source.update();
<a class="jxr_linenumber" name="367" href="#367">367</a> } <strong class="jxr_keyword">catch</strong> (UpdateException ex) {
<a class="jxr_linenumber" name="368" href="#368">368</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.WARNING,
<a class="jxr_linenumber" name="369" href="#369">369</a> <span class="jxr_string">"Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities."</span>);
<a class="jxr_linenumber" name="370" href="#370">370</a> Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE,
<a class="jxr_linenumber" name="371" href="#371">371</a> String.format(<span class="jxr_string">"Unable to update details for %s"</span>, source.getClass().getName()), ex);
<a class="jxr_linenumber" name="372" href="#372">372</a> }
<a class="jxr_linenumber" name="373" href="#373">373</a> }
<a class="jxr_linenumber" name="374" href="#374">374</a> }
<a class="jxr_linenumber" name="375" href="#375">375</a>
<a class="jxr_linenumber" name="376" href="#376">376</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="377" href="#377">377</a> <em class="jxr_javadoccomment"> * Returns a full list of all of the analyzers. This is useful for reporting</em>
<a class="jxr_linenumber" name="378" href="#378">378</a> <em class="jxr_javadoccomment"> * which analyzers where used.</em>
<a class="jxr_linenumber" name="379" href="#379">379</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="380" href="#380">380</a> <em class="jxr_javadoccomment"> * @return a list of Analyzers</em>
<a class="jxr_linenumber" name="381" href="#381">381</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="382" href="#382">382</a> <strong class="jxr_keyword">public</strong> List&lt;Analyzer&gt; getAnalyzers() {
<a class="jxr_linenumber" name="383" href="#383">383</a> <strong class="jxr_keyword">final</strong> List&lt;Analyzer&gt; ret = <strong class="jxr_keyword">new</strong> ArrayList&lt;Analyzer&gt;();
<a class="jxr_linenumber" name="384" href="#384">384</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
<a class="jxr_linenumber" name="385" href="#385">385</a> <strong class="jxr_keyword">final</strong> List&lt;Analyzer&gt; analyzerList = analyzers.get(phase);
<a class="jxr_linenumber" name="386" href="#386">386</a> ret.addAll(analyzerList);
<a class="jxr_linenumber" name="387" href="#387">387</a> }
<a class="jxr_linenumber" name="388" href="#388">388</a> <strong class="jxr_keyword">return</strong> ret;
<a class="jxr_linenumber" name="389" href="#389">389</a> }
<a class="jxr_linenumber" name="390" href="#390">390</a>
<a class="jxr_linenumber" name="391" href="#391">391</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="392" href="#392">392</a> <em class="jxr_javadoccomment"> * Checks all analyzers to see if an extension is supported.</em>
<a class="jxr_linenumber" name="393" href="#393">393</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="394" href="#394">394</a> <em class="jxr_javadoccomment"> * @param ext a file extension</em>
<a class="jxr_linenumber" name="395" href="#395">395</a> <em class="jxr_javadoccomment"> * @return true or false depending on whether or not the file extension is</em>
<a class="jxr_linenumber" name="396" href="#396">396</a> <em class="jxr_javadoccomment"> * supported</em>
<a class="jxr_linenumber" name="397" href="#397">397</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="398" href="#398">398</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> supportsExtension(String ext) {
<a class="jxr_linenumber" name="399" href="#399">399</a> <strong class="jxr_keyword">if</strong> (ext == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="400" href="#400">400</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="401" href="#401">401</a> }
<a class="jxr_linenumber" name="402" href="#402">402</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
<a class="jxr_linenumber" name="403" href="#403">403</a> <strong class="jxr_keyword">final</strong> List&lt;Analyzer&gt; analyzerList = analyzers.get(phase);
<a class="jxr_linenumber" name="404" href="#404">404</a> <strong class="jxr_keyword">for</strong> (Analyzer a : analyzerList) {
<a class="jxr_linenumber" name="405" href="#405">405</a> <strong class="jxr_keyword">if</strong> (a.getSupportedExtensions() != <strong class="jxr_keyword">null</strong> &amp;&amp; a.supportsExtension(ext)) {
<a class="jxr_linenumber" name="406" href="#406">406</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="407" href="#407">407</a> }
<a class="jxr_linenumber" name="408" href="#408">408</a> }
<a class="jxr_linenumber" name="409" href="#409">409</a> }
<a class="jxr_linenumber" name="410" href="#410">410</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="411" href="#411">411</a> }
<a class="jxr_linenumber" name="412" href="#412">412</a>
<a class="jxr_linenumber" name="413" href="#413">413</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="414" href="#414">414</a> <em class="jxr_javadoccomment"> * Checks the CPE Index to ensure documents exists. If none exist a</em>
<a class="jxr_linenumber" name="415" href="#415">415</a> <em class="jxr_javadoccomment"> * NoDataException is thrown.</em>
<a class="jxr_linenumber" name="416" href="#416">416</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="417" href="#417">417</a> <em class="jxr_javadoccomment"> * @throws NoDataException thrown if no data exists in the CPE Index</em>
<a class="jxr_linenumber" name="418" href="#418">418</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="419" href="#419">419</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> ensureDataExists() <strong class="jxr_keyword">throws</strong> NoDataException {
<a class="jxr_linenumber" name="420" href="#420">420</a> <a href="../../../org/owasp/dependencycheck/data/cpe/CpeIndexReader.html">CpeIndexReader</a> cpe = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="421" href="#421">421</a> <strong class="jxr_keyword">boolean</strong> noDataExists = false;
<a class="jxr_linenumber" name="422" href="#422">422</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="423" href="#423">423</a> cpe = <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/data/cpe/CpeIndexReader.html">CpeIndexReader</a>();
<a class="jxr_linenumber" name="424" href="#424">424</a> cpe.open();
<a class="jxr_linenumber" name="425" href="#425">425</a> <strong class="jxr_keyword">if</strong> (cpe.numDocs() &lt;= 0) {
<a class="jxr_linenumber" name="426" href="#426">426</a> noDataExists = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="427" href="#427">427</a> }
<a class="jxr_linenumber" name="428" href="#428">428</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="429" href="#429">429</a> noDataExists = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="430" href="#430">430</a> } <strong class="jxr_keyword">catch</strong> (NullPointerException ex) {
<a class="jxr_linenumber" name="431" href="#431">431</a> noDataExists = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="432" href="#432">432</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="433" href="#433">433</a> <strong class="jxr_keyword">if</strong> (cpe != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="434" href="#434">434</a> cpe.close();
<a class="jxr_linenumber" name="435" href="#435">435</a> }
<a class="jxr_linenumber" name="436" href="#436">436</a> }
<a class="jxr_linenumber" name="437" href="#437">437</a> <strong class="jxr_keyword">if</strong> (noDataExists) {
<a class="jxr_linenumber" name="438" href="#438">438</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/data/NoDataException.html">NoDataException</a>(<span class="jxr_string">"No data exists in the data store. Please check that you are able to connect "</span>
<a class="jxr_linenumber" name="439" href="#439">439</a> + <span class="jxr_string">"to the Internet and re-run dependency-check. If the problem persists determine whether you need "</span>
<a class="jxr_linenumber" name="440" href="#440">440</a> + <span class="jxr_string">"to set a proxy url and port.&#92;&#92;n&#92;&#92;nIf you are unable to solve this problem please contact the mailing "</span>
<a class="jxr_linenumber" name="441" href="#441">441</a> + <span class="jxr_string">"list for help: dependency-check@googlegroups.com"</span>);
<a class="jxr_linenumber" name="442" href="#442">442</a>
<a class="jxr_linenumber" name="443" href="#443">443</a> }
<a class="jxr_linenumber" name="444" href="#444">444</a> }
<a class="jxr_linenumber" name="445" href="#445">445</a> }
</pre>
<hr/><div id="footer">This page was automatically generated by <a href="http://maven.apache.org/">Maven</a></div></body>
</html>

648
dependency-check-core/xref/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.html
View File

@@ -42,296 +42,368 @@
<a class="jxr_linenumber" name="32" href="#32">32</a> <strong class="jxr_keyword">import</strong> java.util.Set;
<a class="jxr_linenumber" name="33" href="#33">33</a> <strong class="jxr_keyword">import</strong> java.util.logging.Level;
<a class="jxr_linenumber" name="34" href="#34">34</a> <strong class="jxr_keyword">import</strong> java.util.logging.Logger;
<a class="jxr_linenumber" name="35" href="#35">35</a> <em class="jxr_comment">//import java.util.zip.ZipEntry;</em>
<a class="jxr_linenumber" name="36" href="#36">36</a> <em class="jxr_comment">//import java.util.zip.ZipException;</em>
<a class="jxr_linenumber" name="37" href="#37">37</a> <em class="jxr_comment">//import java.util.zip.ZipInputStream;</em>
<a class="jxr_linenumber" name="38" href="#38">38</a> <strong class="jxr_keyword">import</strong> org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
<a class="jxr_linenumber" name="39" href="#39">39</a> <strong class="jxr_keyword">import</strong> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream;
<a class="jxr_linenumber" name="40" href="#40">40</a> <strong class="jxr_keyword">import</strong> org.h2.store.fs.FileUtils;
<a class="jxr_linenumber" name="41" href="#41">41</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.Engine;
<a class="jxr_linenumber" name="42" href="#42">42</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
<a class="jxr_linenumber" name="43" href="#43">43</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
<a class="jxr_linenumber" name="44" href="#44">44</a>
<a class="jxr_linenumber" name="45" href="#45">45</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="46" href="#46">46</a> <em class="jxr_javadoccomment"> * &lt;p&gt;An analyzer that works on archive files:</em>
<a class="jxr_linenumber" name="47" href="#47">47</a> <em class="jxr_javadoccomment"> * &lt;ul&gt;</em>
<a class="jxr_linenumber" name="48" href="#48">48</a> <em class="jxr_javadoccomment"> * &lt;li&gt;&lt;b&gt;ZIP&lt;/b&gt; - if it is determined to be a JAR, WAR or EAR a copy is made</em>
<a class="jxr_linenumber" name="49" href="#49">49</a> <em class="jxr_javadoccomment"> * and the copy is given the correct extension so that it will be correctly</em>
<a class="jxr_linenumber" name="50" href="#50">50</a> <em class="jxr_javadoccomment"> * analyzed.&lt;/li&gt;</em>
<a class="jxr_linenumber" name="51" href="#51">51</a> <em class="jxr_javadoccomment"> * &lt;li&gt;&lt;b&gt;WAR&lt;/b&gt; - the WAR contents are extracted and added as dependencies to</em>
<a class="jxr_linenumber" name="52" href="#52">52</a> <em class="jxr_javadoccomment"> * the scan. The displayed path is relative to the WAR.&lt;/li&gt;</em>
<a class="jxr_linenumber" name="53" href="#53">53</a> <em class="jxr_javadoccomment"> * &lt;li&gt;&lt;b&gt;EAR&lt;/b&gt; - the WAR contents are extracted and added as dependencies to</em>
<a class="jxr_linenumber" name="54" href="#54">54</a> <em class="jxr_javadoccomment"> * the scan. Any WAR files are also processed so that the contained JAR files</em>
<a class="jxr_linenumber" name="55" href="#55">55</a> <em class="jxr_javadoccomment"> * are added to the list of dependencies. The displayed path is relative to the</em>
<a class="jxr_linenumber" name="56" href="#56">56</a> <em class="jxr_javadoccomment"> * EAR.&lt;/li&gt;</em>
<a class="jxr_linenumber" name="57" href="#57">57</a> <em class="jxr_javadoccomment"> * &lt;/ul&gt;&lt;/p&gt;</em>
<a class="jxr_linenumber" name="58" href="#58">58</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="59" href="#59">59</a> <em class="jxr_javadoccomment"> * @author Jeremy Long (jeremy.long@owasp.org)</em>
<a class="jxr_linenumber" name="60" href="#60">60</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="61" href="#61">61</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.html">ArchiveAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html">AbstractAnalyzer</a> <strong class="jxr_keyword">implements</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> {
<a class="jxr_linenumber" name="62" href="#62">62</a>
<a class="jxr_linenumber" name="63" href="#63">63</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="64" href="#64">64</a> <em class="jxr_javadoccomment"> * The buffer size to use when extracting files from the archive.</em>
<a class="jxr_linenumber" name="65" href="#65">65</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="66" href="#66">66</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> BUFFER_SIZE = 4096;
<a class="jxr_linenumber" name="67" href="#67">67</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="68" href="#68">68</a> <em class="jxr_javadoccomment"> * The count of directories created during analysis. This is used for</em>
<a class="jxr_linenumber" name="69" href="#69">69</a> <em class="jxr_javadoccomment"> * creating temporary directories.</em>
<a class="jxr_linenumber" name="70" href="#70">70</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="71" href="#71">71</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">int</strong> dirCount = 0;
<a class="jxr_linenumber" name="72" href="#72">72</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="73" href="#73">73</a> <em class="jxr_javadoccomment"> * The parent directory for the individual directories per archive.</em>
<a class="jxr_linenumber" name="74" href="#74">74</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="75" href="#75">75</a> <strong class="jxr_keyword">private</strong> File tempFileLocation = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="76" href="#76">76</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="77" href="#77">77</a> <em class="jxr_javadoccomment"> * The max scan depth that the analyzer will recursively extract nested</em>
<a class="jxr_linenumber" name="78" href="#78">78</a> <em class="jxr_javadoccomment"> * archives.</em>
<a class="jxr_linenumber" name="79" href="#79">79</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="80" href="#80">80</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> MAX_SCAN_DEPTH = Settings.getInt(<span class="jxr_string">"archive.scan.depth"</span>, 3);
<a class="jxr_linenumber" name="81" href="#81">81</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="82" href="#82">82</a> <em class="jxr_javadoccomment"> * Tracks the current scan/extraction depth for nested archives.</em>
<a class="jxr_linenumber" name="83" href="#83">83</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="84" href="#84">84</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">int</strong> scanDepth = 0;
<a class="jxr_linenumber" name="85" href="#85">85</a> <em class="jxr_comment">//&lt;editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer"&gt;</em>
<a class="jxr_linenumber" name="35" href="#35">35</a> <strong class="jxr_keyword">import</strong> org.apache.commons.compress.archivers.ArchiveEntry;
<a class="jxr_linenumber" name="36" href="#36">36</a> <strong class="jxr_keyword">import</strong> org.apache.commons.compress.archivers.ArchiveInputStream;
<a class="jxr_linenumber" name="37" href="#37">37</a> <strong class="jxr_keyword">import</strong> org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
<a class="jxr_linenumber" name="38" href="#38">38</a> <strong class="jxr_keyword">import</strong> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream;
<a class="jxr_linenumber" name="39" href="#39">39</a> <strong class="jxr_keyword">import</strong> org.apache.commons.compress.compressors.CompressorInputStream;
<a class="jxr_linenumber" name="40" href="#40">40</a> <strong class="jxr_keyword">import</strong> org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
<a class="jxr_linenumber" name="41" href="#41">41</a> <strong class="jxr_keyword">import</strong> org.apache.commons.compress.compressors.gzip.GzipUtils;
<a class="jxr_linenumber" name="42" href="#42">42</a> <strong class="jxr_keyword">import</strong> org.h2.store.fs.FileUtils;
<a class="jxr_linenumber" name="43" href="#43">43</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.Engine;
<a class="jxr_linenumber" name="44" href="#44">44</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
<a class="jxr_linenumber" name="45" href="#45">45</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
<a class="jxr_linenumber" name="46" href="#46">46</a>
<a class="jxr_linenumber" name="47" href="#47">47</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="48" href="#48">48</a> <em class="jxr_javadoccomment"> * &lt;p&gt;An analyzer that extracts files from archives and ensures any supported</em>
<a class="jxr_linenumber" name="49" href="#49">49</a> <em class="jxr_javadoccomment"> * files contained within the archive are added to the dependency list.&lt;/p&gt;</em>
<a class="jxr_linenumber" name="50" href="#50">50</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="51" href="#51">51</a> <em class="jxr_javadoccomment"> * @author Jeremy Long (jeremy.long@owasp.org)</em>
<a class="jxr_linenumber" name="52" href="#52">52</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="53" href="#53">53</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.html">ArchiveAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html">AbstractAnalyzer</a> <strong class="jxr_keyword">implements</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> {
<a class="jxr_linenumber" name="54" href="#54">54</a>
<a class="jxr_linenumber" name="55" href="#55">55</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="56" href="#56">56</a> <em class="jxr_javadoccomment"> * The buffer size to use when extracting files from the archive.</em>
<a class="jxr_linenumber" name="57" href="#57">57</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="58" href="#58">58</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> BUFFER_SIZE = 4096;
<a class="jxr_linenumber" name="59" href="#59">59</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="60" href="#60">60</a> <em class="jxr_javadoccomment"> * The count of directories created during analysis. This is used for</em>
<a class="jxr_linenumber" name="61" href="#61">61</a> <em class="jxr_javadoccomment"> * creating temporary directories.</em>
<a class="jxr_linenumber" name="62" href="#62">62</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="63" href="#63">63</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">int</strong> dirCount = 0;
<a class="jxr_linenumber" name="64" href="#64">64</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="65" href="#65">65</a> <em class="jxr_javadoccomment"> * The parent directory for the individual directories per archive.</em>
<a class="jxr_linenumber" name="66" href="#66">66</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="67" href="#67">67</a> <strong class="jxr_keyword">private</strong> File tempFileLocation = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="68" href="#68">68</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="69" href="#69">69</a> <em class="jxr_javadoccomment"> * The max scan depth that the analyzer will recursively extract nested</em>
<a class="jxr_linenumber" name="70" href="#70">70</a> <em class="jxr_javadoccomment"> * archives.</em>
<a class="jxr_linenumber" name="71" href="#71">71</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="72" href="#72">72</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> MAX_SCAN_DEPTH = Settings.getInt(<span class="jxr_string">"archive.scan.depth"</span>, 3);
<a class="jxr_linenumber" name="73" href="#73">73</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="74" href="#74">74</a> <em class="jxr_javadoccomment"> * Tracks the current scan/extraction depth for nested archives.</em>
<a class="jxr_linenumber" name="75" href="#75">75</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="76" href="#76">76</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">int</strong> scanDepth = 0;
<a class="jxr_linenumber" name="77" href="#77">77</a> <em class="jxr_comment">//&lt;editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer"&gt;</em>
<a class="jxr_linenumber" name="78" href="#78">78</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="79" href="#79">79</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
<a class="jxr_linenumber" name="80" href="#80">80</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="81" href="#81">81</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Archive Analyzer"</span>;
<a class="jxr_linenumber" name="82" href="#82">82</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="83" href="#83">83</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="84" href="#84">84</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="85" href="#85">85</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INITIAL;
<a class="jxr_linenumber" name="86" href="#86">86</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="87" href="#87">87</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
<a class="jxr_linenumber" name="87" href="#87">87</a> <em class="jxr_javadoccomment"> * The set of file extensions supported by this analyzer.</em>
<a class="jxr_linenumber" name="88" href="#88">88</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="89" href="#89">89</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Archive Analyzer"</span>;
<a class="jxr_linenumber" name="90" href="#90">90</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="91" href="#91">91</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="92" href="#92">92</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="93" href="#93">93</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INITIAL;
<a class="jxr_linenumber" name="94" href="#94">94</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="95" href="#95">95</a> <em class="jxr_javadoccomment"> * The set of file extensions supported by this analyzer.</em>
<a class="jxr_linenumber" name="96" href="#96">96</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="97" href="#97">97</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Set&lt;String&gt; EXTENSIONS = newHashSet(<span class="jxr_string">"zip"</span>, <span class="jxr_string">"ear"</span>, <span class="jxr_string">"war"</span>);
<a class="jxr_linenumber" name="98" href="#98">98</a>
<a class="jxr_linenumber" name="99" href="#99">99</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="100" href="#100">100</a> <em class="jxr_javadoccomment"> * Returns a list of file EXTENSIONS supported by this analyzer.</em>
<a class="jxr_linenumber" name="101" href="#101">101</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="102" href="#102">102</a> <em class="jxr_javadoccomment"> * @return a list of file EXTENSIONS supported by this analyzer.</em>
<a class="jxr_linenumber" name="103" href="#103">103</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="104" href="#104">104</a> <strong class="jxr_keyword">public</strong> Set&lt;String&gt; getSupportedExtensions() {
<a class="jxr_linenumber" name="105" href="#105">105</a> <strong class="jxr_keyword">return</strong> EXTENSIONS;
<a class="jxr_linenumber" name="106" href="#106">106</a> }
<a class="jxr_linenumber" name="107" href="#107">107</a>
<a class="jxr_linenumber" name="108" href="#108">108</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="109" href="#109">109</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
<a class="jxr_linenumber" name="110" href="#110">110</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="111" href="#111">111</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
<a class="jxr_linenumber" name="112" href="#112">112</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="113" href="#113">113</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="114" href="#114">114</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="115" href="#115">115</a> }
<a class="jxr_linenumber" name="116" href="#116">116</a>
<a class="jxr_linenumber" name="117" href="#117">117</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="118" href="#118">118</a> <em class="jxr_javadoccomment"> * Returns whether or not this analyzer can process the given extension.</em>
<a class="jxr_linenumber" name="119" href="#119">119</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="120" href="#120">120</a> <em class="jxr_javadoccomment"> * @param extension the file extension to test for support.</em>
<a class="jxr_linenumber" name="121" href="#121">121</a> <em class="jxr_javadoccomment"> * @return whether or not the specified file extension is supported by this</em>
<a class="jxr_linenumber" name="122" href="#122">122</a> <em class="jxr_javadoccomment"> * analyzer.</em>
<a class="jxr_linenumber" name="123" href="#123">123</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="124" href="#124">124</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> supportsExtension(String extension) {
<a class="jxr_linenumber" name="125" href="#125">125</a> <strong class="jxr_keyword">return</strong> EXTENSIONS.contains(extension);
<a class="jxr_linenumber" name="126" href="#126">126</a> }
<a class="jxr_linenumber" name="127" href="#127">127</a>
<a class="jxr_linenumber" name="128" href="#128">128</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="129" href="#129">129</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="130" href="#130">130</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="131" href="#131">131</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="132" href="#132">132</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="133" href="#133">133</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="134" href="#134">134</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
<a class="jxr_linenumber" name="135" href="#135">135</a> }
<a class="jxr_linenumber" name="136" href="#136">136</a> <em class="jxr_comment">//&lt;/editor-fold&gt;</em>
<a class="jxr_linenumber" name="137" href="#137">137</a>
<a class="jxr_linenumber" name="138" href="#138">138</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="139" href="#139">139</a> <em class="jxr_javadoccomment"> * The initialize method does nothing for this Analyzer.</em>
<a class="jxr_linenumber" name="140" href="#140">140</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="141" href="#141">141</a> <em class="jxr_javadoccomment"> * @throws Exception is thrown if there is an exception deleting or creating</em>
<a class="jxr_linenumber" name="142" href="#142">142</a> <em class="jxr_javadoccomment"> * temporary files</em>
<a class="jxr_linenumber" name="143" href="#143">143</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="144" href="#144">144</a> @Override
<a class="jxr_linenumber" name="145" href="#145">145</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initialize() <strong class="jxr_keyword">throws</strong> Exception {
<a class="jxr_linenumber" name="146" href="#146">146</a> <strong class="jxr_keyword">final</strong> File baseDir = Settings.getTempDirectory();
<a class="jxr_linenumber" name="147" href="#147">147</a> <strong class="jxr_keyword">if</strong> (!baseDir.exists()) {
<a class="jxr_linenumber" name="148" href="#148">148</a> <strong class="jxr_keyword">if</strong> (!baseDir.mkdirs()) {
<a class="jxr_linenumber" name="149" href="#149">149</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to make a temporary folder '%s'"</span>, baseDir.getPath());
<a class="jxr_linenumber" name="150" href="#150">150</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(msg);
<a class="jxr_linenumber" name="151" href="#151">151</a> }
<a class="jxr_linenumber" name="152" href="#152">152</a> }
<a class="jxr_linenumber" name="153" href="#153">153</a> tempFileLocation = File.createTempFile(<span class="jxr_string">"check"</span>, <span class="jxr_string">"tmp"</span>, baseDir);
<a class="jxr_linenumber" name="154" href="#154">154</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.delete()) {
<a class="jxr_linenumber" name="155" href="#155">155</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Unable to delete temporary file '"</span> + tempFileLocation.getAbsolutePath() + <span class="jxr_string">"'."</span>);
<a class="jxr_linenumber" name="156" href="#156">156</a> }
<a class="jxr_linenumber" name="157" href="#157">157</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.mkdirs()) {
<a class="jxr_linenumber" name="158" href="#158">158</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Unable to create directory '"</span> + tempFileLocation.getAbsolutePath() + <span class="jxr_string">"'."</span>);
<a class="jxr_linenumber" name="159" href="#159">159</a> }
<a class="jxr_linenumber" name="160" href="#160">160</a> }
<a class="jxr_linenumber" name="161" href="#161">161</a>
<a class="jxr_linenumber" name="162" href="#162">162</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="163" href="#163">163</a> <em class="jxr_javadoccomment"> * The close method does nothing for this Analyzer.</em>
<a class="jxr_linenumber" name="164" href="#164">164</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="165" href="#165">165</a> <em class="jxr_javadoccomment"> * @throws Exception thrown if there is an exception deleting temporary</em>
<a class="jxr_linenumber" name="166" href="#166">166</a> <em class="jxr_javadoccomment"> * files</em>
<a class="jxr_linenumber" name="167" href="#167">167</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="168" href="#168">168</a> @Override
<a class="jxr_linenumber" name="169" href="#169">169</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() <strong class="jxr_keyword">throws</strong> Exception {
<a class="jxr_linenumber" name="170" href="#170">170</a> <strong class="jxr_keyword">if</strong> (tempFileLocation != <strong class="jxr_keyword">null</strong> &amp;&amp; tempFileLocation.exists()) {
<a class="jxr_linenumber" name="171" href="#171">171</a> FileUtils.deleteRecursive(tempFileLocation.getAbsolutePath(), <strong class="jxr_keyword">true</strong>);
<a class="jxr_linenumber" name="172" href="#172">172</a> }
<a class="jxr_linenumber" name="173" href="#173">173</a> }
<a class="jxr_linenumber" name="174" href="#174">174</a>
<a class="jxr_linenumber" name="175" href="#175">175</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="176" href="#176">176</a> <em class="jxr_javadoccomment"> * Analyzes a given dependency. If the dependency is an archive, such as a</em>
<a class="jxr_linenumber" name="177" href="#177">177</a> <em class="jxr_javadoccomment"> * WAR or EAR, the contents are extracted, scanned, and added to the list of</em>
<a class="jxr_linenumber" name="178" href="#178">178</a> <em class="jxr_javadoccomment"> * dependencies within the engine.</em>
<a class="jxr_linenumber" name="179" href="#179">179</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="180" href="#180">180</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
<a class="jxr_linenumber" name="181" href="#181">181</a> <em class="jxr_javadoccomment"> * @param engine the engine scanning</em>
<a class="jxr_linenumber" name="182" href="#182">182</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an analysis exception</em>
<a class="jxr_linenumber" name="183" href="#183">183</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="184" href="#184">184</a> @Override
<a class="jxr_linenumber" name="185" href="#185">185</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyze(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="186" href="#186">186</a> <strong class="jxr_keyword">final</strong> File f = <strong class="jxr_keyword">new</strong> File(dependency.getActualFilePath());
<a class="jxr_linenumber" name="187" href="#187">187</a> <strong class="jxr_keyword">final</strong> File tmpDir = getNextTempDirectory();
<a class="jxr_linenumber" name="188" href="#188">188</a> extractFiles(f, tmpDir, engine);
<a class="jxr_linenumber" name="189" href="#189">189</a>
<a class="jxr_linenumber" name="190" href="#190">190</a> <em class="jxr_comment">//make a copy</em>
<a class="jxr_linenumber" name="191" href="#191">191</a> <strong class="jxr_keyword">final</strong> List&lt;Dependency&gt; dependencies = <strong class="jxr_keyword">new</strong> ArrayList&lt;Dependency&gt;(engine.getDependencies());
<a class="jxr_linenumber" name="192" href="#192">192</a> engine.scan(tmpDir);
<a class="jxr_linenumber" name="193" href="#193">193</a> <strong class="jxr_keyword">final</strong> List&lt;Dependency&gt; newDependencies = engine.getDependencies();
<a class="jxr_linenumber" name="194" href="#194">194</a> <strong class="jxr_keyword">if</strong> (dependencies.size() != newDependencies.size()) {
<a class="jxr_linenumber" name="195" href="#195">195</a> <em class="jxr_comment">//get the new dependencies</em>
<a class="jxr_linenumber" name="196" href="#196">196</a> <strong class="jxr_keyword">final</strong> Set&lt;Dependency&gt; dependencySet = <strong class="jxr_keyword">new</strong> HashSet&lt;Dependency&gt;();
<a class="jxr_linenumber" name="197" href="#197">197</a> dependencySet.addAll(newDependencies);
<a class="jxr_linenumber" name="198" href="#198">198</a> dependencySet.removeAll(dependencies);
<a class="jxr_linenumber" name="199" href="#199">199</a>
<a class="jxr_linenumber" name="200" href="#200">200</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencySet) {
<a class="jxr_linenumber" name="201" href="#201">201</a> <em class="jxr_comment">//fix the dependency's display name and path</em>
<a class="jxr_linenumber" name="202" href="#202">202</a> <strong class="jxr_keyword">final</strong> String displayPath = String.format(<span class="jxr_string">"%s%s"</span>,
<a class="jxr_linenumber" name="203" href="#203">203</a> dependency.getFilePath(),
<a class="jxr_linenumber" name="204" href="#204">204</a> d.getActualFilePath().substring(tmpDir.getAbsolutePath().length()));
<a class="jxr_linenumber" name="205" href="#205">205</a> <strong class="jxr_keyword">final</strong> String displayName = String.format(<span class="jxr_string">"%s%s%s"</span>,
<a class="jxr_linenumber" name="206" href="#206">206</a> dependency.getFileName(),
<a class="jxr_linenumber" name="207" href="#207">207</a> File.separator,
<a class="jxr_linenumber" name="208" href="#208">208</a> d.getFileName());
<a class="jxr_linenumber" name="209" href="#209">209</a> d.setFilePath(displayPath);
<a class="jxr_linenumber" name="210" href="#210">210</a> d.setFileName(displayName);
<a class="jxr_linenumber" name="211" href="#211">211</a>
<a class="jxr_linenumber" name="212" href="#212">212</a> <em class="jxr_comment">//TODO - can we get more evidence from the parent? EAR contains module name, etc.</em>
<a class="jxr_linenumber" name="213" href="#213">213</a>
<a class="jxr_linenumber" name="214" href="#214">214</a> <em class="jxr_comment">//analyze the dependency (i.e. extract files) if it is a supported type.</em>
<a class="jxr_linenumber" name="215" href="#215">215</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.supportsExtension(d.getFileExtension()) &amp;&amp; scanDepth &lt; MAX_SCAN_DEPTH) {
<a class="jxr_linenumber" name="216" href="#216">216</a> scanDepth += 1;
<a class="jxr_linenumber" name="217" href="#217">217</a> analyze(d, engine);
<a class="jxr_linenumber" name="218" href="#218">218</a> scanDepth -= 1;
<a class="jxr_linenumber" name="219" href="#219">219</a> }
<a class="jxr_linenumber" name="220" href="#220">220</a> }
<a class="jxr_linenumber" name="221" href="#221">221</a> }
<a class="jxr_linenumber" name="222" href="#222">222</a> Collections.sort(engine.getDependencies());
<a class="jxr_linenumber" name="223" href="#223">223</a> }
<a class="jxr_linenumber" name="224" href="#224">224</a>
<a class="jxr_linenumber" name="225" href="#225">225</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="226" href="#226">226</a> <em class="jxr_javadoccomment"> * Retrieves the next temporary directory to extract an archive too.</em>
<a class="jxr_linenumber" name="227" href="#227">227</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="228" href="#228">228</a> <em class="jxr_javadoccomment"> * @return a directory</em>
<a class="jxr_linenumber" name="229" href="#229">229</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if unable to create temporary directory</em>
<a class="jxr_linenumber" name="230" href="#230">230</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="231" href="#231">231</a> <strong class="jxr_keyword">private</strong> File getNextTempDirectory() <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="232" href="#232">232</a> dirCount += 1;
<a class="jxr_linenumber" name="233" href="#233">233</a> <strong class="jxr_keyword">final</strong> File directory = <strong class="jxr_keyword">new</strong> File(tempFileLocation, String.valueOf(dirCount));
<a class="jxr_linenumber" name="234" href="#234">234</a> <strong class="jxr_keyword">if</strong> (!directory.mkdirs()) {
<a class="jxr_linenumber" name="235" href="#235">235</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Unable to create temp directory '"</span> + directory.getAbsolutePath() + <span class="jxr_string">"'."</span>);
<a class="jxr_linenumber" name="236" href="#236">236</a> }
<a class="jxr_linenumber" name="237" href="#237">237</a> <strong class="jxr_keyword">return</strong> directory;
<a class="jxr_linenumber" name="238" href="#238">238</a> }
<a class="jxr_linenumber" name="239" href="#239">239</a>
<a class="jxr_linenumber" name="240" href="#240">240</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="241" href="#241">241</a> <em class="jxr_javadoccomment"> * Extracts the contents of an archive into the specified directory.</em>
<a class="jxr_linenumber" name="242" href="#242">242</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="243" href="#243">243</a> <em class="jxr_javadoccomment"> * @param archive an archive file such as a WAR or EAR</em>
<a class="jxr_linenumber" name="244" href="#244">244</a> <em class="jxr_javadoccomment"> * @param extractTo a directory to extract the contents to</em>
<a class="jxr_linenumber" name="245" href="#245">245</a> <em class="jxr_javadoccomment"> * @param engine the scanning engine</em>
<a class="jxr_linenumber" name="246" href="#246">246</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if the archive is not found</em>
<a class="jxr_linenumber" name="247" href="#247">247</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="248" href="#248">248</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractFiles(File archive, File extractTo, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="249" href="#249">249</a> <strong class="jxr_keyword">if</strong> (archive == <strong class="jxr_keyword">null</strong> || extractTo == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="250" href="#250">250</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="251" href="#251">251</a> }
<a class="jxr_linenumber" name="252" href="#252">252</a>
<a class="jxr_linenumber" name="253" href="#253">253</a> FileInputStream fis = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="254" href="#254">254</a> <em class="jxr_comment">//ZipInputStream zis = null;</em>
<a class="jxr_linenumber" name="255" href="#255">255</a> ZipArchiveInputStream zis = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="256" href="#256">256</a>
<a class="jxr_linenumber" name="257" href="#257">257</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="258" href="#258">258</a> fis = <strong class="jxr_keyword">new</strong> FileInputStream(archive);
<a class="jxr_linenumber" name="259" href="#259">259</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
<a class="jxr_linenumber" name="260" href="#260">260</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.INFO, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="261" href="#261">261</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Archive file was not found."</span>, ex);
<a class="jxr_linenumber" name="262" href="#262">262</a> }
<a class="jxr_linenumber" name="263" href="#263">263</a> zis = <strong class="jxr_keyword">new</strong> ZipArchiveInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis));
<a class="jxr_linenumber" name="264" href="#264">264</a> ZipArchiveEntry entry;
<a class="jxr_linenumber" name="265" href="#265">265</a>
<a class="jxr_linenumber" name="266" href="#266">266</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="267" href="#267">267</a> <strong class="jxr_keyword">while</strong> ((entry = zis.getNextZipEntry()) != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="268" href="#268">268</a> <strong class="jxr_keyword">if</strong> (entry.isDirectory()) {
<a class="jxr_linenumber" name="269" href="#269">269</a> <strong class="jxr_keyword">final</strong> File d = <strong class="jxr_keyword">new</strong> File(extractTo, entry.getName());
<a class="jxr_linenumber" name="270" href="#270">270</a> <strong class="jxr_keyword">if</strong> (!d.mkdirs()) {
<a class="jxr_linenumber" name="271" href="#271">271</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Unable to create '"</span> + d.getAbsolutePath() + <span class="jxr_string">"'."</span>);
<a class="jxr_linenumber" name="272" href="#272">272</a> }
<a class="jxr_linenumber" name="273" href="#273">273</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="274" href="#274">274</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(extractTo, entry.getName());
<a class="jxr_linenumber" name="275" href="#275">275</a> <strong class="jxr_keyword">final</strong> String ext = org.owasp.dependencycheck.utils.FileUtils.getFileExtension(file.getName());
<a class="jxr_linenumber" name="276" href="#276">276</a> <strong class="jxr_keyword">if</strong> (engine.supportsExtension(ext)) {
<a class="jxr_linenumber" name="277" href="#277">277</a> BufferedOutputStream bos = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="278" href="#278">278</a> FileOutputStream fos;
<a class="jxr_linenumber" name="279" href="#279">279</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="280" href="#280">280</a> fos = <strong class="jxr_keyword">new</strong> FileOutputStream(file);
<a class="jxr_linenumber" name="281" href="#281">281</a> bos = <strong class="jxr_keyword">new</strong> BufferedOutputStream(fos, BUFFER_SIZE);
<a class="jxr_linenumber" name="282" href="#282">282</a> <strong class="jxr_keyword">int</strong> count;
<a class="jxr_linenumber" name="283" href="#283">283</a> <strong class="jxr_keyword">final</strong> byte data[] = <strong class="jxr_keyword">new</strong> byte[BUFFER_SIZE];
<a class="jxr_linenumber" name="284" href="#284">284</a> <strong class="jxr_keyword">while</strong> ((count = zis.read(data, 0, BUFFER_SIZE)) != -1) {
<a class="jxr_linenumber" name="285" href="#285">285</a> bos.write(data, 0, count);
<a class="jxr_linenumber" name="286" href="#286">286</a> }
<a class="jxr_linenumber" name="287" href="#287">287</a> bos.flush();
<a class="jxr_linenumber" name="288" href="#288">288</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
<a class="jxr_linenumber" name="289" href="#289">289</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="290" href="#290">290</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Unable to find file '"</span> + file.getName() + <span class="jxr_string">"'."</span>, ex);
<a class="jxr_linenumber" name="291" href="#291">291</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="292" href="#292">292</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="293" href="#293">293</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"IO Exception while parsing file '"</span> + file.getName() + <span class="jxr_string">"'."</span>, ex);
<a class="jxr_linenumber" name="294" href="#294">294</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="295" href="#295">295</a> <strong class="jxr_keyword">if</strong> (bos != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="296" href="#296">296</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="297" href="#297">297</a> bos.close();
<a class="jxr_linenumber" name="298" href="#298">298</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="299" href="#299">299</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="300" href="#300">300</a> }
<a class="jxr_linenumber" name="301" href="#301">301</a> }
<a class="jxr_linenumber" name="302" href="#302">302</a> }
<a class="jxr_linenumber" name="303" href="#303">303</a> }
<a class="jxr_linenumber" name="304" href="#304">304</a> }
<a class="jxr_linenumber" name="305" href="#305">305</a> }
<a class="jxr_linenumber" name="306" href="#306">306</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="307" href="#307">307</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Exception reading archive '%s'."</span>, archive.getName());
<a class="jxr_linenumber" name="308" href="#308">308</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.WARNING, msg);
<a class="jxr_linenumber" name="309" href="#309">309</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="310" href="#310">310</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(msg, ex);
<a class="jxr_linenumber" name="311" href="#311">311</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
<a class="jxr_linenumber" name="312" href="#312">312</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Exception reading archive '%s'."</span>, archive.getName());
<a class="jxr_linenumber" name="313" href="#313">313</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.WARNING, msg);
<a class="jxr_linenumber" name="314" href="#314">314</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.WARNING, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="315" href="#315">315</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(msg, ex);
<a class="jxr_linenumber" name="316" href="#316">316</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="317" href="#317">317</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="318" href="#318">318</a> zis.close();
<a class="jxr_linenumber" name="319" href="#319">319</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="320" href="#320">320</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="321" href="#321">321</a> }
<a class="jxr_linenumber" name="322" href="#322">322</a> }
<a class="jxr_linenumber" name="323" href="#323">323</a> }
<a class="jxr_linenumber" name="324" href="#324">324</a> }
<a class="jxr_linenumber" name="89" href="#89">89</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Set&lt;String&gt; EXTENSIONS = newHashSet(<span class="jxr_string">"zip"</span>, <span class="jxr_string">"ear"</span>, <span class="jxr_string">"war"</span>, <span class="jxr_string">"tar"</span>, <span class="jxr_string">"gz"</span>, <span class="jxr_string">"tgz"</span>);
<a class="jxr_linenumber" name="90" href="#90">90</a>
<a class="jxr_linenumber" name="91" href="#91">91</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="92" href="#92">92</a> <em class="jxr_javadoccomment"> * Returns a list of file EXTENSIONS supported by this analyzer.</em>
<a class="jxr_linenumber" name="93" href="#93">93</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="94" href="#94">94</a> <em class="jxr_javadoccomment"> * @return a list of file EXTENSIONS supported by this analyzer.</em>
<a class="jxr_linenumber" name="95" href="#95">95</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="96" href="#96">96</a> <strong class="jxr_keyword">public</strong> Set&lt;String&gt; getSupportedExtensions() {
<a class="jxr_linenumber" name="97" href="#97">97</a> <strong class="jxr_keyword">return</strong> EXTENSIONS;
<a class="jxr_linenumber" name="98" href="#98">98</a> }
<a class="jxr_linenumber" name="99" href="#99">99</a>
<a class="jxr_linenumber" name="100" href="#100">100</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="101" href="#101">101</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
<a class="jxr_linenumber" name="102" href="#102">102</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="103" href="#103">103</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
<a class="jxr_linenumber" name="104" href="#104">104</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="105" href="#105">105</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="106" href="#106">106</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="107" href="#107">107</a> }
<a class="jxr_linenumber" name="108" href="#108">108</a>
<a class="jxr_linenumber" name="109" href="#109">109</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="110" href="#110">110</a> <em class="jxr_javadoccomment"> * Returns whether or not this analyzer can process the given extension.</em>
<a class="jxr_linenumber" name="111" href="#111">111</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="112" href="#112">112</a> <em class="jxr_javadoccomment"> * @param extension the file extension to test for support.</em>
<a class="jxr_linenumber" name="113" href="#113">113</a> <em class="jxr_javadoccomment"> * @return whether or not the specified file extension is supported by this</em>
<a class="jxr_linenumber" name="114" href="#114">114</a> <em class="jxr_javadoccomment"> * analyzer.</em>
<a class="jxr_linenumber" name="115" href="#115">115</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="116" href="#116">116</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> supportsExtension(String extension) {
<a class="jxr_linenumber" name="117" href="#117">117</a> <strong class="jxr_keyword">return</strong> EXTENSIONS.contains(extension);
<a class="jxr_linenumber" name="118" href="#118">118</a> }
<a class="jxr_linenumber" name="119" href="#119">119</a>
<a class="jxr_linenumber" name="120" href="#120">120</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="121" href="#121">121</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="122" href="#122">122</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="123" href="#123">123</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="124" href="#124">124</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="125" href="#125">125</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="126" href="#126">126</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
<a class="jxr_linenumber" name="127" href="#127">127</a> }
<a class="jxr_linenumber" name="128" href="#128">128</a> <em class="jxr_comment">//&lt;/editor-fold&gt;</em>
<a class="jxr_linenumber" name="129" href="#129">129</a>
<a class="jxr_linenumber" name="130" href="#130">130</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="131" href="#131">131</a> <em class="jxr_javadoccomment"> * The initialize method does nothing for this Analyzer.</em>
<a class="jxr_linenumber" name="132" href="#132">132</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="133" href="#133">133</a> <em class="jxr_javadoccomment"> * @throws Exception is thrown if there is an exception deleting or creating</em>
<a class="jxr_linenumber" name="134" href="#134">134</a> <em class="jxr_javadoccomment"> * temporary files</em>
<a class="jxr_linenumber" name="135" href="#135">135</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="136" href="#136">136</a> @Override
<a class="jxr_linenumber" name="137" href="#137">137</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initialize() <strong class="jxr_keyword">throws</strong> Exception {
<a class="jxr_linenumber" name="138" href="#138">138</a> <strong class="jxr_keyword">final</strong> File baseDir = Settings.getTempDirectory();
<a class="jxr_linenumber" name="139" href="#139">139</a> <strong class="jxr_keyword">if</strong> (!baseDir.exists()) {
<a class="jxr_linenumber" name="140" href="#140">140</a> <strong class="jxr_keyword">if</strong> (!baseDir.mkdirs()) {
<a class="jxr_linenumber" name="141" href="#141">141</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to make a temporary folder '%s'"</span>, baseDir.getPath());
<a class="jxr_linenumber" name="142" href="#142">142</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(msg);
<a class="jxr_linenumber" name="143" href="#143">143</a> }
<a class="jxr_linenumber" name="144" href="#144">144</a> }
<a class="jxr_linenumber" name="145" href="#145">145</a> tempFileLocation = File.createTempFile(<span class="jxr_string">"check"</span>, <span class="jxr_string">"tmp"</span>, baseDir);
<a class="jxr_linenumber" name="146" href="#146">146</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.delete()) {
<a class="jxr_linenumber" name="147" href="#147">147</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to delete temporary file '%s'."</span>, tempFileLocation.getAbsolutePath());
<a class="jxr_linenumber" name="148" href="#148">148</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(msg);
<a class="jxr_linenumber" name="149" href="#149">149</a> }
<a class="jxr_linenumber" name="150" href="#150">150</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.mkdirs()) {
<a class="jxr_linenumber" name="151" href="#151">151</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to create directory '%s'."</span>, tempFileLocation.getAbsolutePath());
<a class="jxr_linenumber" name="152" href="#152">152</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(msg);
<a class="jxr_linenumber" name="153" href="#153">153</a> }
<a class="jxr_linenumber" name="154" href="#154">154</a> }
<a class="jxr_linenumber" name="155" href="#155">155</a>
<a class="jxr_linenumber" name="156" href="#156">156</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="157" href="#157">157</a> <em class="jxr_javadoccomment"> * The close method does nothing for this Analyzer.</em>
<a class="jxr_linenumber" name="158" href="#158">158</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="159" href="#159">159</a> <em class="jxr_javadoccomment"> * @throws Exception thrown if there is an exception deleting temporary</em>
<a class="jxr_linenumber" name="160" href="#160">160</a> <em class="jxr_javadoccomment"> * files</em>
<a class="jxr_linenumber" name="161" href="#161">161</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="162" href="#162">162</a> @Override
<a class="jxr_linenumber" name="163" href="#163">163</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() <strong class="jxr_keyword">throws</strong> Exception {
<a class="jxr_linenumber" name="164" href="#164">164</a> <strong class="jxr_keyword">if</strong> (tempFileLocation != <strong class="jxr_keyword">null</strong> &amp;&amp; tempFileLocation.exists()) {
<a class="jxr_linenumber" name="165" href="#165">165</a> FileUtils.deleteRecursive(tempFileLocation.getAbsolutePath(), <strong class="jxr_keyword">true</strong>);
<a class="jxr_linenumber" name="166" href="#166">166</a> }
<a class="jxr_linenumber" name="167" href="#167">167</a> }
<a class="jxr_linenumber" name="168" href="#168">168</a>
<a class="jxr_linenumber" name="169" href="#169">169</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="170" href="#170">170</a> <em class="jxr_javadoccomment"> * Analyzes a given dependency. If the dependency is an archive, such as a</em>
<a class="jxr_linenumber" name="171" href="#171">171</a> <em class="jxr_javadoccomment"> * WAR or EAR, the contents are extracted, scanned, and added to the list of</em>
<a class="jxr_linenumber" name="172" href="#172">172</a> <em class="jxr_javadoccomment"> * dependencies within the engine.</em>
<a class="jxr_linenumber" name="173" href="#173">173</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="174" href="#174">174</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
<a class="jxr_linenumber" name="175" href="#175">175</a> <em class="jxr_javadoccomment"> * @param engine the engine scanning</em>
<a class="jxr_linenumber" name="176" href="#176">176</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an analysis exception</em>
<a class="jxr_linenumber" name="177" href="#177">177</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="178" href="#178">178</a> @Override
<a class="jxr_linenumber" name="179" href="#179">179</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyze(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="180" href="#180">180</a> <strong class="jxr_keyword">final</strong> File f = <strong class="jxr_keyword">new</strong> File(dependency.getActualFilePath());
<a class="jxr_linenumber" name="181" href="#181">181</a> <strong class="jxr_keyword">final</strong> File tmpDir = getNextTempDirectory();
<a class="jxr_linenumber" name="182" href="#182">182</a> extractFiles(f, tmpDir, engine);
<a class="jxr_linenumber" name="183" href="#183">183</a>
<a class="jxr_linenumber" name="184" href="#184">184</a> <em class="jxr_comment">//make a copy</em>
<a class="jxr_linenumber" name="185" href="#185">185</a> <strong class="jxr_keyword">final</strong> List&lt;Dependency&gt; dependencies = <strong class="jxr_keyword">new</strong> ArrayList&lt;Dependency&gt;(engine.getDependencies());
<a class="jxr_linenumber" name="186" href="#186">186</a> engine.scan(tmpDir);
<a class="jxr_linenumber" name="187" href="#187">187</a> <strong class="jxr_keyword">final</strong> List&lt;Dependency&gt; newDependencies = engine.getDependencies();
<a class="jxr_linenumber" name="188" href="#188">188</a> <strong class="jxr_keyword">if</strong> (dependencies.size() != newDependencies.size()) {
<a class="jxr_linenumber" name="189" href="#189">189</a> <em class="jxr_comment">//get the new dependencies</em>
<a class="jxr_linenumber" name="190" href="#190">190</a> <strong class="jxr_keyword">final</strong> Set&lt;Dependency&gt; dependencySet = <strong class="jxr_keyword">new</strong> HashSet&lt;Dependency&gt;();
<a class="jxr_linenumber" name="191" href="#191">191</a> dependencySet.addAll(newDependencies);
<a class="jxr_linenumber" name="192" href="#192">192</a> dependencySet.removeAll(dependencies);
<a class="jxr_linenumber" name="193" href="#193">193</a>
<a class="jxr_linenumber" name="194" href="#194">194</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencySet) {
<a class="jxr_linenumber" name="195" href="#195">195</a> <em class="jxr_comment">//fix the dependency's display name and path</em>
<a class="jxr_linenumber" name="196" href="#196">196</a> <strong class="jxr_keyword">final</strong> String displayPath = String.format(<span class="jxr_string">"%s%s"</span>,
<a class="jxr_linenumber" name="197" href="#197">197</a> dependency.getFilePath(),
<a class="jxr_linenumber" name="198" href="#198">198</a> d.getActualFilePath().substring(tmpDir.getAbsolutePath().length()));
<a class="jxr_linenumber" name="199" href="#199">199</a> <strong class="jxr_keyword">final</strong> String displayName = String.format(<span class="jxr_string">"%s%s%s"</span>,
<a class="jxr_linenumber" name="200" href="#200">200</a> dependency.getFileName(),
<a class="jxr_linenumber" name="201" href="#201">201</a> File.separator,
<a class="jxr_linenumber" name="202" href="#202">202</a> d.getFileName());
<a class="jxr_linenumber" name="203" href="#203">203</a> d.setFilePath(displayPath);
<a class="jxr_linenumber" name="204" href="#204">204</a> d.setFileName(displayName);
<a class="jxr_linenumber" name="205" href="#205">205</a>
<a class="jxr_linenumber" name="206" href="#206">206</a> <em class="jxr_comment">//TODO - can we get more evidence from the parent? EAR contains module name, etc.</em>
<a class="jxr_linenumber" name="207" href="#207">207</a>
<a class="jxr_linenumber" name="208" href="#208">208</a> <em class="jxr_comment">//analyze the dependency (i.e. extract files) if it is a supported type.</em>
<a class="jxr_linenumber" name="209" href="#209">209</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.supportsExtension(d.getFileExtension()) &amp;&amp; scanDepth &lt; MAX_SCAN_DEPTH) {
<a class="jxr_linenumber" name="210" href="#210">210</a> scanDepth += 1;
<a class="jxr_linenumber" name="211" href="#211">211</a> analyze(d, engine);
<a class="jxr_linenumber" name="212" href="#212">212</a> scanDepth -= 1;
<a class="jxr_linenumber" name="213" href="#213">213</a> }
<a class="jxr_linenumber" name="214" href="#214">214</a> }
<a class="jxr_linenumber" name="215" href="#215">215</a> }
<a class="jxr_linenumber" name="216" href="#216">216</a> Collections.sort(engine.getDependencies());
<a class="jxr_linenumber" name="217" href="#217">217</a> }
<a class="jxr_linenumber" name="218" href="#218">218</a>
<a class="jxr_linenumber" name="219" href="#219">219</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="220" href="#220">220</a> <em class="jxr_javadoccomment"> * Retrieves the next temporary directory to extract an archive too.</em>
<a class="jxr_linenumber" name="221" href="#221">221</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="222" href="#222">222</a> <em class="jxr_javadoccomment"> * @return a directory</em>
<a class="jxr_linenumber" name="223" href="#223">223</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if unable to create temporary directory</em>
<a class="jxr_linenumber" name="224" href="#224">224</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="225" href="#225">225</a> <strong class="jxr_keyword">private</strong> File getNextTempDirectory() <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="226" href="#226">226</a> dirCount += 1;
<a class="jxr_linenumber" name="227" href="#227">227</a> <strong class="jxr_keyword">final</strong> File directory = <strong class="jxr_keyword">new</strong> File(tempFileLocation, String.valueOf(dirCount));
<a class="jxr_linenumber" name="228" href="#228">228</a> <em class="jxr_comment">//getting an exception for some directories not being able to be created; might be because the directory already exists?</em>
<a class="jxr_linenumber" name="229" href="#229">229</a> <strong class="jxr_keyword">if</strong> (directory.exists()) {
<a class="jxr_linenumber" name="230" href="#230">230</a> <strong class="jxr_keyword">return</strong> getNextTempDirectory();
<a class="jxr_linenumber" name="231" href="#231">231</a> }
<a class="jxr_linenumber" name="232" href="#232">232</a> <strong class="jxr_keyword">if</strong> (!directory.mkdirs()) {
<a class="jxr_linenumber" name="233" href="#233">233</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to create temp directory '%s'."</span>, directory.getAbsolutePath());
<a class="jxr_linenumber" name="234" href="#234">234</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(msg);
<a class="jxr_linenumber" name="235" href="#235">235</a> }
<a class="jxr_linenumber" name="236" href="#236">236</a> <strong class="jxr_keyword">return</strong> directory;
<a class="jxr_linenumber" name="237" href="#237">237</a> }
<a class="jxr_linenumber" name="238" href="#238">238</a>
<a class="jxr_linenumber" name="239" href="#239">239</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="240" href="#240">240</a> <em class="jxr_javadoccomment"> * Extracts the contents of an archive into the specified directory.</em>
<a class="jxr_linenumber" name="241" href="#241">241</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="242" href="#242">242</a> <em class="jxr_javadoccomment"> * @param archive an archive file such as a WAR or EAR</em>
<a class="jxr_linenumber" name="243" href="#243">243</a> <em class="jxr_javadoccomment"> * @param destination a directory to extract the contents to</em>
<a class="jxr_linenumber" name="244" href="#244">244</a> <em class="jxr_javadoccomment"> * @param engine the scanning engine</em>
<a class="jxr_linenumber" name="245" href="#245">245</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if the archive is not found</em>
<a class="jxr_linenumber" name="246" href="#246">246</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="247" href="#247">247</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractFiles(File archive, File destination, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="248" href="#248">248</a> <strong class="jxr_keyword">if</strong> (archive == <strong class="jxr_keyword">null</strong> || destination == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="249" href="#249">249</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="250" href="#250">250</a> }
<a class="jxr_linenumber" name="251" href="#251">251</a>
<a class="jxr_linenumber" name="252" href="#252">252</a> FileInputStream fis = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="253" href="#253">253</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="254" href="#254">254</a> fis = <strong class="jxr_keyword">new</strong> FileInputStream(archive);
<a class="jxr_linenumber" name="255" href="#255">255</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
<a class="jxr_linenumber" name="256" href="#256">256</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.INFO, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="257" href="#257">257</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Archive file was not found."</span>, ex);
<a class="jxr_linenumber" name="258" href="#258">258</a> }
<a class="jxr_linenumber" name="259" href="#259">259</a> <strong class="jxr_keyword">final</strong> String archiveExt = org.owasp.dependencycheck.utils.FileUtils.getFileExtension(archive.getName()).toLowerCase();
<a class="jxr_linenumber" name="260" href="#260">260</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="261" href="#261">261</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"zip"</span>.equals(archiveExt) || <span class="jxr_string">"war"</span>.equals(archiveExt) || <span class="jxr_string">"ear"</span>.equals(archiveExt)) {
<a class="jxr_linenumber" name="262" href="#262">262</a> extractArchive(<strong class="jxr_keyword">new</strong> ZipArchiveInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), destination, engine);
<a class="jxr_linenumber" name="263" href="#263">263</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"tar"</span>.equals(archiveExt)) {
<a class="jxr_linenumber" name="264" href="#264">264</a> extractArchive(<strong class="jxr_keyword">new</strong> TarArchiveInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), destination, engine);
<a class="jxr_linenumber" name="265" href="#265">265</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"gz"</span>.equals(archiveExt) || <span class="jxr_string">"tgz"</span>.equals(archiveExt)) {
<a class="jxr_linenumber" name="266" href="#266">266</a> <strong class="jxr_keyword">final</strong> String uncompressedName = GzipUtils.getUncompressedFilename(archive.getName());
<a class="jxr_linenumber" name="267" href="#267">267</a> <strong class="jxr_keyword">final</strong> String uncompressedExt = org.owasp.dependencycheck.utils.FileUtils.getFileExtension(uncompressedName).toLowerCase();
<a class="jxr_linenumber" name="268" href="#268">268</a> <strong class="jxr_keyword">if</strong> (engine.supportsExtension(uncompressedExt)) {
<a class="jxr_linenumber" name="269" href="#269">269</a> decompressFile(<strong class="jxr_keyword">new</strong> GzipCompressorInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), <strong class="jxr_keyword">new</strong> File(destination, uncompressedName));
<a class="jxr_linenumber" name="270" href="#270">270</a> }
<a class="jxr_linenumber" name="271" href="#271">271</a> }
<a class="jxr_linenumber" name="272" href="#272">272</a> } <strong class="jxr_keyword">catch</strong> (ArchiveExtractionException ex) {
<a class="jxr_linenumber" name="273" href="#273">273</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Exception extracting archive '%s'."</span>, archive.getName());
<a class="jxr_linenumber" name="274" href="#274">274</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.WARNING, msg);
<a class="jxr_linenumber" name="275" href="#275">275</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="276" href="#276">276</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="277" href="#277">277</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Exception reading archive '%s'."</span>, archive.getName());
<a class="jxr_linenumber" name="278" href="#278">278</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.WARNING, msg);
<a class="jxr_linenumber" name="279" href="#279">279</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="280" href="#280">280</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="281" href="#281">281</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="282" href="#282">282</a> fis.close();
<a class="jxr_linenumber" name="283" href="#283">283</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="284" href="#284">284</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="285" href="#285">285</a> }
<a class="jxr_linenumber" name="286" href="#286">286</a> }
<a class="jxr_linenumber" name="287" href="#287">287</a> }
<a class="jxr_linenumber" name="288" href="#288">288</a>
<a class="jxr_linenumber" name="289" href="#289">289</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="290" href="#290">290</a> <em class="jxr_javadoccomment"> * Extracts files from an archive.</em>
<a class="jxr_linenumber" name="291" href="#291">291</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="292" href="#292">292</a> <em class="jxr_javadoccomment"> * @param input the archive to extract files from</em>
<a class="jxr_linenumber" name="293" href="#293">293</a> <em class="jxr_javadoccomment"> * @param destination the location to write the files too</em>
<a class="jxr_linenumber" name="294" href="#294">294</a> <em class="jxr_javadoccomment"> * @param engine the dependency-check engine</em>
<a class="jxr_linenumber" name="295" href="#295">295</a> <em class="jxr_javadoccomment"> * @throws ArchiveExtractionException thrown if there is an exception</em>
<a class="jxr_linenumber" name="296" href="#296">296</a> <em class="jxr_javadoccomment"> * extracting files from the archive</em>
<a class="jxr_linenumber" name="297" href="#297">297</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="298" href="#298">298</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractArchive(ArchiveInputStream input, File destination, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> ArchiveExtractionException {
<a class="jxr_linenumber" name="299" href="#299">299</a> ArchiveEntry entry;
<a class="jxr_linenumber" name="300" href="#300">300</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="301" href="#301">301</a> <strong class="jxr_keyword">while</strong> ((entry = input.getNextEntry()) != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="302" href="#302">302</a> <strong class="jxr_keyword">if</strong> (entry.isDirectory()) {
<a class="jxr_linenumber" name="303" href="#303">303</a> <strong class="jxr_keyword">final</strong> File d = <strong class="jxr_keyword">new</strong> File(destination, entry.getName());
<a class="jxr_linenumber" name="304" href="#304">304</a> <strong class="jxr_keyword">if</strong> (!d.exists()) {
<a class="jxr_linenumber" name="305" href="#305">305</a> <strong class="jxr_keyword">if</strong> (!d.mkdirs()) {
<a class="jxr_linenumber" name="306" href="#306">306</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to create '%s'."</span>, d.getAbsolutePath());
<a class="jxr_linenumber" name="307" href="#307">307</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(msg);
<a class="jxr_linenumber" name="308" href="#308">308</a> }
<a class="jxr_linenumber" name="309" href="#309">309</a> }
<a class="jxr_linenumber" name="310" href="#310">310</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="311" href="#311">311</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(destination, entry.getName());
<a class="jxr_linenumber" name="312" href="#312">312</a> <strong class="jxr_keyword">final</strong> String ext = org.owasp.dependencycheck.utils.FileUtils.getFileExtension(file.getName());
<a class="jxr_linenumber" name="313" href="#313">313</a> <strong class="jxr_keyword">if</strong> (engine.supportsExtension(ext)) {
<a class="jxr_linenumber" name="314" href="#314">314</a> BufferedOutputStream bos = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="315" href="#315">315</a> FileOutputStream fos;
<a class="jxr_linenumber" name="316" href="#316">316</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="317" href="#317">317</a> fos = <strong class="jxr_keyword">new</strong> FileOutputStream(file);
<a class="jxr_linenumber" name="318" href="#318">318</a> bos = <strong class="jxr_keyword">new</strong> BufferedOutputStream(fos, BUFFER_SIZE);
<a class="jxr_linenumber" name="319" href="#319">319</a> <strong class="jxr_keyword">int</strong> count;
<a class="jxr_linenumber" name="320" href="#320">320</a> <strong class="jxr_keyword">final</strong> byte data[] = <strong class="jxr_keyword">new</strong> byte[BUFFER_SIZE];
<a class="jxr_linenumber" name="321" href="#321">321</a> <strong class="jxr_keyword">while</strong> ((count = input.read(data, 0, BUFFER_SIZE)) != -1) {
<a class="jxr_linenumber" name="322" href="#322">322</a> bos.write(data, 0, count);
<a class="jxr_linenumber" name="323" href="#323">323</a> }
<a class="jxr_linenumber" name="324" href="#324">324</a> bos.flush();
<a class="jxr_linenumber" name="325" href="#325">325</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
<a class="jxr_linenumber" name="326" href="#326">326</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>
<a class="jxr_linenumber" name="327" href="#327">327</a> .getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="328" href="#328">328</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to find file '%s'."</span>, file.getName());
<a class="jxr_linenumber" name="329" href="#329">329</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(msg, ex);
<a class="jxr_linenumber" name="330" href="#330">330</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="331" href="#331">331</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>
<a class="jxr_linenumber" name="332" href="#332">332</a> .getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="333" href="#333">333</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"IO Exception while parsing file '%s'."</span>, file.getName());
<a class="jxr_linenumber" name="334" href="#334">334</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisException.html">AnalysisException</a>(msg, ex);
<a class="jxr_linenumber" name="335" href="#335">335</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="336" href="#336">336</a> <strong class="jxr_keyword">if</strong> (bos != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="337" href="#337">337</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="338" href="#338">338</a> bos.close();
<a class="jxr_linenumber" name="339" href="#339">339</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="340" href="#340">340</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>
<a class="jxr_linenumber" name="341" href="#341">341</a> .getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="342" href="#342">342</a> }
<a class="jxr_linenumber" name="343" href="#343">343</a> }
<a class="jxr_linenumber" name="344" href="#344">344</a> }
<a class="jxr_linenumber" name="345" href="#345">345</a> }
<a class="jxr_linenumber" name="346" href="#346">346</a> }
<a class="jxr_linenumber" name="347" href="#347">347</a> }
<a class="jxr_linenumber" name="348" href="#348">348</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="349" href="#349">349</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
<a class="jxr_linenumber" name="350" href="#350">350</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
<a class="jxr_linenumber" name="351" href="#351">351</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
<a class="jxr_linenumber" name="352" href="#352">352</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="353" href="#353">353</a> <strong class="jxr_keyword">if</strong> (input != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="354" href="#354">354</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="355" href="#355">355</a> input.close();
<a class="jxr_linenumber" name="356" href="#356">356</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="357" href="#357">357</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="358" href="#358">358</a> }
<a class="jxr_linenumber" name="359" href="#359">359</a> }
<a class="jxr_linenumber" name="360" href="#360">360</a> }
<a class="jxr_linenumber" name="361" href="#361">361</a> }
<a class="jxr_linenumber" name="362" href="#362">362</a>
<a class="jxr_linenumber" name="363" href="#363">363</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="364" href="#364">364</a> <em class="jxr_javadoccomment"> * Decompresses a file.</em>
<a class="jxr_linenumber" name="365" href="#365">365</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="366" href="#366">366</a> <em class="jxr_javadoccomment"> * @param inputStream the compressed file</em>
<a class="jxr_linenumber" name="367" href="#367">367</a> <em class="jxr_javadoccomment"> * @param outputFile the location to write the decompressed file</em>
<a class="jxr_linenumber" name="368" href="#368">368</a> <em class="jxr_javadoccomment"> * @throws ArchiveExtractionException thrown if there is an exception</em>
<a class="jxr_linenumber" name="369" href="#369">369</a> <em class="jxr_javadoccomment"> * decompressing the file</em>
<a class="jxr_linenumber" name="370" href="#370">370</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="371" href="#371">371</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> decompressFile(CompressorInputStream inputStream, File outputFile) <strong class="jxr_keyword">throws</strong> ArchiveExtractionException {
<a class="jxr_linenumber" name="372" href="#372">372</a> FileOutputStream out = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="373" href="#373">373</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="374" href="#374">374</a> out = <strong class="jxr_keyword">new</strong> FileOutputStream(outputFile);
<a class="jxr_linenumber" name="375" href="#375">375</a> <strong class="jxr_keyword">final</strong> byte[] buffer = <strong class="jxr_keyword">new</strong> byte[BUFFER_SIZE];
<a class="jxr_linenumber" name="376" href="#376">376</a> <strong class="jxr_keyword">int</strong> n = 0;
<a class="jxr_linenumber" name="377" href="#377">377</a> <strong class="jxr_keyword">while</strong> (-1 != (n = inputStream.read(buffer))) {
<a class="jxr_linenumber" name="378" href="#378">378</a> out.write(buffer, 0, n);
<a class="jxr_linenumber" name="379" href="#379">379</a> }
<a class="jxr_linenumber" name="380" href="#380">380</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
<a class="jxr_linenumber" name="381" href="#381">381</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="382" href="#382">382</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
<a class="jxr_linenumber" name="383" href="#383">383</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="384" href="#384">384</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="385" href="#385">385</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
<a class="jxr_linenumber" name="386" href="#386">386</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="387" href="#387">387</a> <strong class="jxr_keyword">if</strong> (out != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="388" href="#388">388</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="389" href="#389">389</a> out.close();
<a class="jxr_linenumber" name="390" href="#390">390</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="391" href="#391">391</a> Logger.getLogger(ArchiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="392" href="#392">392</a> }
<a class="jxr_linenumber" name="393" href="#393">393</a> }
<a class="jxr_linenumber" name="394" href="#394">394</a> }
<a class="jxr_linenumber" name="395" href="#395">395</a> }
<a class="jxr_linenumber" name="396" href="#396">396</a> }
</pre>
<hr/><div id="footer">This page was automatically generated by <a href="http://maven.apache.org/">Maven</a></div></body>
</html>

619
dependency-check-core/xref/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.html
View File

@@ -33,309 +33,324 @@
<a class="jxr_linenumber" name="23" href="#23">23</a> <strong class="jxr_keyword">import</strong> java.util.Iterator;
<a class="jxr_linenumber" name="24" href="#24">24</a> <strong class="jxr_keyword">import</strong> java.util.ListIterator;
<a class="jxr_linenumber" name="25" href="#25">25</a> <strong class="jxr_keyword">import</strong> java.util.Set;
<a class="jxr_linenumber" name="26" href="#26">26</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
<a class="jxr_linenumber" name="27" href="#27">27</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
<a class="jxr_linenumber" name="28" href="#28">28</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.Engine;
<a class="jxr_linenumber" name="29" href="#29">29</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
<a class="jxr_linenumber" name="30" href="#30">30</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.DependencyVersion;
<a class="jxr_linenumber" name="31" href="#31">31</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.DependencyVersionUtil;
<a class="jxr_linenumber" name="32" href="#32">32</a>
<a class="jxr_linenumber" name="33" href="#33">33</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="34" href="#34">34</a> <em class="jxr_javadoccomment"> * &lt;p&gt;This analyzer ensures dependencies that should be grouped together, to</em>
<a class="jxr_linenumber" name="35" href="#35">35</a> <em class="jxr_javadoccomment"> * remove excess noise from the report, are grouped. An example would be Spring,</em>
<a class="jxr_linenumber" name="36" href="#36">36</a> <em class="jxr_javadoccomment"> * Spring Beans, Spring MVC, etc. If they are all for the same version and have</em>
<a class="jxr_linenumber" name="37" href="#37">37</a> <em class="jxr_javadoccomment"> * the same relative path then these should be grouped into a single dependency</em>
<a class="jxr_linenumber" name="38" href="#38">38</a> <em class="jxr_javadoccomment"> * under the core/main library.&lt;/p&gt;</em>
<a class="jxr_linenumber" name="39" href="#39">39</a> <em class="jxr_javadoccomment"> * &lt;p&gt;Note, this grouping only works on dependencies with identified CVE</em>
<a class="jxr_linenumber" name="40" href="#40">40</a> <em class="jxr_javadoccomment"> * entries&lt;/p&gt;</em>
<a class="jxr_linenumber" name="41" href="#41">41</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="42" href="#42">42</a> <em class="jxr_javadoccomment"> * @author Jeremy Long (jeremy.long@owasp.org)</em>
<a class="jxr_linenumber" name="43" href="#43">43</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="44" href="#44">44</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.html">DependencyBundlingAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html">AbstractAnalyzer</a> <strong class="jxr_keyword">implements</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> {
<a class="jxr_linenumber" name="45" href="#45">45</a>
<a class="jxr_linenumber" name="46" href="#46">46</a> <em class="jxr_comment">//&lt;editor-fold defaultstate="collapsed" desc="Constants and Member Variables"&gt;</em>
<a class="jxr_linenumber" name="47" href="#47">47</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="48" href="#48">48</a> <em class="jxr_javadoccomment"> * A pattern for obtaining the first part of a filename.</em>
<a class="jxr_linenumber" name="49" href="#49">49</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="50" href="#50">50</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern STARTING_TEXT_PATTERN = Pattern.compile(<span class="jxr_string">"^[a-zA-Z]*"</span>);
<a class="jxr_linenumber" name="51" href="#51">51</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="52" href="#52">52</a> <em class="jxr_javadoccomment"> * a flag indicating if this analyzer has run. This analyzer only runs once.</em>
<a class="jxr_linenumber" name="53" href="#53">53</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="54" href="#54">54</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> analyzed = false;
<a class="jxr_linenumber" name="55" href="#55">55</a> <em class="jxr_comment">//&lt;/editor-fold&gt;</em>
<a class="jxr_linenumber" name="56" href="#56">56</a> <em class="jxr_comment">//&lt;editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer"&gt;</em>
<a class="jxr_linenumber" name="57" href="#57">57</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="58" href="#58">58</a> <em class="jxr_javadoccomment"> * The set of file extensions supported by this analyzer.</em>
<a class="jxr_linenumber" name="59" href="#59">59</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="60" href="#60">60</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Set&lt;String&gt; EXTENSIONS = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="61" href="#61">61</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="62" href="#62">62</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
<a class="jxr_linenumber" name="63" href="#63">63</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="64" href="#64">64</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Dependency Bundling Analyzer"</span>;
<a class="jxr_linenumber" name="65" href="#65">65</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="66" href="#66">66</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="67" href="#67">67</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="68" href="#68">68</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.PRE_FINDING_ANALYSIS;
<a class="jxr_linenumber" name="69" href="#69">69</a>
<a class="jxr_linenumber" name="70" href="#70">70</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="71" href="#71">71</a> <em class="jxr_javadoccomment"> * Returns a list of file EXTENSIONS supported by this analyzer.</em>
<a class="jxr_linenumber" name="72" href="#72">72</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="73" href="#73">73</a> <em class="jxr_javadoccomment"> * @return a list of file EXTENSIONS supported by this analyzer.</em>
<a class="jxr_linenumber" name="74" href="#74">74</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="75" href="#75">75</a> <strong class="jxr_keyword">public</strong> Set&lt;String&gt; getSupportedExtensions() {
<a class="jxr_linenumber" name="76" href="#76">76</a> <strong class="jxr_keyword">return</strong> EXTENSIONS;
<a class="jxr_linenumber" name="77" href="#77">77</a> }
<a class="jxr_linenumber" name="78" href="#78">78</a>
<a class="jxr_linenumber" name="79" href="#79">79</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="80" href="#80">80</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
<a class="jxr_linenumber" name="81" href="#81">81</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="82" href="#82">82</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
<a class="jxr_linenumber" name="83" href="#83">83</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="84" href="#84">84</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="85" href="#85">85</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="86" href="#86">86</a> }
<a class="jxr_linenumber" name="87" href="#87">87</a>
<a class="jxr_linenumber" name="88" href="#88">88</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="89" href="#89">89</a> <em class="jxr_javadoccomment"> * Returns whether or not this analyzer can process the given extension.</em>
<a class="jxr_linenumber" name="90" href="#90">90</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="91" href="#91">91</a> <em class="jxr_javadoccomment"> * @param extension the file extension to test for support</em>
<a class="jxr_linenumber" name="92" href="#92">92</a> <em class="jxr_javadoccomment"> * @return whether or not the specified file extension is supported by this</em>
<a class="jxr_linenumber" name="93" href="#93">93</a> <em class="jxr_javadoccomment"> * analyzer.</em>
<a class="jxr_linenumber" name="94" href="#94">94</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="95" href="#95">95</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> supportsExtension(String extension) {
<a class="jxr_linenumber" name="96" href="#96">96</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="97" href="#97">97</a> }
<a class="jxr_linenumber" name="98" href="#98">98</a>
<a class="jxr_linenumber" name="99" href="#99">99</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="100" href="#100">100</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="101" href="#101">101</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="102" href="#102">102</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="103" href="#103">103</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="104" href="#104">104</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="105" href="#105">105</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
<a class="jxr_linenumber" name="106" href="#106">106</a> }
<a class="jxr_linenumber" name="107" href="#107">107</a> <em class="jxr_comment">//&lt;/editor-fold&gt;</em>
<a class="jxr_linenumber" name="108" href="#108">108</a>
<a class="jxr_linenumber" name="109" href="#109">109</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="110" href="#110">110</a> <em class="jxr_javadoccomment"> * Analyzes a set of dependencies. If they have been found to have the same</em>
<a class="jxr_linenumber" name="111" href="#111">111</a> <em class="jxr_javadoccomment"> * base path and the same set of identifiers they are likely related. The</em>
<a class="jxr_linenumber" name="112" href="#112">112</a> <em class="jxr_javadoccomment"> * related dependencies are bundled into a single reportable item.</em>
<a class="jxr_linenumber" name="113" href="#113">113</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="114" href="#114">114</a> <em class="jxr_javadoccomment"> * @param ignore this analyzer ignores the dependency being analyzed</em>
<a class="jxr_linenumber" name="115" href="#115">115</a> <em class="jxr_javadoccomment"> * @param engine the engine that is scanning the dependencies</em>
<a class="jxr_linenumber" name="116" href="#116">116</a> <em class="jxr_javadoccomment"> * @throws AnalysisException is thrown if there is an error reading the JAR</em>
<a class="jxr_linenumber" name="117" href="#117">117</a> <em class="jxr_javadoccomment"> * file.</em>
<a class="jxr_linenumber" name="118" href="#118">118</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="119" href="#119">119</a> @Override
<a class="jxr_linenumber" name="120" href="#120">120</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyze(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> ignore, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="121" href="#121">121</a> <strong class="jxr_keyword">if</strong> (!analyzed) {
<a class="jxr_linenumber" name="122" href="#122">122</a> analyzed = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="123" href="#123">123</a> <strong class="jxr_keyword">final</strong> Set&lt;Dependency&gt; dependenciesToRemove = <strong class="jxr_keyword">new</strong> HashSet&lt;Dependency&gt;();
<a class="jxr_linenumber" name="124" href="#124">124</a> <strong class="jxr_keyword">final</strong> ListIterator&lt;Dependency&gt; mainIterator = engine.getDependencies().listIterator();
<a class="jxr_linenumber" name="125" href="#125">125</a> <em class="jxr_comment">//for (Dependency nextDependency : engine.getDependencies()) {</em>
<a class="jxr_linenumber" name="126" href="#126">126</a> <strong class="jxr_keyword">while</strong> (mainIterator.hasNext()) {
<a class="jxr_linenumber" name="127" href="#127">127</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency = mainIterator.next();
<a class="jxr_linenumber" name="128" href="#128">128</a> <strong class="jxr_keyword">if</strong> (mainIterator.hasNext()) {
<a class="jxr_linenumber" name="129" href="#129">129</a> <strong class="jxr_keyword">final</strong> ListIterator&lt;Dependency&gt; subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
<a class="jxr_linenumber" name="130" href="#130">130</a> <strong class="jxr_keyword">while</strong> (subIterator.hasNext()) {
<a class="jxr_linenumber" name="131" href="#131">131</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> nextDependency = subIterator.next();
<a class="jxr_linenumber" name="132" href="#132">132</a>
<a class="jxr_linenumber" name="133" href="#133">133</a> <strong class="jxr_keyword">if</strong> (identifiersMatch(dependency, nextDependency)
<a class="jxr_linenumber" name="134" href="#134">134</a> &amp;&amp; hasSameBasePath(dependency, nextDependency)
<a class="jxr_linenumber" name="135" href="#135">135</a> &amp;&amp; fileNameMatch(dependency, nextDependency)) {
<a class="jxr_linenumber" name="136" href="#136">136</a>
<a class="jxr_linenumber" name="137" href="#137">137</a> <strong class="jxr_keyword">if</strong> (isCore(dependency, nextDependency)) {
<a class="jxr_linenumber" name="138" href="#138">138</a> dependency.addRelatedDependency(nextDependency);
<a class="jxr_linenumber" name="139" href="#139">139</a> <em class="jxr_comment">//move any "related dependencies" to the new "parent" dependency</em>
<a class="jxr_linenumber" name="140" href="#140">140</a> <strong class="jxr_keyword">final</strong> Iterator&lt;Dependency&gt; i = nextDependency.getRelatedDependencies().iterator();
<a class="jxr_linenumber" name="141" href="#141">141</a> <strong class="jxr_keyword">while</strong> (i.hasNext()) {
<a class="jxr_linenumber" name="142" href="#142">142</a> dependency.addRelatedDependency(i.next());
<a class="jxr_linenumber" name="143" href="#143">143</a> i.remove();
<a class="jxr_linenumber" name="144" href="#144">144</a> }
<a class="jxr_linenumber" name="145" href="#145">145</a> dependenciesToRemove.add(nextDependency);
<a class="jxr_linenumber" name="146" href="#146">146</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="147" href="#147">147</a> <strong class="jxr_keyword">if</strong> (isCore(nextDependency, dependency)) {
<a class="jxr_linenumber" name="148" href="#148">148</a> nextDependency.addRelatedDependency(dependency);
<a class="jxr_linenumber" name="149" href="#149">149</a> <em class="jxr_comment">//move any "related dependencies" to the new "parent" dependency</em>
<a class="jxr_linenumber" name="150" href="#150">150</a> <strong class="jxr_keyword">final</strong> Iterator&lt;Dependency&gt; i = dependency.getRelatedDependencies().iterator();
<a class="jxr_linenumber" name="151" href="#151">151</a> <strong class="jxr_keyword">while</strong> (i.hasNext()) {
<a class="jxr_linenumber" name="152" href="#152">152</a> nextDependency.addRelatedDependency(i.next());
<a class="jxr_linenumber" name="153" href="#153">153</a> i.remove();
<a class="jxr_linenumber" name="154" href="#154">154</a> }
<a class="jxr_linenumber" name="155" href="#155">155</a> dependenciesToRemove.add(dependency);
<a class="jxr_linenumber" name="26" href="#26">26</a> <strong class="jxr_keyword">import</strong> java.util.logging.Level;
<a class="jxr_linenumber" name="27" href="#27">27</a> <strong class="jxr_keyword">import</strong> java.util.logging.Logger;
<a class="jxr_linenumber" name="28" href="#28">28</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
<a class="jxr_linenumber" name="29" href="#29">29</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
<a class="jxr_linenumber" name="30" href="#30">30</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.Engine;
<a class="jxr_linenumber" name="31" href="#31">31</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
<a class="jxr_linenumber" name="32" href="#32">32</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.DependencyVersion;
<a class="jxr_linenumber" name="33" href="#33">33</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.DependencyVersionUtil;
<a class="jxr_linenumber" name="34" href="#34">34</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.LogUtils;
<a class="jxr_linenumber" name="35" href="#35">35</a>
<a class="jxr_linenumber" name="36" href="#36">36</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="37" href="#37">37</a> <em class="jxr_javadoccomment"> * &lt;p&gt;This analyzer ensures dependencies that should be grouped together, to</em>
<a class="jxr_linenumber" name="38" href="#38">38</a> <em class="jxr_javadoccomment"> * remove excess noise from the report, are grouped. An example would be Spring,</em>
<a class="jxr_linenumber" name="39" href="#39">39</a> <em class="jxr_javadoccomment"> * Spring Beans, Spring MVC, etc. If they are all for the same version and have</em>
<a class="jxr_linenumber" name="40" href="#40">40</a> <em class="jxr_javadoccomment"> * the same relative path then these should be grouped into a single dependency</em>
<a class="jxr_linenumber" name="41" href="#41">41</a> <em class="jxr_javadoccomment"> * under the core/main library.&lt;/p&gt;</em>
<a class="jxr_linenumber" name="42" href="#42">42</a> <em class="jxr_javadoccomment"> * &lt;p&gt;Note, this grouping only works on dependencies with identified CVE</em>
<a class="jxr_linenumber" name="43" href="#43">43</a> <em class="jxr_javadoccomment"> * entries&lt;/p&gt;</em>
<a class="jxr_linenumber" name="44" href="#44">44</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="45" href="#45">45</a> <em class="jxr_javadoccomment"> * @author Jeremy Long (jeremy.long@owasp.org)</em>
<a class="jxr_linenumber" name="46" href="#46">46</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="47" href="#47">47</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.html">DependencyBundlingAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html">AbstractAnalyzer</a> <strong class="jxr_keyword">implements</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> {
<a class="jxr_linenumber" name="48" href="#48">48</a>
<a class="jxr_linenumber" name="49" href="#49">49</a> <em class="jxr_comment">//&lt;editor-fold defaultstate="collapsed" desc="Constants and Member Variables"&gt;</em>
<a class="jxr_linenumber" name="50" href="#50">50</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="51" href="#51">51</a> <em class="jxr_javadoccomment"> * A pattern for obtaining the first part of a filename.</em>
<a class="jxr_linenumber" name="52" href="#52">52</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="53" href="#53">53</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern STARTING_TEXT_PATTERN = Pattern.compile(<span class="jxr_string">"^[a-zA-Z]*"</span>);
<a class="jxr_linenumber" name="54" href="#54">54</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="55" href="#55">55</a> <em class="jxr_javadoccomment"> * a flag indicating if this analyzer has run. This analyzer only runs once.</em>
<a class="jxr_linenumber" name="56" href="#56">56</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="57" href="#57">57</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> analyzed = false;
<a class="jxr_linenumber" name="58" href="#58">58</a> <em class="jxr_comment">//&lt;/editor-fold&gt;</em>
<a class="jxr_linenumber" name="59" href="#59">59</a> <em class="jxr_comment">//&lt;editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer"&gt;</em>
<a class="jxr_linenumber" name="60" href="#60">60</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="61" href="#61">61</a> <em class="jxr_javadoccomment"> * The set of file extensions supported by this analyzer.</em>
<a class="jxr_linenumber" name="62" href="#62">62</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="63" href="#63">63</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Set&lt;String&gt; EXTENSIONS = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="64" href="#64">64</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="65" href="#65">65</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
<a class="jxr_linenumber" name="66" href="#66">66</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="67" href="#67">67</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Dependency Bundling Analyzer"</span>;
<a class="jxr_linenumber" name="68" href="#68">68</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="69" href="#69">69</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="70" href="#70">70</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="71" href="#71">71</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.PRE_FINDING_ANALYSIS;
<a class="jxr_linenumber" name="72" href="#72">72</a>
<a class="jxr_linenumber" name="73" href="#73">73</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="74" href="#74">74</a> <em class="jxr_javadoccomment"> * Returns a list of file EXTENSIONS supported by this analyzer.</em>
<a class="jxr_linenumber" name="75" href="#75">75</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="76" href="#76">76</a> <em class="jxr_javadoccomment"> * @return a list of file EXTENSIONS supported by this analyzer.</em>
<a class="jxr_linenumber" name="77" href="#77">77</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="78" href="#78">78</a> <strong class="jxr_keyword">public</strong> Set&lt;String&gt; getSupportedExtensions() {
<a class="jxr_linenumber" name="79" href="#79">79</a> <strong class="jxr_keyword">return</strong> EXTENSIONS;
<a class="jxr_linenumber" name="80" href="#80">80</a> }
<a class="jxr_linenumber" name="81" href="#81">81</a>
<a class="jxr_linenumber" name="82" href="#82">82</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="83" href="#83">83</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
<a class="jxr_linenumber" name="84" href="#84">84</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="85" href="#85">85</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
<a class="jxr_linenumber" name="86" href="#86">86</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="87" href="#87">87</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="88" href="#88">88</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="89" href="#89">89</a> }
<a class="jxr_linenumber" name="90" href="#90">90</a>
<a class="jxr_linenumber" name="91" href="#91">91</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="92" href="#92">92</a> <em class="jxr_javadoccomment"> * Returns whether or not this analyzer can process the given extension.</em>
<a class="jxr_linenumber" name="93" href="#93">93</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="94" href="#94">94</a> <em class="jxr_javadoccomment"> * @param extension the file extension to test for support</em>
<a class="jxr_linenumber" name="95" href="#95">95</a> <em class="jxr_javadoccomment"> * @return whether or not the specified file extension is supported by this</em>
<a class="jxr_linenumber" name="96" href="#96">96</a> <em class="jxr_javadoccomment"> * analyzer.</em>
<a class="jxr_linenumber" name="97" href="#97">97</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="98" href="#98">98</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> supportsExtension(String extension) {
<a class="jxr_linenumber" name="99" href="#99">99</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="100" href="#100">100</a> }
<a class="jxr_linenumber" name="101" href="#101">101</a>
<a class="jxr_linenumber" name="102" href="#102">102</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="103" href="#103">103</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="104" href="#104">104</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="105" href="#105">105</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="106" href="#106">106</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="107" href="#107">107</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="108" href="#108">108</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
<a class="jxr_linenumber" name="109" href="#109">109</a> }
<a class="jxr_linenumber" name="110" href="#110">110</a> <em class="jxr_comment">//&lt;/editor-fold&gt;</em>
<a class="jxr_linenumber" name="111" href="#111">111</a>
<a class="jxr_linenumber" name="112" href="#112">112</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="113" href="#113">113</a> <em class="jxr_javadoccomment"> * Analyzes a set of dependencies. If they have been found to have the same</em>
<a class="jxr_linenumber" name="114" href="#114">114</a> <em class="jxr_javadoccomment"> * base path and the same set of identifiers they are likely related. The</em>
<a class="jxr_linenumber" name="115" href="#115">115</a> <em class="jxr_javadoccomment"> * related dependencies are bundled into a single reportable item.</em>
<a class="jxr_linenumber" name="116" href="#116">116</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="117" href="#117">117</a> <em class="jxr_javadoccomment"> * @param ignore this analyzer ignores the dependency being analyzed</em>
<a class="jxr_linenumber" name="118" href="#118">118</a> <em class="jxr_javadoccomment"> * @param engine the engine that is scanning the dependencies</em>
<a class="jxr_linenumber" name="119" href="#119">119</a> <em class="jxr_javadoccomment"> * @throws AnalysisException is thrown if there is an error reading the JAR</em>
<a class="jxr_linenumber" name="120" href="#120">120</a> <em class="jxr_javadoccomment"> * file.</em>
<a class="jxr_linenumber" name="121" href="#121">121</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="122" href="#122">122</a> @Override
<a class="jxr_linenumber" name="123" href="#123">123</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyze(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> ignore, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="124" href="#124">124</a> <strong class="jxr_keyword">if</strong> (!analyzed) {
<a class="jxr_linenumber" name="125" href="#125">125</a> analyzed = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="126" href="#126">126</a> <strong class="jxr_keyword">final</strong> Set&lt;Dependency&gt; dependenciesToRemove = <strong class="jxr_keyword">new</strong> HashSet&lt;Dependency&gt;();
<a class="jxr_linenumber" name="127" href="#127">127</a> <strong class="jxr_keyword">final</strong> ListIterator&lt;Dependency&gt; mainIterator = engine.getDependencies().listIterator();
<a class="jxr_linenumber" name="128" href="#128">128</a> <em class="jxr_comment">//for (Dependency nextDependency : engine.getDependencies()) {</em>
<a class="jxr_linenumber" name="129" href="#129">129</a> <strong class="jxr_keyword">while</strong> (mainIterator.hasNext()) {
<a class="jxr_linenumber" name="130" href="#130">130</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency = mainIterator.next();
<a class="jxr_linenumber" name="131" href="#131">131</a> <strong class="jxr_keyword">if</strong> (mainIterator.hasNext()) {
<a class="jxr_linenumber" name="132" href="#132">132</a> <strong class="jxr_keyword">final</strong> ListIterator&lt;Dependency&gt; subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
<a class="jxr_linenumber" name="133" href="#133">133</a> <strong class="jxr_keyword">while</strong> (subIterator.hasNext()) {
<a class="jxr_linenumber" name="134" href="#134">134</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> nextDependency = subIterator.next();
<a class="jxr_linenumber" name="135" href="#135">135</a>
<a class="jxr_linenumber" name="136" href="#136">136</a> <strong class="jxr_keyword">if</strong> (identifiersMatch(dependency, nextDependency)
<a class="jxr_linenumber" name="137" href="#137">137</a> &amp;&amp; hasSameBasePath(dependency, nextDependency)
<a class="jxr_linenumber" name="138" href="#138">138</a> &amp;&amp; fileNameMatch(dependency, nextDependency)) {
<a class="jxr_linenumber" name="139" href="#139">139</a>
<a class="jxr_linenumber" name="140" href="#140">140</a> <strong class="jxr_keyword">if</strong> (isCore(dependency, nextDependency)) {
<a class="jxr_linenumber" name="141" href="#141">141</a> dependency.addRelatedDependency(nextDependency);
<a class="jxr_linenumber" name="142" href="#142">142</a> <em class="jxr_comment">//move any "related dependencies" to the new "parent" dependency</em>
<a class="jxr_linenumber" name="143" href="#143">143</a> <strong class="jxr_keyword">final</strong> Iterator&lt;Dependency&gt; i = nextDependency.getRelatedDependencies().iterator();
<a class="jxr_linenumber" name="144" href="#144">144</a> <strong class="jxr_keyword">while</strong> (i.hasNext()) {
<a class="jxr_linenumber" name="145" href="#145">145</a> dependency.addRelatedDependency(i.next());
<a class="jxr_linenumber" name="146" href="#146">146</a> i.remove();
<a class="jxr_linenumber" name="147" href="#147">147</a> }
<a class="jxr_linenumber" name="148" href="#148">148</a> dependenciesToRemove.add(nextDependency);
<a class="jxr_linenumber" name="149" href="#149">149</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="150" href="#150">150</a> nextDependency.addRelatedDependency(dependency);
<a class="jxr_linenumber" name="151" href="#151">151</a> <em class="jxr_comment">//move any "related dependencies" to the new "parent" dependency</em>
<a class="jxr_linenumber" name="152" href="#152">152</a> <strong class="jxr_keyword">final</strong> Iterator&lt;Dependency&gt; i = dependency.getRelatedDependencies().iterator();
<a class="jxr_linenumber" name="153" href="#153">153</a> <strong class="jxr_keyword">while</strong> (i.hasNext()) {
<a class="jxr_linenumber" name="154" href="#154">154</a> nextDependency.addRelatedDependency(i.next());
<a class="jxr_linenumber" name="155" href="#155">155</a> i.remove();
<a class="jxr_linenumber" name="156" href="#156">156</a> }
<a class="jxr_linenumber" name="157" href="#157">157</a> }
<a class="jxr_linenumber" name="158" href="#158">158</a> }
<a class="jxr_linenumber" name="159" href="#159">159</a> }
<a class="jxr_linenumber" name="160" href="#160">160</a> }
<a class="jxr_linenumber" name="161" href="#161">161</a> }
<a class="jxr_linenumber" name="162" href="#162">162</a> <em class="jxr_comment">//removing dependencies here as ensuring correctness and avoiding ConcurrentUpdateExceptions</em>
<a class="jxr_linenumber" name="163" href="#163">163</a> <em class="jxr_comment">// was difficult because of the inner iterator.</em>
<a class="jxr_linenumber" name="164" href="#164">164</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependenciesToRemove) {
<a class="jxr_linenumber" name="165" href="#165">165</a> engine.getDependencies().remove(d);
<a class="jxr_linenumber" name="166" href="#166">166</a> }
<a class="jxr_linenumber" name="167" href="#167">167</a> }
<a class="jxr_linenumber" name="168" href="#168">168</a> }
<a class="jxr_linenumber" name="169" href="#169">169</a>
<a class="jxr_linenumber" name="170" href="#170">170</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="171" href="#171">171</a> <em class="jxr_javadoccomment"> * Attempts to trim a maven repo to a common base path. This is typically</em>
<a class="jxr_linenumber" name="172" href="#172">172</a> <em class="jxr_javadoccomment"> * [drive]\[repo_location]\repository\[path1]\[path2].</em>
<a class="jxr_linenumber" name="173" href="#173">173</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="174" href="#174">174</a> <em class="jxr_javadoccomment"> * @param path the path to trim</em>
<a class="jxr_linenumber" name="175" href="#175">175</a> <em class="jxr_javadoccomment"> * @return a string representing the base path.</em>
<a class="jxr_linenumber" name="176" href="#176">176</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="177" href="#177">177</a> <strong class="jxr_keyword">private</strong> String getBaseRepoPath(<strong class="jxr_keyword">final</strong> String path) {
<a class="jxr_linenumber" name="178" href="#178">178</a> <strong class="jxr_keyword">int</strong> pos = path.indexOf(<span class="jxr_string">"repository"</span> + File.separator) + 11;
<a class="jxr_linenumber" name="179" href="#179">179</a> <strong class="jxr_keyword">if</strong> (pos &lt; 0) {
<a class="jxr_linenumber" name="180" href="#180">180</a> <strong class="jxr_keyword">return</strong> path;
<a class="jxr_linenumber" name="181" href="#181">181</a> }
<a class="jxr_linenumber" name="182" href="#182">182</a> <strong class="jxr_keyword">int</strong> tmp = path.indexOf(File.separator, pos);
<a class="jxr_linenumber" name="183" href="#183">183</a> <strong class="jxr_keyword">if</strong> (tmp &lt;= 0) {
<a class="jxr_linenumber" name="184" href="#184">184</a> <strong class="jxr_keyword">return</strong> path;
<a class="jxr_linenumber" name="185" href="#185">185</a> }
<a class="jxr_linenumber" name="186" href="#186">186</a> <strong class="jxr_keyword">if</strong> (tmp &gt; 0) {
<a class="jxr_linenumber" name="187" href="#187">187</a> pos = tmp + 1;
<a class="jxr_linenumber" name="188" href="#188">188</a> }
<a class="jxr_linenumber" name="189" href="#189">189</a> tmp = path.indexOf(File.separator, pos);
<a class="jxr_linenumber" name="190" href="#190">190</a> <strong class="jxr_keyword">if</strong> (tmp &gt; 0) {
<a class="jxr_linenumber" name="191" href="#191">191</a> pos = tmp + 1;
<a class="jxr_linenumber" name="192" href="#192">192</a> }
<a class="jxr_linenumber" name="193" href="#193">193</a> <strong class="jxr_keyword">return</strong> path.substring(0, pos);
<a class="jxr_linenumber" name="194" href="#194">194</a> }
<a class="jxr_linenumber" name="195" href="#195">195</a>
<a class="jxr_linenumber" name="196" href="#196">196</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="197" href="#197">197</a> <em class="jxr_javadoccomment"> * Returns true if the file names (and version if it exists) of the two</em>
<a class="jxr_linenumber" name="198" href="#198">198</a> <em class="jxr_javadoccomment"> * dependencies are sufficiently similiar.</em>
<a class="jxr_linenumber" name="199" href="#199">199</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="200" href="#200">200</a> <em class="jxr_javadoccomment"> * @param dependency1 a dependency2 to compare</em>
<a class="jxr_linenumber" name="201" href="#201">201</a> <em class="jxr_javadoccomment"> * @param dependency2 a dependency2 to compare</em>
<a class="jxr_linenumber" name="202" href="#202">202</a> <em class="jxr_javadoccomment"> * @return true if the identifiers in the two supplied dependencies are</em>
<a class="jxr_linenumber" name="203" href="#203">203</a> <em class="jxr_javadoccomment"> * equal</em>
<a class="jxr_linenumber" name="204" href="#204">204</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="205" href="#205">205</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> fileNameMatch(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
<a class="jxr_linenumber" name="206" href="#206">206</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency1.getFileName() == <strong class="jxr_keyword">null</strong>
<a class="jxr_linenumber" name="207" href="#207">207</a> || dependency2 == <strong class="jxr_keyword">null</strong> || dependency2.getFileName() == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="208" href="#208">208</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="209" href="#209">209</a> }
<a class="jxr_linenumber" name="210" href="#210">210</a> String fileName1 = dependency1.getFileName();
<a class="jxr_linenumber" name="211" href="#211">211</a> String fileName2 = dependency2.getFileName();
<a class="jxr_linenumber" name="212" href="#212">212</a>
<a class="jxr_linenumber" name="213" href="#213">213</a> <em class="jxr_comment">//update to deal with archive analyzer, the starting name maybe the same</em>
<a class="jxr_linenumber" name="214" href="#214">214</a> <em class="jxr_comment">// as this is incorrectly looking at the starting path</em>
<a class="jxr_linenumber" name="215" href="#215">215</a> <strong class="jxr_keyword">final</strong> File one = <strong class="jxr_keyword">new</strong> File(fileName1);
<a class="jxr_linenumber" name="216" href="#216">216</a> <strong class="jxr_keyword">final</strong> File two = <strong class="jxr_keyword">new</strong> File(fileName2);
<a class="jxr_linenumber" name="217" href="#217">217</a> <strong class="jxr_keyword">final</strong> String oneParent = one.getParent();
<a class="jxr_linenumber" name="218" href="#218">218</a> <strong class="jxr_keyword">final</strong> String twoParent = two.getParent();
<a class="jxr_linenumber" name="219" href="#219">219</a> <strong class="jxr_keyword">if</strong> (oneParent != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="220" href="#220">220</a> <strong class="jxr_keyword">if</strong> (twoParent != <strong class="jxr_keyword">null</strong> &amp;&amp; oneParent.equals(twoParent)) {
<a class="jxr_linenumber" name="221" href="#221">221</a> fileName1 = one.getName();
<a class="jxr_linenumber" name="222" href="#222">222</a> fileName2 = two.getName();
<a class="jxr_linenumber" name="223" href="#223">223</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="224" href="#224">224</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="225" href="#225">225</a> }
<a class="jxr_linenumber" name="226" href="#226">226</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (twoParent != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="227" href="#227">227</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="228" href="#228">228</a> }
<a class="jxr_linenumber" name="229" href="#229">229</a>
<a class="jxr_linenumber" name="230" href="#230">230</a> <em class="jxr_comment">//version check</em>
<a class="jxr_linenumber" name="231" href="#231">231</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/utils/DependencyVersion.html">DependencyVersion</a> version1 = DependencyVersionUtil.parseVersion(fileName1);
<a class="jxr_linenumber" name="232" href="#232">232</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/utils/DependencyVersion.html">DependencyVersion</a> version2 = DependencyVersionUtil.parseVersion(fileName2);
<a class="jxr_linenumber" name="233" href="#233">233</a> <strong class="jxr_keyword">if</strong> (version1 != <strong class="jxr_keyword">null</strong> &amp;&amp; version2 != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="234" href="#234">234</a> <strong class="jxr_keyword">if</strong> (!version1.equals(version2)) {
<a class="jxr_linenumber" name="235" href="#235">235</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="236" href="#236">236</a> }
<a class="jxr_linenumber" name="237" href="#237">237</a> }
<a class="jxr_linenumber" name="238" href="#238">238</a>
<a class="jxr_linenumber" name="239" href="#239">239</a> <em class="jxr_comment">//filename check</em>
<a class="jxr_linenumber" name="240" href="#240">240</a> <strong class="jxr_keyword">final</strong> Matcher match1 = STARTING_TEXT_PATTERN.matcher(fileName1);
<a class="jxr_linenumber" name="241" href="#241">241</a> <strong class="jxr_keyword">final</strong> Matcher match2 = STARTING_TEXT_PATTERN.matcher(fileName2);
<a class="jxr_linenumber" name="242" href="#242">242</a> <strong class="jxr_keyword">if</strong> (match1.find() &amp;&amp; match2.find()) {
<a class="jxr_linenumber" name="243" href="#243">243</a> <strong class="jxr_keyword">return</strong> match1.group().equals(match2.group());
<a class="jxr_linenumber" name="244" href="#244">244</a> }
<a class="jxr_linenumber" name="245" href="#245">245</a>
<a class="jxr_linenumber" name="246" href="#246">246</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="247" href="#247">247</a> }
<a class="jxr_linenumber" name="248" href="#248">248</a>
<a class="jxr_linenumber" name="249" href="#249">249</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="250" href="#250">250</a> <em class="jxr_javadoccomment"> * Returns true if the identifiers in the two supplied dependencies are</em>
<a class="jxr_linenumber" name="251" href="#251">251</a> <em class="jxr_javadoccomment"> * equal.</em>
<a class="jxr_linenumber" name="252" href="#252">252</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="253" href="#253">253</a> <em class="jxr_javadoccomment"> * @param dependency1 a dependency2 to compare</em>
<a class="jxr_linenumber" name="254" href="#254">254</a> <em class="jxr_javadoccomment"> * @param dependency2 a dependency2 to compare</em>
<a class="jxr_linenumber" name="255" href="#255">255</a> <em class="jxr_javadoccomment"> * @return true if the identifiers in the two supplied dependencies are</em>
<a class="jxr_linenumber" name="256" href="#256">256</a> <em class="jxr_javadoccomment"> * equal</em>
<a class="jxr_linenumber" name="257" href="#257">257</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="258" href="#258">258</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> identifiersMatch(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
<a class="jxr_linenumber" name="259" href="#259">259</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency1.getIdentifiers() == <strong class="jxr_keyword">null</strong>
<a class="jxr_linenumber" name="260" href="#260">260</a> || dependency2 == <strong class="jxr_keyword">null</strong> || dependency2.getIdentifiers() == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="261" href="#261">261</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="262" href="#262">262</a> }
<a class="jxr_linenumber" name="263" href="#263">263</a> <strong class="jxr_keyword">return</strong> dependency1.getIdentifiers().size() &gt; 0
<a class="jxr_linenumber" name="264" href="#264">264</a> &amp;&amp; dependency2.getIdentifiers().equals(dependency1.getIdentifiers());
<a class="jxr_linenumber" name="265" href="#265">265</a> }
<a class="jxr_linenumber" name="266" href="#266">266</a>
<a class="jxr_linenumber" name="267" href="#267">267</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="268" href="#268">268</a> <em class="jxr_javadoccomment"> * Determines if the two dependencies have the same base path.</em>
<a class="jxr_linenumber" name="269" href="#269">269</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="270" href="#270">270</a> <em class="jxr_javadoccomment"> * @param dependency1 a Dependency object</em>
<a class="jxr_linenumber" name="271" href="#271">271</a> <em class="jxr_javadoccomment"> * @param dependency2 a Dependency object</em>
<a class="jxr_linenumber" name="272" href="#272">272</a> <em class="jxr_javadoccomment"> * @return true if the base paths of the dependencies are identical</em>
<a class="jxr_linenumber" name="273" href="#273">273</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="274" href="#274">274</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> hasSameBasePath(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
<a class="jxr_linenumber" name="275" href="#275">275</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency2 == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="276" href="#276">276</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="277" href="#277">277</a> }
<a class="jxr_linenumber" name="278" href="#278">278</a> <strong class="jxr_keyword">final</strong> File lFile = <strong class="jxr_keyword">new</strong> File(dependency1.getFilePath());
<a class="jxr_linenumber" name="279" href="#279">279</a> String left = lFile.getParent();
<a class="jxr_linenumber" name="280" href="#280">280</a> <strong class="jxr_keyword">final</strong> File rFile = <strong class="jxr_keyword">new</strong> File(dependency2.getFilePath());
<a class="jxr_linenumber" name="281" href="#281">281</a> String right = rFile.getParent();
<a class="jxr_linenumber" name="282" href="#282">282</a> <strong class="jxr_keyword">if</strong> (left == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="283" href="#283">283</a> <strong class="jxr_keyword">if</strong> (right == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="284" href="#284">284</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="285" href="#285">285</a> }
<a class="jxr_linenumber" name="286" href="#286">286</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="287" href="#287">287</a> }
<a class="jxr_linenumber" name="288" href="#288">288</a> <strong class="jxr_keyword">if</strong> (left.equalsIgnoreCase(right)) {
<a class="jxr_linenumber" name="289" href="#289">289</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="290" href="#290">290</a> }
<a class="jxr_linenumber" name="291" href="#291">291</a> <strong class="jxr_keyword">if</strong> (left.matches(<span class="jxr_string">".*[/&#92;&#92;&#92;&#92;]repository[/&#92;&#92;&#92;&#92;].*"</span>) &amp;&amp; right.matches(<span class="jxr_string">".*[/&#92;&#92;&#92;&#92;]repository[/&#92;&#92;&#92;&#92;].*"</span>)) {
<a class="jxr_linenumber" name="292" href="#292">292</a> left = getBaseRepoPath(left);
<a class="jxr_linenumber" name="293" href="#293">293</a> right = getBaseRepoPath(right);
<a class="jxr_linenumber" name="294" href="#294">294</a> }
<a class="jxr_linenumber" name="295" href="#295">295</a> <strong class="jxr_keyword">return</strong> left.equalsIgnoreCase(right);
<a class="jxr_linenumber" name="296" href="#296">296</a> }
<a class="jxr_linenumber" name="297" href="#297">297</a>
<a class="jxr_linenumber" name="298" href="#298">298</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="299" href="#299">299</a> <em class="jxr_javadoccomment"> * This is likely a very broken attempt at determining if the 'left'</em>
<a class="jxr_linenumber" name="300" href="#300">300</a> <em class="jxr_javadoccomment"> * dependency is the 'core' library in comparison to the 'right' library.</em>
<a class="jxr_linenumber" name="301" href="#301">301</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="302" href="#302">302</a> <em class="jxr_javadoccomment"> * TODO - consider splitting on /\._-\s/ and checking if all of one side is</em>
<a class="jxr_linenumber" name="303" href="#303">303</a> <em class="jxr_javadoccomment"> * fully contained in the other With the exception of the word "core". This</em>
<a class="jxr_linenumber" name="304" href="#304">304</a> <em class="jxr_javadoccomment"> * might work even on groups when we don't have a CVE.</em>
<a class="jxr_linenumber" name="305" href="#305">305</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="306" href="#306">306</a> <em class="jxr_javadoccomment"> * @param left the dependency to test</em>
<a class="jxr_linenumber" name="307" href="#307">307</a> <em class="jxr_javadoccomment"> * @param right the dependency to test against</em>
<a class="jxr_linenumber" name="308" href="#308">308</a> <em class="jxr_javadoccomment"> * @return a boolean indicating whether or not the left dependency should be</em>
<a class="jxr_linenumber" name="309" href="#309">309</a> <em class="jxr_javadoccomment"> * considered the "core" version.</em>
<a class="jxr_linenumber" name="310" href="#310">310</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="311" href="#311">311</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isCore(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> left, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> right) {
<a class="jxr_linenumber" name="312" href="#312">312</a> <strong class="jxr_keyword">final</strong> String leftName = left.getFileName().toLowerCase();
<a class="jxr_linenumber" name="313" href="#313">313</a> <strong class="jxr_keyword">final</strong> String rightName = right.getFileName().toLowerCase();
<a class="jxr_linenumber" name="314" href="#314">314</a>
<a class="jxr_linenumber" name="315" href="#315">315</a> <strong class="jxr_keyword">if</strong> (rightName.contains(<span class="jxr_string">"core"</span>) &amp;&amp; !leftName.contains(<span class="jxr_string">"core"</span>)) {
<a class="jxr_linenumber" name="316" href="#316">316</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="317" href="#317">317</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (!rightName.contains(<span class="jxr_string">"core"</span>) &amp;&amp; leftName.contains(<span class="jxr_string">"core"</span>)) {
<a class="jxr_linenumber" name="318" href="#318">318</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="319" href="#319">319</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="320" href="#320">320</a> <em class="jxr_comment">//TODO should we be splitting the name on [-_(.\d)+] and seeing if the</em>
<a class="jxr_linenumber" name="321" href="#321">321</a> <em class="jxr_comment">// parts are contained in the other side?</em>
<a class="jxr_linenumber" name="322" href="#322">322</a> <strong class="jxr_keyword">if</strong> (leftName.length() &gt; rightName.length()) {
<a class="jxr_linenumber" name="323" href="#323">323</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="324" href="#324">324</a> }
<a class="jxr_linenumber" name="325" href="#325">325</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="326" href="#326">326</a> }
<a class="jxr_linenumber" name="327" href="#327">327</a> }
<a class="jxr_linenumber" name="328" href="#328">328</a> }
<a class="jxr_linenumber" name="157" href="#157">157</a> dependenciesToRemove.add(dependency);
<a class="jxr_linenumber" name="158" href="#158">158</a> }
<a class="jxr_linenumber" name="159" href="#159">159</a> }
<a class="jxr_linenumber" name="160" href="#160">160</a> }
<a class="jxr_linenumber" name="161" href="#161">161</a> }
<a class="jxr_linenumber" name="162" href="#162">162</a> }
<a class="jxr_linenumber" name="163" href="#163">163</a> <em class="jxr_comment">//removing dependencies here as ensuring correctness and avoiding ConcurrentUpdateExceptions</em>
<a class="jxr_linenumber" name="164" href="#164">164</a> <em class="jxr_comment">// was difficult because of the inner iterator.</em>
<a class="jxr_linenumber" name="165" href="#165">165</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependenciesToRemove) {
<a class="jxr_linenumber" name="166" href="#166">166</a> engine.getDependencies().remove(d);
<a class="jxr_linenumber" name="167" href="#167">167</a> }
<a class="jxr_linenumber" name="168" href="#168">168</a> }
<a class="jxr_linenumber" name="169" href="#169">169</a> }
<a class="jxr_linenumber" name="170" href="#170">170</a>
<a class="jxr_linenumber" name="171" href="#171">171</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="172" href="#172">172</a> <em class="jxr_javadoccomment"> * Attempts to trim a maven repo to a common base path. This is typically</em>
<a class="jxr_linenumber" name="173" href="#173">173</a> <em class="jxr_javadoccomment"> * [drive]\[repo_location]\repository\[path1]\[path2].</em>
<a class="jxr_linenumber" name="174" href="#174">174</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="175" href="#175">175</a> <em class="jxr_javadoccomment"> * @param path the path to trim</em>
<a class="jxr_linenumber" name="176" href="#176">176</a> <em class="jxr_javadoccomment"> * @return a string representing the base path.</em>
<a class="jxr_linenumber" name="177" href="#177">177</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="178" href="#178">178</a> <strong class="jxr_keyword">private</strong> String getBaseRepoPath(<strong class="jxr_keyword">final</strong> String path) {
<a class="jxr_linenumber" name="179" href="#179">179</a> <strong class="jxr_keyword">int</strong> pos = path.indexOf(<span class="jxr_string">"repository"</span> + File.separator) + 11;
<a class="jxr_linenumber" name="180" href="#180">180</a> <strong class="jxr_keyword">if</strong> (pos &lt; 0) {
<a class="jxr_linenumber" name="181" href="#181">181</a> <strong class="jxr_keyword">return</strong> path;
<a class="jxr_linenumber" name="182" href="#182">182</a> }
<a class="jxr_linenumber" name="183" href="#183">183</a> <strong class="jxr_keyword">int</strong> tmp = path.indexOf(File.separator, pos);
<a class="jxr_linenumber" name="184" href="#184">184</a> <strong class="jxr_keyword">if</strong> (tmp &lt;= 0) {
<a class="jxr_linenumber" name="185" href="#185">185</a> <strong class="jxr_keyword">return</strong> path;
<a class="jxr_linenumber" name="186" href="#186">186</a> }
<a class="jxr_linenumber" name="187" href="#187">187</a> <strong class="jxr_keyword">if</strong> (tmp &gt; 0) {
<a class="jxr_linenumber" name="188" href="#188">188</a> pos = tmp + 1;
<a class="jxr_linenumber" name="189" href="#189">189</a> }
<a class="jxr_linenumber" name="190" href="#190">190</a> tmp = path.indexOf(File.separator, pos);
<a class="jxr_linenumber" name="191" href="#191">191</a> <strong class="jxr_keyword">if</strong> (tmp &gt; 0) {
<a class="jxr_linenumber" name="192" href="#192">192</a> pos = tmp + 1;
<a class="jxr_linenumber" name="193" href="#193">193</a> }
<a class="jxr_linenumber" name="194" href="#194">194</a> <strong class="jxr_keyword">return</strong> path.substring(0, pos);
<a class="jxr_linenumber" name="195" href="#195">195</a> }
<a class="jxr_linenumber" name="196" href="#196">196</a>
<a class="jxr_linenumber" name="197" href="#197">197</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="198" href="#198">198</a> <em class="jxr_javadoccomment"> * Returns true if the file names (and version if it exists) of the two</em>
<a class="jxr_linenumber" name="199" href="#199">199</a> <em class="jxr_javadoccomment"> * dependencies are sufficiently similiar.</em>
<a class="jxr_linenumber" name="200" href="#200">200</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="201" href="#201">201</a> <em class="jxr_javadoccomment"> * @param dependency1 a dependency2 to compare</em>
<a class="jxr_linenumber" name="202" href="#202">202</a> <em class="jxr_javadoccomment"> * @param dependency2 a dependency2 to compare</em>
<a class="jxr_linenumber" name="203" href="#203">203</a> <em class="jxr_javadoccomment"> * @return true if the identifiers in the two supplied dependencies are</em>
<a class="jxr_linenumber" name="204" href="#204">204</a> <em class="jxr_javadoccomment"> * equal</em>
<a class="jxr_linenumber" name="205" href="#205">205</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="206" href="#206">206</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> fileNameMatch(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
<a class="jxr_linenumber" name="207" href="#207">207</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency1.getFileName() == <strong class="jxr_keyword">null</strong>
<a class="jxr_linenumber" name="208" href="#208">208</a> || dependency2 == <strong class="jxr_keyword">null</strong> || dependency2.getFileName() == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="209" href="#209">209</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="210" href="#210">210</a> }
<a class="jxr_linenumber" name="211" href="#211">211</a> String fileName1 = dependency1.getFileName();
<a class="jxr_linenumber" name="212" href="#212">212</a> String fileName2 = dependency2.getFileName();
<a class="jxr_linenumber" name="213" href="#213">213</a>
<a class="jxr_linenumber" name="214" href="#214">214</a> <em class="jxr_comment">//update to deal with archive analyzer, the starting name maybe the same</em>
<a class="jxr_linenumber" name="215" href="#215">215</a> <em class="jxr_comment">// as this is incorrectly looking at the starting path</em>
<a class="jxr_linenumber" name="216" href="#216">216</a> <strong class="jxr_keyword">final</strong> File one = <strong class="jxr_keyword">new</strong> File(fileName1);
<a class="jxr_linenumber" name="217" href="#217">217</a> <strong class="jxr_keyword">final</strong> File two = <strong class="jxr_keyword">new</strong> File(fileName2);
<a class="jxr_linenumber" name="218" href="#218">218</a> <strong class="jxr_keyword">final</strong> String oneParent = one.getParent();
<a class="jxr_linenumber" name="219" href="#219">219</a> <strong class="jxr_keyword">final</strong> String twoParent = two.getParent();
<a class="jxr_linenumber" name="220" href="#220">220</a> <strong class="jxr_keyword">if</strong> (oneParent != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="221" href="#221">221</a> <strong class="jxr_keyword">if</strong> (twoParent != <strong class="jxr_keyword">null</strong> &amp;&amp; oneParent.equals(twoParent)) {
<a class="jxr_linenumber" name="222" href="#222">222</a> fileName1 = one.getName();
<a class="jxr_linenumber" name="223" href="#223">223</a> fileName2 = two.getName();
<a class="jxr_linenumber" name="224" href="#224">224</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="225" href="#225">225</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="226" href="#226">226</a> }
<a class="jxr_linenumber" name="227" href="#227">227</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (twoParent != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="228" href="#228">228</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="229" href="#229">229</a> }
<a class="jxr_linenumber" name="230" href="#230">230</a>
<a class="jxr_linenumber" name="231" href="#231">231</a> <em class="jxr_comment">//version check</em>
<a class="jxr_linenumber" name="232" href="#232">232</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/utils/DependencyVersion.html">DependencyVersion</a> version1 = DependencyVersionUtil.parseVersion(fileName1);
<a class="jxr_linenumber" name="233" href="#233">233</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/utils/DependencyVersion.html">DependencyVersion</a> version2 = DependencyVersionUtil.parseVersion(fileName2);
<a class="jxr_linenumber" name="234" href="#234">234</a> <strong class="jxr_keyword">if</strong> (version1 != <strong class="jxr_keyword">null</strong> &amp;&amp; version2 != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="235" href="#235">235</a> <strong class="jxr_keyword">if</strong> (!version1.equals(version2)) {
<a class="jxr_linenumber" name="236" href="#236">236</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="237" href="#237">237</a> }
<a class="jxr_linenumber" name="238" href="#238">238</a> }
<a class="jxr_linenumber" name="239" href="#239">239</a>
<a class="jxr_linenumber" name="240" href="#240">240</a> <em class="jxr_comment">//filename check</em>
<a class="jxr_linenumber" name="241" href="#241">241</a> <strong class="jxr_keyword">final</strong> Matcher match1 = STARTING_TEXT_PATTERN.matcher(fileName1);
<a class="jxr_linenumber" name="242" href="#242">242</a> <strong class="jxr_keyword">final</strong> Matcher match2 = STARTING_TEXT_PATTERN.matcher(fileName2);
<a class="jxr_linenumber" name="243" href="#243">243</a> <strong class="jxr_keyword">if</strong> (match1.find() &amp;&amp; match2.find()) {
<a class="jxr_linenumber" name="244" href="#244">244</a> <strong class="jxr_keyword">return</strong> match1.group().equals(match2.group());
<a class="jxr_linenumber" name="245" href="#245">245</a> }
<a class="jxr_linenumber" name="246" href="#246">246</a>
<a class="jxr_linenumber" name="247" href="#247">247</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="248" href="#248">248</a> }
<a class="jxr_linenumber" name="249" href="#249">249</a>
<a class="jxr_linenumber" name="250" href="#250">250</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="251" href="#251">251</a> <em class="jxr_javadoccomment"> * Returns true if the identifiers in the two supplied dependencies are</em>
<a class="jxr_linenumber" name="252" href="#252">252</a> <em class="jxr_javadoccomment"> * equal.</em>
<a class="jxr_linenumber" name="253" href="#253">253</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="254" href="#254">254</a> <em class="jxr_javadoccomment"> * @param dependency1 a dependency2 to compare</em>
<a class="jxr_linenumber" name="255" href="#255">255</a> <em class="jxr_javadoccomment"> * @param dependency2 a dependency2 to compare</em>
<a class="jxr_linenumber" name="256" href="#256">256</a> <em class="jxr_javadoccomment"> * @return true if the identifiers in the two supplied dependencies are</em>
<a class="jxr_linenumber" name="257" href="#257">257</a> <em class="jxr_javadoccomment"> * equal</em>
<a class="jxr_linenumber" name="258" href="#258">258</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="259" href="#259">259</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> identifiersMatch(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
<a class="jxr_linenumber" name="260" href="#260">260</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency1.getIdentifiers() == <strong class="jxr_keyword">null</strong>
<a class="jxr_linenumber" name="261" href="#261">261</a> || dependency2 == <strong class="jxr_keyword">null</strong> || dependency2.getIdentifiers() == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="262" href="#262">262</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="263" href="#263">263</a> }
<a class="jxr_linenumber" name="264" href="#264">264</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> matches = dependency1.getIdentifiers().size() &gt; 0
<a class="jxr_linenumber" name="265" href="#265">265</a> &amp;&amp; dependency2.getIdentifiers().equals(dependency1.getIdentifiers());
<a class="jxr_linenumber" name="266" href="#266">266</a> <strong class="jxr_keyword">if</strong> (LogUtils.isVerboseLoggingEnabled()) {
<a class="jxr_linenumber" name="267" href="#267">267</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"IdentifiersMatch=%s (%s, %s)"</span>, matches, dependency1.getFileName(), dependency2.getFileName());
<a class="jxr_linenumber" name="268" href="#268">268</a> Logger.getLogger(DependencyBundlingAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, msg);
<a class="jxr_linenumber" name="269" href="#269">269</a> }
<a class="jxr_linenumber" name="270" href="#270">270</a> <strong class="jxr_keyword">return</strong> matches;
<a class="jxr_linenumber" name="271" href="#271">271</a> }
<a class="jxr_linenumber" name="272" href="#272">272</a>
<a class="jxr_linenumber" name="273" href="#273">273</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="274" href="#274">274</a> <em class="jxr_javadoccomment"> * Determines if the two dependencies have the same base path.</em>
<a class="jxr_linenumber" name="275" href="#275">275</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="276" href="#276">276</a> <em class="jxr_javadoccomment"> * @param dependency1 a Dependency object</em>
<a class="jxr_linenumber" name="277" href="#277">277</a> <em class="jxr_javadoccomment"> * @param dependency2 a Dependency object</em>
<a class="jxr_linenumber" name="278" href="#278">278</a> <em class="jxr_javadoccomment"> * @return true if the base paths of the dependencies are identical</em>
<a class="jxr_linenumber" name="279" href="#279">279</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="280" href="#280">280</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> hasSameBasePath(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
<a class="jxr_linenumber" name="281" href="#281">281</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency2 == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="282" href="#282">282</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="283" href="#283">283</a> }
<a class="jxr_linenumber" name="284" href="#284">284</a> <strong class="jxr_keyword">final</strong> File lFile = <strong class="jxr_keyword">new</strong> File(dependency1.getFilePath());
<a class="jxr_linenumber" name="285" href="#285">285</a> String left = lFile.getParent();
<a class="jxr_linenumber" name="286" href="#286">286</a> <strong class="jxr_keyword">final</strong> File rFile = <strong class="jxr_keyword">new</strong> File(dependency2.getFilePath());
<a class="jxr_linenumber" name="287" href="#287">287</a> String right = rFile.getParent();
<a class="jxr_linenumber" name="288" href="#288">288</a> <strong class="jxr_keyword">if</strong> (left == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="289" href="#289">289</a> <strong class="jxr_keyword">if</strong> (right == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="290" href="#290">290</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="291" href="#291">291</a> }
<a class="jxr_linenumber" name="292" href="#292">292</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="293" href="#293">293</a> }
<a class="jxr_linenumber" name="294" href="#294">294</a> <strong class="jxr_keyword">if</strong> (left.equalsIgnoreCase(right)) {
<a class="jxr_linenumber" name="295" href="#295">295</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="296" href="#296">296</a> }
<a class="jxr_linenumber" name="297" href="#297">297</a> <strong class="jxr_keyword">if</strong> (left.matches(<span class="jxr_string">".*[/&#92;&#92;&#92;&#92;]repository[/&#92;&#92;&#92;&#92;].*"</span>) &amp;&amp; right.matches(<span class="jxr_string">".*[/&#92;&#92;&#92;&#92;]repository[/&#92;&#92;&#92;&#92;].*"</span>)) {
<a class="jxr_linenumber" name="298" href="#298">298</a> left = getBaseRepoPath(left);
<a class="jxr_linenumber" name="299" href="#299">299</a> right = getBaseRepoPath(right);
<a class="jxr_linenumber" name="300" href="#300">300</a> }
<a class="jxr_linenumber" name="301" href="#301">301</a> <strong class="jxr_keyword">return</strong> left.equalsIgnoreCase(right);
<a class="jxr_linenumber" name="302" href="#302">302</a> }
<a class="jxr_linenumber" name="303" href="#303">303</a>
<a class="jxr_linenumber" name="304" href="#304">304</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="305" href="#305">305</a> <em class="jxr_javadoccomment"> * This is likely a very broken attempt at determining if the 'left'</em>
<a class="jxr_linenumber" name="306" href="#306">306</a> <em class="jxr_javadoccomment"> * dependency is the 'core' library in comparison to the 'right' library.</em>
<a class="jxr_linenumber" name="307" href="#307">307</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="308" href="#308">308</a> <em class="jxr_javadoccomment"> * @param left the dependency to test</em>
<a class="jxr_linenumber" name="309" href="#309">309</a> <em class="jxr_javadoccomment"> * @param right the dependency to test against</em>
<a class="jxr_linenumber" name="310" href="#310">310</a> <em class="jxr_javadoccomment"> * @return a boolean indicating whether or not the left dependency should be</em>
<a class="jxr_linenumber" name="311" href="#311">311</a> <em class="jxr_javadoccomment"> * considered the "core" version.</em>
<a class="jxr_linenumber" name="312" href="#312">312</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="313" href="#313">313</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isCore(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> left, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> right) {
<a class="jxr_linenumber" name="314" href="#314">314</a> <strong class="jxr_keyword">final</strong> String leftName = left.getFileName().toLowerCase();
<a class="jxr_linenumber" name="315" href="#315">315</a> <strong class="jxr_keyword">final</strong> String rightName = right.getFileName().toLowerCase();
<a class="jxr_linenumber" name="316" href="#316">316</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> returnVal;
<a class="jxr_linenumber" name="317" href="#317">317</a> <strong class="jxr_keyword">if</strong> (rightName.contains(<span class="jxr_string">"core"</span>) &amp;&amp; !leftName.contains(<span class="jxr_string">"core"</span>)) {
<a class="jxr_linenumber" name="318" href="#318">318</a> returnVal = false;
<a class="jxr_linenumber" name="319" href="#319">319</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (!rightName.contains(<span class="jxr_string">"core"</span>) &amp;&amp; leftName.contains(<span class="jxr_string">"core"</span>)) {
<a class="jxr_linenumber" name="320" href="#320">320</a> returnVal = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="321" href="#321">321</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="322" href="#322">322</a> <em class="jxr_comment">/*</em>
<a class="jxr_linenumber" name="323" href="#323">323</a> <em class="jxr_comment"> * considered splitting the names up and comparing the components,</em>
<a class="jxr_linenumber" name="324" href="#324">324</a> <em class="jxr_comment"> * but decided that the file name length should be sufficient as the</em>
<a class="jxr_linenumber" name="325" href="#325">325</a> <em class="jxr_comment"> * "core" component, if this follows a normal namming protocol should</em>
<a class="jxr_linenumber" name="326" href="#326">326</a> <em class="jxr_comment"> * be shorter:</em>
<a class="jxr_linenumber" name="327" href="#327">327</a> <em class="jxr_comment"> * axis2-saaj-1.4.1.jar</em>
<a class="jxr_linenumber" name="328" href="#328">328</a> <em class="jxr_comment"> * axis2-1.4.1.jar &lt;-----</em>
<a class="jxr_linenumber" name="329" href="#329">329</a> <em class="jxr_comment"> * axis2-kernal-1.4.1.jar</em>
<a class="jxr_linenumber" name="330" href="#330">330</a> <em class="jxr_comment"> */</em>
<a class="jxr_linenumber" name="331" href="#331">331</a> <strong class="jxr_keyword">if</strong> (leftName.length() &gt; rightName.length()) {
<a class="jxr_linenumber" name="332" href="#332">332</a> returnVal = false;
<a class="jxr_linenumber" name="333" href="#333">333</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="334" href="#334">334</a> returnVal = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="335" href="#335">335</a> }
<a class="jxr_linenumber" name="336" href="#336">336</a> }
<a class="jxr_linenumber" name="337" href="#337">337</a> <strong class="jxr_keyword">if</strong> (LogUtils.isVerboseLoggingEnabled()) {
<a class="jxr_linenumber" name="338" href="#338">338</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"IsCore=%s (%s, %s)"</span>, returnVal, left.getFileName(), right.getFileName());
<a class="jxr_linenumber" name="339" href="#339">339</a> Logger.getLogger(DependencyBundlingAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, msg);
<a class="jxr_linenumber" name="340" href="#340">340</a> }
<a class="jxr_linenumber" name="341" href="#341">341</a> <strong class="jxr_keyword">return</strong> returnVal;
<a class="jxr_linenumber" name="342" href="#342">342</a> }
<a class="jxr_linenumber" name="343" href="#343">343</a> }
</pre>
<hr/><div id="footer">This page was automatically generated by <a href="http://maven.apache.org/">Maven</a></div></body>
</html>

480
dependency-check-core/xref/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.html
View File

@@ -119,230 +119,266 @@
<a class="jxr_linenumber" name="109" href="#109">109</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyze(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="110" href="#110">110</a> removeJreEntries(dependency);
<a class="jxr_linenumber" name="111" href="#111">111</a> removeBadMatches(dependency);
<a class="jxr_linenumber" name="112" href="#112">112</a> removeSpuriousCPE(dependency);
<a class="jxr_linenumber" name="113" href="#113">113</a> addFalseNegativeCPEs(dependency);
<a class="jxr_linenumber" name="114" href="#114">114</a> }
<a class="jxr_linenumber" name="115" href="#115">115</a>
<a class="jxr_linenumber" name="116" href="#116">116</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="117" href="#117">117</a> <em class="jxr_javadoccomment"> * &lt;p&gt;Intended to remove spurious CPE entries. By spurious we mean</em>
<a class="jxr_linenumber" name="118" href="#118">118</a> <em class="jxr_javadoccomment"> * duplicate, less specific CPE entries.&lt;/p&gt;</em>
<a class="jxr_linenumber" name="119" href="#119">119</a> <em class="jxr_javadoccomment"> * &lt;p&gt;Example:&lt;/p&gt;</em>
<a class="jxr_linenumber" name="120" href="#120">120</a> <em class="jxr_javadoccomment"> * &lt;code&gt;</em>
<a class="jxr_linenumber" name="121" href="#121">121</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product</em>
<a class="jxr_linenumber" name="122" href="#122">122</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product:1.5</em>
<a class="jxr_linenumber" name="123" href="#123">123</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product:1.5.2</em>
<a class="jxr_linenumber" name="124" href="#124">124</a> <em class="jxr_javadoccomment"> * &lt;/code&gt;</em>
<a class="jxr_linenumber" name="125" href="#125">125</a> <em class="jxr_javadoccomment"> * &lt;p&gt;Should be trimmed to:&lt;/p&gt;</em>
<a class="jxr_linenumber" name="126" href="#126">126</a> <em class="jxr_javadoccomment"> * &lt;code&gt;</em>
<a class="jxr_linenumber" name="127" href="#127">127</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product:1.5.2</em>
<a class="jxr_linenumber" name="128" href="#128">128</a> <em class="jxr_javadoccomment"> * &lt;/code&gt;</em>
<a class="jxr_linenumber" name="129" href="#129">129</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="130" href="#130">130</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="131" href="#131">131</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="132" href="#132">132</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeSpuriousCPE(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
<a class="jxr_linenumber" name="133" href="#133">133</a> <strong class="jxr_keyword">final</strong> List&lt;Identifier&gt; ids = <strong class="jxr_keyword">new</strong> ArrayList&lt;Identifier&gt;();
<a class="jxr_linenumber" name="134" href="#134">134</a> ids.addAll(dependency.getIdentifiers());
<a class="jxr_linenumber" name="135" href="#135">135</a> Collections.sort(ids);
<a class="jxr_linenumber" name="136" href="#136">136</a> <strong class="jxr_keyword">final</strong> ListIterator&lt;Identifier&gt; mainItr = ids.listIterator();
<a class="jxr_linenumber" name="137" href="#137">137</a> <strong class="jxr_keyword">while</strong> (mainItr.hasNext()) {
<a class="jxr_linenumber" name="138" href="#138">138</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> currentId = mainItr.next();
<a class="jxr_linenumber" name="139" href="#139">139</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> currentCpe = parseCpe(currentId.getType(), currentId.getValue());
<a class="jxr_linenumber" name="140" href="#140">140</a> <strong class="jxr_keyword">if</strong> (currentCpe == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="141" href="#141">141</a> <strong class="jxr_keyword">continue</strong>;
<a class="jxr_linenumber" name="142" href="#142">142</a> }
<a class="jxr_linenumber" name="143" href="#143">143</a> <strong class="jxr_keyword">final</strong> ListIterator&lt;Identifier&gt; subItr = ids.listIterator(mainItr.nextIndex());
<a class="jxr_linenumber" name="144" href="#144">144</a> <strong class="jxr_keyword">while</strong> (subItr.hasNext()) {
<a class="jxr_linenumber" name="145" href="#145">145</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> nextId = subItr.next();
<a class="jxr_linenumber" name="146" href="#146">146</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> nextCpe = parseCpe(nextId.getType(), nextId.getValue());
<a class="jxr_linenumber" name="147" href="#147">147</a> <strong class="jxr_keyword">if</strong> (nextCpe == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="148" href="#148">148</a> <strong class="jxr_keyword">continue</strong>;
<a class="jxr_linenumber" name="149" href="#149">149</a> }
<a class="jxr_linenumber" name="150" href="#150">150</a> <em class="jxr_comment">//TODO fix the version problem below</em>
<a class="jxr_linenumber" name="151" href="#151">151</a> <strong class="jxr_keyword">if</strong> (currentCpe.getVendor().equals(nextCpe.getVendor())) {
<a class="jxr_linenumber" name="152" href="#152">152</a> <strong class="jxr_keyword">if</strong> (currentCpe.getProduct().equals(nextCpe.getProduct())) {
<a class="jxr_linenumber" name="153" href="#153">153</a> <em class="jxr_comment">// see if one is contained in the other.. remove the contained one from dependency.getIdentifier</em>
<a class="jxr_linenumber" name="154" href="#154">154</a> <strong class="jxr_keyword">final</strong> String currentVersion = currentCpe.getVersion();
<a class="jxr_linenumber" name="155" href="#155">155</a> <strong class="jxr_keyword">final</strong> String nextVersion = nextCpe.getVersion();
<a class="jxr_linenumber" name="156" href="#156">156</a> <strong class="jxr_keyword">if</strong> (currentVersion == <strong class="jxr_keyword">null</strong> &amp;&amp; nextVersion == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="157" href="#157">157</a> <em class="jxr_comment">//how did we get here?</em>
<a class="jxr_linenumber" name="158" href="#158">158</a> Logger.getLogger(FalsePositiveAnalyzer.<strong class="jxr_keyword">class</strong>
<a class="jxr_linenumber" name="159" href="#159">159</a> .getName()).log(Level.FINE, <span class="jxr_string">"currentVersion and nextVersion are both null?"</span>);
<a class="jxr_linenumber" name="160" href="#160">160</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (currentVersion == <strong class="jxr_keyword">null</strong> &amp;&amp; nextVersion != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="161" href="#161">161</a> dependency.getIdentifiers().remove(currentId);
<a class="jxr_linenumber" name="162" href="#162">162</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextVersion == <strong class="jxr_keyword">null</strong> &amp;&amp; currentVersion != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="163" href="#163">163</a> dependency.getIdentifiers().remove(nextId);
<a class="jxr_linenumber" name="164" href="#164">164</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (currentVersion.length() &lt; nextVersion.length()) {
<a class="jxr_linenumber" name="165" href="#165">165</a> <strong class="jxr_keyword">if</strong> (nextVersion.startsWith(currentVersion) || <span class="jxr_string">"-"</span>.equals(currentVersion)) {
<a class="jxr_linenumber" name="166" href="#166">166</a> dependency.getIdentifiers().remove(currentId);
<a class="jxr_linenumber" name="167" href="#167">167</a> }
<a class="jxr_linenumber" name="168" href="#168">168</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="169" href="#169">169</a> <strong class="jxr_keyword">if</strong> (currentVersion.startsWith(nextVersion) || <span class="jxr_string">"-"</span>.equals(nextVersion)) {
<a class="jxr_linenumber" name="170" href="#170">170</a> dependency.getIdentifiers().remove(nextId);
<a class="jxr_linenumber" name="171" href="#171">171</a> }
<a class="jxr_linenumber" name="172" href="#172">172</a> }
<a class="jxr_linenumber" name="173" href="#173">173</a> }
<a class="jxr_linenumber" name="174" href="#174">174</a> }
<a class="jxr_linenumber" name="175" href="#175">175</a> }
<a class="jxr_linenumber" name="176" href="#176">176</a> }
<a class="jxr_linenumber" name="177" href="#177">177</a> }
<a class="jxr_linenumber" name="178" href="#178">178</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="179" href="#179">179</a> <em class="jxr_javadoccomment"> * Regex to identify core java libraries and a few other commonly</em>
<a class="jxr_linenumber" name="180" href="#180">180</a> <em class="jxr_javadoccomment"> * misidentified ones.</em>
<a class="jxr_linenumber" name="181" href="#181">181</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="182" href="#182">182</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern CORE_JAVA = Pattern.compile(<span class="jxr_string">"^cpe:/a:(sun|oracle|ibm):(j2[ems]e|"</span>
<a class="jxr_linenumber" name="183" href="#183">183</a> + <span class="jxr_string">"java(_platfrom_micro_edition|_runtime_environment|_se|virtual_machine|se_development_kit|fx)?|"</span>
<a class="jxr_linenumber" name="184" href="#184">184</a> + <span class="jxr_string">"jdk|jre|jsf|jsse)($|:.*)"</span>);
<a class="jxr_linenumber" name="185" href="#185">185</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="186" href="#186">186</a> <em class="jxr_javadoccomment"> * Regex to identify core java library files. This is currently incomplete.</em>
<a class="jxr_linenumber" name="187" href="#187">187</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="188" href="#188">188</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern CORE_FILES = Pattern.compile(<span class="jxr_string">"^((alt[-])?rt|jsf[-].*|jsse|jfxrt|jfr|jce|javaws|deploy|charsets)&#92;&#92;.jar$"</span>);
<a class="jxr_linenumber" name="189" href="#189">189</a>
<a class="jxr_linenumber" name="190" href="#190">190</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="191" href="#191">191</a> <em class="jxr_javadoccomment"> * Removes any CPE entries for the JDK/JRE unless the filename ends with</em>
<a class="jxr_linenumber" name="192" href="#192">192</a> <em class="jxr_javadoccomment"> * rt.jar</em>
<a class="jxr_linenumber" name="193" href="#193">193</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="194" href="#194">194</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to remove JRE CPEs from</em>
<a class="jxr_linenumber" name="195" href="#195">195</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="196" href="#196">196</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeJreEntries(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
<a class="jxr_linenumber" name="197" href="#197">197</a> <strong class="jxr_keyword">final</strong> Set&lt;Identifier&gt; identifiers = dependency.getIdentifiers();
<a class="jxr_linenumber" name="198" href="#198">198</a> <strong class="jxr_keyword">final</strong> Iterator&lt;Identifier&gt; itr = identifiers.iterator();
<a class="jxr_linenumber" name="199" href="#199">199</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
<a class="jxr_linenumber" name="200" href="#200">200</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
<a class="jxr_linenumber" name="201" href="#201">201</a> <strong class="jxr_keyword">final</strong> Matcher coreCPE = CORE_JAVA.matcher(i.getValue());
<a class="jxr_linenumber" name="202" href="#202">202</a> <strong class="jxr_keyword">final</strong> Matcher coreFiles = CORE_FILES.matcher(dependency.getFileName());
<a class="jxr_linenumber" name="203" href="#203">203</a> <strong class="jxr_keyword">if</strong> (coreCPE.matches() &amp;&amp; !coreFiles.matches()) {
<a class="jxr_linenumber" name="204" href="#204">204</a> itr.remove();
<a class="jxr_linenumber" name="205" href="#205">205</a> }
<a class="jxr_linenumber" name="206" href="#206">206</a>
<a class="jxr_linenumber" name="207" href="#207">207</a> <em class="jxr_comment">//replacecd with the regex above.</em>
<a class="jxr_linenumber" name="208" href="#208">208</a> <em class="jxr_comment">// if (("cpe:/a:sun:java".equals(i.getValue())</em>
<a class="jxr_linenumber" name="209" href="#209">209</a> <em class="jxr_comment">// || "cpe:/a:oracle:java".equals(i.getValue())</em>
<a class="jxr_linenumber" name="210" href="#210">210</a> <em class="jxr_comment">// || "cpe:/a:ibm:java".equals(i.getValue())</em>
<a class="jxr_linenumber" name="211" href="#211">211</a> <em class="jxr_comment">// || "cpe:/a:sun:j2se".equals(i.getValue())</em>
<a class="jxr_linenumber" name="212" href="#212">212</a> <em class="jxr_comment">// || "cpe:/a:oracle:j2se".equals(i.getValue())</em>
<a class="jxr_linenumber" name="213" href="#213">213</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:sun:java:")</em>
<a class="jxr_linenumber" name="214" href="#214">214</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:sun:j2se:")</em>
<a class="jxr_linenumber" name="215" href="#215">215</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:sun:java:jre")</em>
<a class="jxr_linenumber" name="216" href="#216">216</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:sun:java:jdk")</em>
<a class="jxr_linenumber" name="217" href="#217">217</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:sun:java_se")</em>
<a class="jxr_linenumber" name="218" href="#218">218</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:oracle:java_se")</em>
<a class="jxr_linenumber" name="219" href="#219">219</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:oracle:java:")</em>
<a class="jxr_linenumber" name="220" href="#220">220</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:oracle:j2se:")</em>
<a class="jxr_linenumber" name="221" href="#221">221</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:oracle:jre")</em>
<a class="jxr_linenumber" name="222" href="#222">222</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:oracle:jdk")</em>
<a class="jxr_linenumber" name="223" href="#223">223</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:ibm:java:"))</em>
<a class="jxr_linenumber" name="224" href="#224">224</a> <em class="jxr_comment">// &amp;&amp; !dependency.getFileName().toLowerCase().endsWith("rt.jar")) {</em>
<a class="jxr_linenumber" name="225" href="#225">225</a> <em class="jxr_comment">// itr.remove();</em>
<a class="jxr_linenumber" name="226" href="#226">226</a> <em class="jxr_comment">// }</em>
<a class="jxr_linenumber" name="227" href="#227">227</a> }
<a class="jxr_linenumber" name="228" href="#228">228</a> }
<a class="jxr_linenumber" name="229" href="#229">229</a>
<a class="jxr_linenumber" name="230" href="#230">230</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="231" href="#231">231</a> <em class="jxr_javadoccomment"> * Parses a CPE string into an IndexEntry.</em>
<a class="jxr_linenumber" name="232" href="#232">232</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="233" href="#233">233</a> <em class="jxr_javadoccomment"> * @param type the type of identifier</em>
<a class="jxr_linenumber" name="234" href="#234">234</a> <em class="jxr_javadoccomment"> * @param value the cpe identifier to parse</em>
<a class="jxr_linenumber" name="235" href="#235">235</a> <em class="jxr_javadoccomment"> * @return an VulnerableSoftware object constructed from the identifier</em>
<a class="jxr_linenumber" name="236" href="#236">236</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="237" href="#237">237</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> parseCpe(String type, String value) {
<a class="jxr_linenumber" name="238" href="#238">238</a> <strong class="jxr_keyword">if</strong> (!<span class="jxr_string">"cpe"</span>.equals(type)) {
<a class="jxr_linenumber" name="239" href="#239">239</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="240" href="#240">240</a> }
<a class="jxr_linenumber" name="241" href="#241">241</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> cpe = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a>();
<a class="jxr_linenumber" name="242" href="#242">242</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="243" href="#243">243</a> cpe.parseName(value);
<a class="jxr_linenumber" name="244" href="#244">244</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
<a class="jxr_linenumber" name="245" href="#245">245</a> Logger.getLogger(FalsePositiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="246" href="#246">246</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="247" href="#247">247</a> }
<a class="jxr_linenumber" name="248" href="#248">248</a> <strong class="jxr_keyword">return</strong> cpe;
<a class="jxr_linenumber" name="249" href="#249">249</a> }
<a class="jxr_linenumber" name="250" href="#250">250</a>
<a class="jxr_linenumber" name="251" href="#251">251</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="252" href="#252">252</a> <em class="jxr_javadoccomment"> * Removes bad CPE matches for a dependency. Unfortunately, right now these</em>
<a class="jxr_linenumber" name="253" href="#253">253</a> <em class="jxr_javadoccomment"> * are hard-coded patches for specific problems identified when testing this</em>
<a class="jxr_linenumber" name="254" href="#254">254</a> <em class="jxr_javadoccomment"> * on a LARGE volume of jar files.</em>
<a class="jxr_linenumber" name="255" href="#255">255</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="256" href="#256">256</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
<a class="jxr_linenumber" name="257" href="#257">257</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="258" href="#258">258</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeBadMatches(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
<a class="jxr_linenumber" name="259" href="#259">259</a> <strong class="jxr_keyword">final</strong> Set&lt;Identifier&gt; identifiers = dependency.getIdentifiers();
<a class="jxr_linenumber" name="260" href="#260">260</a> <strong class="jxr_keyword">final</strong> Iterator&lt;Identifier&gt; itr = identifiers.iterator();
<a class="jxr_linenumber" name="261" href="#261">261</a>
<a class="jxr_linenumber" name="262" href="#262">262</a> <em class="jxr_comment">/*<em class="jxr_comment"> TODO - can we utilize the pom's groupid and artifactId to filter??? most of</em></em>
<a class="jxr_linenumber" name="263" href="#263">263</a> <em class="jxr_comment"> * these are due to low quality data. Other idea would be to say any CPE</em>
<a class="jxr_linenumber" name="264" href="#264">264</a> <em class="jxr_comment"> * found based on LOW confidence evidence should have a different CPE type? (this</em>
<a class="jxr_linenumber" name="265" href="#265">265</a> <em class="jxr_comment"> * might be a better solution then just removing the URL for "best-guess" matches).</em>
<a class="jxr_linenumber" name="266" href="#266">266</a> <em class="jxr_comment"> */</em>
<a class="jxr_linenumber" name="267" href="#267">267</a>
<a class="jxr_linenumber" name="268" href="#268">268</a> <em class="jxr_comment">//Set&lt;Evidence&gt; groupId = dependency.getVendorEvidence().getEvidence("pom", "groupid");</em>
<a class="jxr_linenumber" name="269" href="#269">269</a> <em class="jxr_comment">//Set&lt;Evidence&gt; artifactId = dependency.getVendorEvidence().getEvidence("pom", "artifactid");</em>
<a class="jxr_linenumber" name="270" href="#270">270</a>
<a class="jxr_linenumber" name="271" href="#271">271</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
<a class="jxr_linenumber" name="272" href="#272">272</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
<a class="jxr_linenumber" name="273" href="#273">273</a> <em class="jxr_comment">//TODO move this startswith expression to a configuration file?</em>
<a class="jxr_linenumber" name="274" href="#274">274</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
<a class="jxr_linenumber" name="275" href="#275">275</a> <strong class="jxr_keyword">if</strong> ((i.getValue().matches(<span class="jxr_string">".*c&#92;&#92;+&#92;&#92;+.*"</span>)
<a class="jxr_linenumber" name="276" href="#276">276</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:jquery:jquery"</span>)
<a class="jxr_linenumber" name="277" href="#277">277</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:prototypejs:prototype"</span>)
<a class="jxr_linenumber" name="278" href="#278">278</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:yahoo:yui"</span>)
<a class="jxr_linenumber" name="279" href="#279">279</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:file:file"</span>)
<a class="jxr_linenumber" name="280" href="#280">280</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:mozilla:mozilla"</span>)
<a class="jxr_linenumber" name="281" href="#281">281</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:cvs:cvs"</span>)
<a class="jxr_linenumber" name="282" href="#282">282</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:ftp:ftp"</span>)
<a class="jxr_linenumber" name="283" href="#283">283</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:ssh:ssh"</span>))
<a class="jxr_linenumber" name="284" href="#284">284</a> &amp;&amp; dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".jar"</span>)) {
<a class="jxr_linenumber" name="285" href="#285">285</a> itr.remove();
<a class="jxr_linenumber" name="286" href="#286">286</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (i.getValue().startsWith(<span class="jxr_string">"cpe:/a:apache:maven"</span>)
<a class="jxr_linenumber" name="287" href="#287">287</a> &amp;&amp; !dependency.getFileName().toLowerCase().matches(<span class="jxr_string">"maven-core-[&#92;&#92;d&#92;&#92;.]+&#92;&#92;.jar"</span>)) {
<a class="jxr_linenumber" name="288" href="#288">288</a> itr.remove();
<a class="jxr_linenumber" name="289" href="#289">289</a> }
<a class="jxr_linenumber" name="290" href="#290">290</a> }
<a class="jxr_linenumber" name="291" href="#291">291</a> }
<a class="jxr_linenumber" name="292" href="#292">292</a> }
<a class="jxr_linenumber" name="293" href="#293">293</a>
<a class="jxr_linenumber" name="294" href="#294">294</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="295" href="#295">295</a> <em class="jxr_javadoccomment"> * There are some known CPE entries, specifically regarding sun and oracle</em>
<a class="jxr_linenumber" name="296" href="#296">296</a> <em class="jxr_javadoccomment"> * products due to the acquisition and changes in product names, that based</em>
<a class="jxr_linenumber" name="297" href="#297">297</a> <em class="jxr_javadoccomment"> * on given evidence we can add the related CPE entries to ensure a complete</em>
<a class="jxr_linenumber" name="298" href="#298">298</a> <em class="jxr_javadoccomment"> * list of CVE entries.</em>
<a class="jxr_linenumber" name="112" href="#112">112</a> removeWrongVersionMatches(dependency);
<a class="jxr_linenumber" name="113" href="#113">113</a> removeSpuriousCPE(dependency);
<a class="jxr_linenumber" name="114" href="#114">114</a> addFalseNegativeCPEs(dependency);
<a class="jxr_linenumber" name="115" href="#115">115</a> }
<a class="jxr_linenumber" name="116" href="#116">116</a>
<a class="jxr_linenumber" name="117" href="#117">117</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="118" href="#118">118</a> <em class="jxr_javadoccomment"> * &lt;p&gt;Intended to remove spurious CPE entries. By spurious we mean</em>
<a class="jxr_linenumber" name="119" href="#119">119</a> <em class="jxr_javadoccomment"> * duplicate, less specific CPE entries.&lt;/p&gt;</em>
<a class="jxr_linenumber" name="120" href="#120">120</a> <em class="jxr_javadoccomment"> * &lt;p&gt;Example:&lt;/p&gt;</em>
<a class="jxr_linenumber" name="121" href="#121">121</a> <em class="jxr_javadoccomment"> * &lt;code&gt;</em>
<a class="jxr_linenumber" name="122" href="#122">122</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product</em>
<a class="jxr_linenumber" name="123" href="#123">123</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product:1.5</em>
<a class="jxr_linenumber" name="124" href="#124">124</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product:1.5.2</em>
<a class="jxr_linenumber" name="125" href="#125">125</a> <em class="jxr_javadoccomment"> * &lt;/code&gt;</em>
<a class="jxr_linenumber" name="126" href="#126">126</a> <em class="jxr_javadoccomment"> * &lt;p&gt;Should be trimmed to:&lt;/p&gt;</em>
<a class="jxr_linenumber" name="127" href="#127">127</a> <em class="jxr_javadoccomment"> * &lt;code&gt;</em>
<a class="jxr_linenumber" name="128" href="#128">128</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product:1.5.2</em>
<a class="jxr_linenumber" name="129" href="#129">129</a> <em class="jxr_javadoccomment"> * &lt;/code&gt;</em>
<a class="jxr_linenumber" name="130" href="#130">130</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="131" href="#131">131</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="132" href="#132">132</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="133" href="#133">133</a> @SuppressWarnings(<span class="jxr_string">"null"</span>)
<a class="jxr_linenumber" name="134" href="#134">134</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeSpuriousCPE(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
<a class="jxr_linenumber" name="135" href="#135">135</a> <strong class="jxr_keyword">final</strong> List&lt;Identifier&gt; ids = <strong class="jxr_keyword">new</strong> ArrayList&lt;Identifier&gt;();
<a class="jxr_linenumber" name="136" href="#136">136</a> ids.addAll(dependency.getIdentifiers());
<a class="jxr_linenumber" name="137" href="#137">137</a> Collections.sort(ids);
<a class="jxr_linenumber" name="138" href="#138">138</a> <strong class="jxr_keyword">final</strong> ListIterator&lt;Identifier&gt; mainItr = ids.listIterator();
<a class="jxr_linenumber" name="139" href="#139">139</a> <strong class="jxr_keyword">while</strong> (mainItr.hasNext()) {
<a class="jxr_linenumber" name="140" href="#140">140</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> currentId = mainItr.next();
<a class="jxr_linenumber" name="141" href="#141">141</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> currentCpe = parseCpe(currentId.getType(), currentId.getValue());
<a class="jxr_linenumber" name="142" href="#142">142</a> <strong class="jxr_keyword">if</strong> (currentCpe == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="143" href="#143">143</a> <strong class="jxr_keyword">continue</strong>;
<a class="jxr_linenumber" name="144" href="#144">144</a> }
<a class="jxr_linenumber" name="145" href="#145">145</a> <strong class="jxr_keyword">final</strong> ListIterator&lt;Identifier&gt; subItr = ids.listIterator(mainItr.nextIndex());
<a class="jxr_linenumber" name="146" href="#146">146</a> <strong class="jxr_keyword">while</strong> (subItr.hasNext()) {
<a class="jxr_linenumber" name="147" href="#147">147</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> nextId = subItr.next();
<a class="jxr_linenumber" name="148" href="#148">148</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> nextCpe = parseCpe(nextId.getType(), nextId.getValue());
<a class="jxr_linenumber" name="149" href="#149">149</a> <strong class="jxr_keyword">if</strong> (nextCpe == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="150" href="#150">150</a> <strong class="jxr_keyword">continue</strong>;
<a class="jxr_linenumber" name="151" href="#151">151</a> }
<a class="jxr_linenumber" name="152" href="#152">152</a> <em class="jxr_comment">//TODO fix the version problem below</em>
<a class="jxr_linenumber" name="153" href="#153">153</a> <strong class="jxr_keyword">if</strong> (currentCpe.getVendor().equals(nextCpe.getVendor())) {
<a class="jxr_linenumber" name="154" href="#154">154</a> <strong class="jxr_keyword">if</strong> (currentCpe.getProduct().equals(nextCpe.getProduct())) {
<a class="jxr_linenumber" name="155" href="#155">155</a> <em class="jxr_comment">// see if one is contained in the other.. remove the contained one from dependency.getIdentifier</em>
<a class="jxr_linenumber" name="156" href="#156">156</a> <strong class="jxr_keyword">final</strong> String currentVersion = currentCpe.getVersion();
<a class="jxr_linenumber" name="157" href="#157">157</a> <strong class="jxr_keyword">final</strong> String nextVersion = nextCpe.getVersion();
<a class="jxr_linenumber" name="158" href="#158">158</a> <strong class="jxr_keyword">if</strong> (currentVersion == <strong class="jxr_keyword">null</strong> &amp;&amp; nextVersion == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="159" href="#159">159</a> <em class="jxr_comment">//how did we get here?</em>
<a class="jxr_linenumber" name="160" href="#160">160</a> Logger.getLogger(FalsePositiveAnalyzer.<strong class="jxr_keyword">class</strong>
<a class="jxr_linenumber" name="161" href="#161">161</a> .getName()).log(Level.FINE, <span class="jxr_string">"currentVersion and nextVersion are both null?"</span>);
<a class="jxr_linenumber" name="162" href="#162">162</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (currentVersion == <strong class="jxr_keyword">null</strong> &amp;&amp; nextVersion != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="163" href="#163">163</a> dependency.getIdentifiers().remove(currentId);
<a class="jxr_linenumber" name="164" href="#164">164</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextVersion == <strong class="jxr_keyword">null</strong> &amp;&amp; currentVersion != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="165" href="#165">165</a> dependency.getIdentifiers().remove(nextId);
<a class="jxr_linenumber" name="166" href="#166">166</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (currentVersion.length() &lt; nextVersion.length()) {
<a class="jxr_linenumber" name="167" href="#167">167</a> <strong class="jxr_keyword">if</strong> (nextVersion.startsWith(currentVersion) || <span class="jxr_string">"-"</span>.equals(currentVersion)) {
<a class="jxr_linenumber" name="168" href="#168">168</a> dependency.getIdentifiers().remove(currentId);
<a class="jxr_linenumber" name="169" href="#169">169</a> }
<a class="jxr_linenumber" name="170" href="#170">170</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="171" href="#171">171</a> <strong class="jxr_keyword">if</strong> (currentVersion.startsWith(nextVersion) || <span class="jxr_string">"-"</span>.equals(nextVersion)) {
<a class="jxr_linenumber" name="172" href="#172">172</a> dependency.getIdentifiers().remove(nextId);
<a class="jxr_linenumber" name="173" href="#173">173</a> }
<a class="jxr_linenumber" name="174" href="#174">174</a> }
<a class="jxr_linenumber" name="175" href="#175">175</a> }
<a class="jxr_linenumber" name="176" href="#176">176</a> }
<a class="jxr_linenumber" name="177" href="#177">177</a> }
<a class="jxr_linenumber" name="178" href="#178">178</a> }
<a class="jxr_linenumber" name="179" href="#179">179</a> }
<a class="jxr_linenumber" name="180" href="#180">180</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="181" href="#181">181</a> <em class="jxr_javadoccomment"> * Regex to identify core java libraries and a few other commonly</em>
<a class="jxr_linenumber" name="182" href="#182">182</a> <em class="jxr_javadoccomment"> * misidentified ones.</em>
<a class="jxr_linenumber" name="183" href="#183">183</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="184" href="#184">184</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern CORE_JAVA = Pattern.compile(<span class="jxr_string">"^cpe:/a:(sun|oracle|ibm):(j2[ems]e|"</span>
<a class="jxr_linenumber" name="185" href="#185">185</a> + <span class="jxr_string">"java(_platfrom_micro_edition|_runtime_environment|_se|virtual_machine|se_development_kit|fx)?|"</span>
<a class="jxr_linenumber" name="186" href="#186">186</a> + <span class="jxr_string">"jdk|jre|jsf|jsse)($|:.*)"</span>);
<a class="jxr_linenumber" name="187" href="#187">187</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="188" href="#188">188</a> <em class="jxr_javadoccomment"> * Regex to identify core java library files. This is currently incomplete.</em>
<a class="jxr_linenumber" name="189" href="#189">189</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="190" href="#190">190</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern CORE_FILES = Pattern.compile(<span class="jxr_string">"^((alt[-])?rt|jsf[-].*|jsse|jfxrt|jfr|jce|javaws|deploy|charsets)&#92;&#92;.jar$"</span>);
<a class="jxr_linenumber" name="191" href="#191">191</a>
<a class="jxr_linenumber" name="192" href="#192">192</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="193" href="#193">193</a> <em class="jxr_javadoccomment"> * Removes any CPE entries for the JDK/JRE unless the filename ends with</em>
<a class="jxr_linenumber" name="194" href="#194">194</a> <em class="jxr_javadoccomment"> * rt.jar</em>
<a class="jxr_linenumber" name="195" href="#195">195</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="196" href="#196">196</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to remove JRE CPEs from</em>
<a class="jxr_linenumber" name="197" href="#197">197</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="198" href="#198">198</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeJreEntries(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
<a class="jxr_linenumber" name="199" href="#199">199</a> <strong class="jxr_keyword">final</strong> Set&lt;Identifier&gt; identifiers = dependency.getIdentifiers();
<a class="jxr_linenumber" name="200" href="#200">200</a> <strong class="jxr_keyword">final</strong> Iterator&lt;Identifier&gt; itr = identifiers.iterator();
<a class="jxr_linenumber" name="201" href="#201">201</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
<a class="jxr_linenumber" name="202" href="#202">202</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
<a class="jxr_linenumber" name="203" href="#203">203</a> <strong class="jxr_keyword">final</strong> Matcher coreCPE = CORE_JAVA.matcher(i.getValue());
<a class="jxr_linenumber" name="204" href="#204">204</a> <strong class="jxr_keyword">final</strong> Matcher coreFiles = CORE_FILES.matcher(dependency.getFileName());
<a class="jxr_linenumber" name="205" href="#205">205</a> <strong class="jxr_keyword">if</strong> (coreCPE.matches() &amp;&amp; !coreFiles.matches()) {
<a class="jxr_linenumber" name="206" href="#206">206</a> itr.remove();
<a class="jxr_linenumber" name="207" href="#207">207</a> }
<a class="jxr_linenumber" name="208" href="#208">208</a>
<a class="jxr_linenumber" name="209" href="#209">209</a> <em class="jxr_comment">//replacecd with the regex above.</em>
<a class="jxr_linenumber" name="210" href="#210">210</a> <em class="jxr_comment">// if (("cpe:/a:sun:java".equals(i.getValue())</em>
<a class="jxr_linenumber" name="211" href="#211">211</a> <em class="jxr_comment">// || "cpe:/a:oracle:java".equals(i.getValue())</em>
<a class="jxr_linenumber" name="212" href="#212">212</a> <em class="jxr_comment">// || "cpe:/a:ibm:java".equals(i.getValue())</em>
<a class="jxr_linenumber" name="213" href="#213">213</a> <em class="jxr_comment">// || "cpe:/a:sun:j2se".equals(i.getValue())</em>
<a class="jxr_linenumber" name="214" href="#214">214</a> <em class="jxr_comment">// || "cpe:/a:oracle:j2se".equals(i.getValue())</em>
<a class="jxr_linenumber" name="215" href="#215">215</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:sun:java:")</em>
<a class="jxr_linenumber" name="216" href="#216">216</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:sun:j2se:")</em>
<a class="jxr_linenumber" name="217" href="#217">217</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:sun:java:jre")</em>
<a class="jxr_linenumber" name="218" href="#218">218</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:sun:java:jdk")</em>
<a class="jxr_linenumber" name="219" href="#219">219</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:sun:java_se")</em>
<a class="jxr_linenumber" name="220" href="#220">220</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:oracle:java_se")</em>
<a class="jxr_linenumber" name="221" href="#221">221</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:oracle:java:")</em>
<a class="jxr_linenumber" name="222" href="#222">222</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:oracle:j2se:")</em>
<a class="jxr_linenumber" name="223" href="#223">223</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:oracle:jre")</em>
<a class="jxr_linenumber" name="224" href="#224">224</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:oracle:jdk")</em>
<a class="jxr_linenumber" name="225" href="#225">225</a> <em class="jxr_comment">// || i.getValue().startsWith("cpe:/a:ibm:java:"))</em>
<a class="jxr_linenumber" name="226" href="#226">226</a> <em class="jxr_comment">// &amp;&amp; !dependency.getFileName().toLowerCase().endsWith("rt.jar")) {</em>
<a class="jxr_linenumber" name="227" href="#227">227</a> <em class="jxr_comment">// itr.remove();</em>
<a class="jxr_linenumber" name="228" href="#228">228</a> <em class="jxr_comment">// }</em>
<a class="jxr_linenumber" name="229" href="#229">229</a> }
<a class="jxr_linenumber" name="230" href="#230">230</a> }
<a class="jxr_linenumber" name="231" href="#231">231</a>
<a class="jxr_linenumber" name="232" href="#232">232</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="233" href="#233">233</a> <em class="jxr_javadoccomment"> * Parses a CPE string into an IndexEntry.</em>
<a class="jxr_linenumber" name="234" href="#234">234</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="235" href="#235">235</a> <em class="jxr_javadoccomment"> * @param type the type of identifier</em>
<a class="jxr_linenumber" name="236" href="#236">236</a> <em class="jxr_javadoccomment"> * @param value the cpe identifier to parse</em>
<a class="jxr_linenumber" name="237" href="#237">237</a> <em class="jxr_javadoccomment"> * @return an VulnerableSoftware object constructed from the identifier</em>
<a class="jxr_linenumber" name="238" href="#238">238</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="239" href="#239">239</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> parseCpe(String type, String value) {
<a class="jxr_linenumber" name="240" href="#240">240</a> <strong class="jxr_keyword">if</strong> (!<span class="jxr_string">"cpe"</span>.equals(type)) {
<a class="jxr_linenumber" name="241" href="#241">241</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="242" href="#242">242</a> }
<a class="jxr_linenumber" name="243" href="#243">243</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> cpe = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a>();
<a class="jxr_linenumber" name="244" href="#244">244</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="245" href="#245">245</a> cpe.parseName(value);
<a class="jxr_linenumber" name="246" href="#246">246</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
<a class="jxr_linenumber" name="247" href="#247">247</a> Logger.getLogger(FalsePositiveAnalyzer.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="248" href="#248">248</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="249" href="#249">249</a> }
<a class="jxr_linenumber" name="250" href="#250">250</a> <strong class="jxr_keyword">return</strong> cpe;
<a class="jxr_linenumber" name="251" href="#251">251</a> }
<a class="jxr_linenumber" name="252" href="#252">252</a>
<a class="jxr_linenumber" name="253" href="#253">253</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="254" href="#254">254</a> <em class="jxr_javadoccomment"> * Removes bad CPE matches for a dependency. Unfortunately, right now these</em>
<a class="jxr_linenumber" name="255" href="#255">255</a> <em class="jxr_javadoccomment"> * are hard-coded patches for specific problems identified when testing this</em>
<a class="jxr_linenumber" name="256" href="#256">256</a> <em class="jxr_javadoccomment"> * on a LARGE volume of jar files.</em>
<a class="jxr_linenumber" name="257" href="#257">257</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="258" href="#258">258</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
<a class="jxr_linenumber" name="259" href="#259">259</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="260" href="#260">260</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeBadMatches(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
<a class="jxr_linenumber" name="261" href="#261">261</a> <strong class="jxr_keyword">final</strong> Set&lt;Identifier&gt; identifiers = dependency.getIdentifiers();
<a class="jxr_linenumber" name="262" href="#262">262</a> <strong class="jxr_keyword">final</strong> Iterator&lt;Identifier&gt; itr = identifiers.iterator();
<a class="jxr_linenumber" name="263" href="#263">263</a>
<a class="jxr_linenumber" name="264" href="#264">264</a> <em class="jxr_comment">/*<em class="jxr_comment"> TODO - can we utilize the pom's groupid and artifactId to filter??? most of</em></em>
<a class="jxr_linenumber" name="265" href="#265">265</a> <em class="jxr_comment"> * these are due to low quality data. Other idea would be to say any CPE</em>
<a class="jxr_linenumber" name="266" href="#266">266</a> <em class="jxr_comment"> * found based on LOW confidence evidence should have a different CPE type? (this</em>
<a class="jxr_linenumber" name="267" href="#267">267</a> <em class="jxr_comment"> * might be a better solution then just removing the URL for "best-guess" matches).</em>
<a class="jxr_linenumber" name="268" href="#268">268</a> <em class="jxr_comment"> */</em>
<a class="jxr_linenumber" name="269" href="#269">269</a>
<a class="jxr_linenumber" name="270" href="#270">270</a> <em class="jxr_comment">//Set&lt;Evidence&gt; groupId = dependency.getVendorEvidence().getEvidence("pom", "groupid");</em>
<a class="jxr_linenumber" name="271" href="#271">271</a> <em class="jxr_comment">//Set&lt;Evidence&gt; artifactId = dependency.getVendorEvidence().getEvidence("pom", "artifactid");</em>
<a class="jxr_linenumber" name="272" href="#272">272</a>
<a class="jxr_linenumber" name="273" href="#273">273</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
<a class="jxr_linenumber" name="274" href="#274">274</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
<a class="jxr_linenumber" name="275" href="#275">275</a> <em class="jxr_comment">//TODO move this startswith expression to a configuration file?</em>
<a class="jxr_linenumber" name="276" href="#276">276</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
<a class="jxr_linenumber" name="277" href="#277">277</a> <strong class="jxr_keyword">if</strong> ((i.getValue().matches(<span class="jxr_string">".*c&#92;&#92;+&#92;&#92;+.*"</span>)
<a class="jxr_linenumber" name="278" href="#278">278</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:jquery:jquery"</span>)
<a class="jxr_linenumber" name="279" href="#279">279</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:prototypejs:prototype"</span>)
<a class="jxr_linenumber" name="280" href="#280">280</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:yahoo:yui"</span>)
<a class="jxr_linenumber" name="281" href="#281">281</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:file:file"</span>)
<a class="jxr_linenumber" name="282" href="#282">282</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:mozilla:mozilla"</span>)
<a class="jxr_linenumber" name="283" href="#283">283</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:cvs:cvs"</span>)
<a class="jxr_linenumber" name="284" href="#284">284</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:ftp:ftp"</span>)
<a class="jxr_linenumber" name="285" href="#285">285</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:ssh:ssh"</span>))
<a class="jxr_linenumber" name="286" href="#286">286</a> &amp;&amp; dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".jar"</span>)) {
<a class="jxr_linenumber" name="287" href="#287">287</a> itr.remove();
<a class="jxr_linenumber" name="288" href="#288">288</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (i.getValue().startsWith(<span class="jxr_string">"cpe:/a:apache:maven"</span>)
<a class="jxr_linenumber" name="289" href="#289">289</a> &amp;&amp; !dependency.getFileName().toLowerCase().matches(<span class="jxr_string">"maven-core-[&#92;&#92;d&#92;&#92;.]+&#92;&#92;.jar"</span>)) {
<a class="jxr_linenumber" name="290" href="#290">290</a> itr.remove();
<a class="jxr_linenumber" name="291" href="#291">291</a> }
<a class="jxr_linenumber" name="292" href="#292">292</a> }
<a class="jxr_linenumber" name="293" href="#293">293</a> }
<a class="jxr_linenumber" name="294" href="#294">294</a> }
<a class="jxr_linenumber" name="295" href="#295">295</a>
<a class="jxr_linenumber" name="296" href="#296">296</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="297" href="#297">297</a> <em class="jxr_javadoccomment"> * Removes CPE matches for the wrong version of a dependency. Currently,</em>
<a class="jxr_linenumber" name="298" href="#298">298</a> <em class="jxr_javadoccomment"> * this only covers Axis 1 &amp; 2.</em>
<a class="jxr_linenumber" name="299" href="#299">299</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="300" href="#300">300</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="300" href="#300">300</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
<a class="jxr_linenumber" name="301" href="#301">301</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="302" href="#302">302</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addFalseNegativeCPEs(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
<a class="jxr_linenumber" name="303" href="#303">303</a> <strong class="jxr_keyword">final</strong> Iterator&lt;Identifier&gt; itr = dependency.getIdentifiers().iterator();
<a class="jxr_linenumber" name="304" href="#304">304</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
<a class="jxr_linenumber" name="305" href="#305">305</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
<a class="jxr_linenumber" name="306" href="#306">306</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType()) &amp;&amp; i.getValue() != <strong class="jxr_keyword">null</strong>
<a class="jxr_linenumber" name="307" href="#307">307</a> &amp;&amp; (i.getValue().startsWith(<span class="jxr_string">"cpe:/a:oracle:opensso:"</span>)
<a class="jxr_linenumber" name="308" href="#308">308</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:oracle:opensso_enterprise:"</span>)
<a class="jxr_linenumber" name="309" href="#309">309</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:sun:opensso_enterprise:"</span>)
<a class="jxr_linenumber" name="310" href="#310">310</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:sun:opensso:"</span>))) {
<a class="jxr_linenumber" name="311" href="#311">311</a> <strong class="jxr_keyword">final</strong> String newCpe = String.format(<span class="jxr_string">"cpe:/a:sun:opensso_enterprise:%s"</span>, i.getValue().substring(22));
<a class="jxr_linenumber" name="312" href="#312">312</a> <strong class="jxr_keyword">final</strong> String newCpe2 = String.format(<span class="jxr_string">"cpe:/a:oracle:opensso_enterprise:%s"</span>, i.getValue().substring(22));
<a class="jxr_linenumber" name="313" href="#313">313</a> <strong class="jxr_keyword">final</strong> String newCpe3 = String.format(<span class="jxr_string">"cpe:/a:sun:opensso:%s"</span>, i.getValue().substring(22));
<a class="jxr_linenumber" name="314" href="#314">314</a> <strong class="jxr_keyword">final</strong> String newCpe4 = String.format(<span class="jxr_string">"cpe:/a:oracle:opensso:%s"</span>, i.getValue().substring(22));
<a class="jxr_linenumber" name="315" href="#315">315</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="316" href="#316">316</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
<a class="jxr_linenumber" name="317" href="#317">317</a> newCpe,
<a class="jxr_linenumber" name="318" href="#318">318</a> String.format(<span class="jxr_string">"http://web.nvd.nist.gov/view/vuln/search?cpe=%s"</span>, URLEncoder.encode(newCpe, <span class="jxr_string">"UTF-8"</span>)));
<a class="jxr_linenumber" name="319" href="#319">319</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
<a class="jxr_linenumber" name="320" href="#320">320</a> newCpe2,
<a class="jxr_linenumber" name="321" href="#321">321</a> String.format(<span class="jxr_string">"http://web.nvd.nist.gov/view/vuln/search?cpe=%s"</span>, URLEncoder.encode(newCpe2, <span class="jxr_string">"UTF-8"</span>)));
<a class="jxr_linenumber" name="322" href="#322">322</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
<a class="jxr_linenumber" name="323" href="#323">323</a> newCpe3,
<a class="jxr_linenumber" name="324" href="#324">324</a> String.format(<span class="jxr_string">"http://web.nvd.nist.gov/view/vuln/search?cpe=%s"</span>, URLEncoder.encode(newCpe3, <span class="jxr_string">"UTF-8"</span>)));
<a class="jxr_linenumber" name="325" href="#325">325</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
<a class="jxr_linenumber" name="326" href="#326">326</a> newCpe4,
<a class="jxr_linenumber" name="327" href="#327">327</a> String.format(<span class="jxr_string">"http://web.nvd.nist.gov/view/vuln/search?cpe=%s"</span>, URLEncoder.encode(newCpe4, <span class="jxr_string">"UTF-8"</span>)));
<a class="jxr_linenumber" name="328" href="#328">328</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
<a class="jxr_linenumber" name="329" href="#329">329</a> Logger.getLogger(FalsePositiveAnalyzer.<strong class="jxr_keyword">class</strong>
<a class="jxr_linenumber" name="330" href="#330">330</a> .getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="331" href="#331">331</a> }
<a class="jxr_linenumber" name="332" href="#332">332</a> }
<a class="jxr_linenumber" name="333" href="#333">333</a> }
<a class="jxr_linenumber" name="334" href="#334">334</a> }
<a class="jxr_linenumber" name="335" href="#335">335</a> }
<a class="jxr_linenumber" name="302" href="#302">302</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeWrongVersionMatches(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
<a class="jxr_linenumber" name="303" href="#303">303</a> <strong class="jxr_keyword">final</strong> Set&lt;Identifier&gt; identifiers = dependency.getIdentifiers();
<a class="jxr_linenumber" name="304" href="#304">304</a> <strong class="jxr_keyword">final</strong> Iterator&lt;Identifier&gt; itr = identifiers.iterator();
<a class="jxr_linenumber" name="305" href="#305">305</a>
<a class="jxr_linenumber" name="306" href="#306">306</a> <strong class="jxr_keyword">final</strong> String fileName = dependency.getFileName();
<a class="jxr_linenumber" name="307" href="#307">307</a> <strong class="jxr_keyword">if</strong> (fileName != <strong class="jxr_keyword">null</strong> &amp;&amp; fileName.contains(<span class="jxr_string">"axis2"</span>)) {
<a class="jxr_linenumber" name="308" href="#308">308</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
<a class="jxr_linenumber" name="309" href="#309">309</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
<a class="jxr_linenumber" name="310" href="#310">310</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
<a class="jxr_linenumber" name="311" href="#311">311</a> <strong class="jxr_keyword">final</strong> String cpe = i.getValue();
<a class="jxr_linenumber" name="312" href="#312">312</a> <strong class="jxr_keyword">if</strong> (cpe != <strong class="jxr_keyword">null</strong> &amp;&amp; (cpe.startsWith(<span class="jxr_string">"cpe:/a:apache:axis:"</span>) || <span class="jxr_string">"cpe:/a:apache:axis"</span>.equals(cpe))) {
<a class="jxr_linenumber" name="313" href="#313">313</a> itr.remove();
<a class="jxr_linenumber" name="314" href="#314">314</a> }
<a class="jxr_linenumber" name="315" href="#315">315</a> }
<a class="jxr_linenumber" name="316" href="#316">316</a> }
<a class="jxr_linenumber" name="317" href="#317">317</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (fileName != <strong class="jxr_keyword">null</strong> &amp;&amp; fileName.contains(<span class="jxr_string">"axis"</span>)) {
<a class="jxr_linenumber" name="318" href="#318">318</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
<a class="jxr_linenumber" name="319" href="#319">319</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
<a class="jxr_linenumber" name="320" href="#320">320</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
<a class="jxr_linenumber" name="321" href="#321">321</a> <strong class="jxr_keyword">final</strong> String cpe = i.getValue();
<a class="jxr_linenumber" name="322" href="#322">322</a> <strong class="jxr_keyword">if</strong> (cpe != <strong class="jxr_keyword">null</strong> &amp;&amp; (cpe.startsWith(<span class="jxr_string">"cpe:/a:apache:axis2:"</span>) || <span class="jxr_string">"cpe:/a:apache:axis2"</span>.equals(cpe))) {
<a class="jxr_linenumber" name="323" href="#323">323</a> itr.remove();
<a class="jxr_linenumber" name="324" href="#324">324</a> }
<a class="jxr_linenumber" name="325" href="#325">325</a> }
<a class="jxr_linenumber" name="326" href="#326">326</a> }
<a class="jxr_linenumber" name="327" href="#327">327</a> }
<a class="jxr_linenumber" name="328" href="#328">328</a> }
<a class="jxr_linenumber" name="329" href="#329">329</a>
<a class="jxr_linenumber" name="330" href="#330">330</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="331" href="#331">331</a> <em class="jxr_javadoccomment"> * There are some known CPE entries, specifically regarding sun and oracle</em>
<a class="jxr_linenumber" name="332" href="#332">332</a> <em class="jxr_javadoccomment"> * products due to the acquisition and changes in product names, that based</em>
<a class="jxr_linenumber" name="333" href="#333">333</a> <em class="jxr_javadoccomment"> * on given evidence we can add the related CPE entries to ensure a complete</em>
<a class="jxr_linenumber" name="334" href="#334">334</a> <em class="jxr_javadoccomment"> * list of CVE entries.</em>
<a class="jxr_linenumber" name="335" href="#335">335</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="336" href="#336">336</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="337" href="#337">337</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="338" href="#338">338</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addFalseNegativeCPEs(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
<a class="jxr_linenumber" name="339" href="#339">339</a> <strong class="jxr_keyword">final</strong> Iterator&lt;Identifier&gt; itr = dependency.getIdentifiers().iterator();
<a class="jxr_linenumber" name="340" href="#340">340</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
<a class="jxr_linenumber" name="341" href="#341">341</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
<a class="jxr_linenumber" name="342" href="#342">342</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType()) &amp;&amp; i.getValue() != <strong class="jxr_keyword">null</strong>
<a class="jxr_linenumber" name="343" href="#343">343</a> &amp;&amp; (i.getValue().startsWith(<span class="jxr_string">"cpe:/a:oracle:opensso:"</span>)
<a class="jxr_linenumber" name="344" href="#344">344</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:oracle:opensso_enterprise:"</span>)
<a class="jxr_linenumber" name="345" href="#345">345</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:sun:opensso_enterprise:"</span>)
<a class="jxr_linenumber" name="346" href="#346">346</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:sun:opensso:"</span>))) {
<a class="jxr_linenumber" name="347" href="#347">347</a> <strong class="jxr_keyword">final</strong> String newCpe = String.format(<span class="jxr_string">"cpe:/a:sun:opensso_enterprise:%s"</span>, i.getValue().substring(22));
<a class="jxr_linenumber" name="348" href="#348">348</a> <strong class="jxr_keyword">final</strong> String newCpe2 = String.format(<span class="jxr_string">"cpe:/a:oracle:opensso_enterprise:%s"</span>, i.getValue().substring(22));
<a class="jxr_linenumber" name="349" href="#349">349</a> <strong class="jxr_keyword">final</strong> String newCpe3 = String.format(<span class="jxr_string">"cpe:/a:sun:opensso:%s"</span>, i.getValue().substring(22));
<a class="jxr_linenumber" name="350" href="#350">350</a> <strong class="jxr_keyword">final</strong> String newCpe4 = String.format(<span class="jxr_string">"cpe:/a:oracle:opensso:%s"</span>, i.getValue().substring(22));
<a class="jxr_linenumber" name="351" href="#351">351</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="352" href="#352">352</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
<a class="jxr_linenumber" name="353" href="#353">353</a> newCpe,
<a class="jxr_linenumber" name="354" href="#354">354</a> String.format(<span class="jxr_string">"http://web.nvd.nist.gov/view/vuln/search?cpe=%s"</span>, URLEncoder.encode(newCpe, <span class="jxr_string">"UTF-8"</span>)));
<a class="jxr_linenumber" name="355" href="#355">355</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
<a class="jxr_linenumber" name="356" href="#356">356</a> newCpe2,
<a class="jxr_linenumber" name="357" href="#357">357</a> String.format(<span class="jxr_string">"http://web.nvd.nist.gov/view/vuln/search?cpe=%s"</span>, URLEncoder.encode(newCpe2, <span class="jxr_string">"UTF-8"</span>)));
<a class="jxr_linenumber" name="358" href="#358">358</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
<a class="jxr_linenumber" name="359" href="#359">359</a> newCpe3,
<a class="jxr_linenumber" name="360" href="#360">360</a> String.format(<span class="jxr_string">"http://web.nvd.nist.gov/view/vuln/search?cpe=%s"</span>, URLEncoder.encode(newCpe3, <span class="jxr_string">"UTF-8"</span>)));
<a class="jxr_linenumber" name="361" href="#361">361</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
<a class="jxr_linenumber" name="362" href="#362">362</a> newCpe4,
<a class="jxr_linenumber" name="363" href="#363">363</a> String.format(<span class="jxr_string">"http://web.nvd.nist.gov/view/vuln/search?cpe=%s"</span>, URLEncoder.encode(newCpe4, <span class="jxr_string">"UTF-8"</span>)));
<a class="jxr_linenumber" name="364" href="#364">364</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
<a class="jxr_linenumber" name="365" href="#365">365</a> Logger.getLogger(FalsePositiveAnalyzer.<strong class="jxr_keyword">class</strong>
<a class="jxr_linenumber" name="366" href="#366">366</a> .getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="367" href="#367">367</a> }
<a class="jxr_linenumber" name="368" href="#368">368</a> }
<a class="jxr_linenumber" name="369" href="#369">369</a> }
<a class="jxr_linenumber" name="370" href="#370">370</a> }
<a class="jxr_linenumber" name="371" href="#371">371</a> }
</pre>
<hr/><div id="footer">This page was automatically generated by <a href="http://maven.apache.org/">Maven</a></div></body>
</html>

5
dependency-check-core/xref/org/owasp/dependencycheck/analyzer/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.analyzer</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.analyzer</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -32,6 +32,9 @@
</li>
<li>
<a href="ArchiveAnalyzer.html" target="classFrame">ArchiveAnalyzer</a>
</li>
<li>
<a href="ArchiveExtractionException.html" target="classFrame">ArchiveExtractionException</a>
</li>
<li>
<a href="CPEAnalyzer.html" target="classFrame">CPEAnalyzer</a>

7
dependency-check-core/xref/org/owasp/dependencycheck/analyzer/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.analyzer</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.analyzer</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -64,6 +64,11 @@
<td>
<a href="ArchiveAnalyzer.html" target="classFrame">ArchiveAnalyzer</a>
</td>
</tr>
<tr>
<td>
<a href="ArchiveExtractionException.html" target="classFrame">ArchiveExtractionException</a>
</td>
</tr>
<tr>
<td>

2
dependency-check-core/xref/org/owasp/dependencycheck/concurrency/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.concurrency</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.concurrency</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/concurrency/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.concurrency</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.concurrency</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>

14
dependency-check-core/xref/org/owasp/dependencycheck/data/cpe/CpeIndexReader.html
View File

@@ -204,7 +204,19 @@
<a class="jxr_linenumber" name="194" href="#194">194</a> vendorSearchFieldAnalyzer.clear();
<a class="jxr_linenumber" name="195" href="#195">195</a> }
<a class="jxr_linenumber" name="196" href="#196">196</a> }
<a class="jxr_linenumber" name="197" href="#197">197</a> }
<a class="jxr_linenumber" name="197" href="#197">197</a>
<a class="jxr_linenumber" name="198" href="#198">198</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="199" href="#199">199</a> <em class="jxr_javadoccomment"> * Returns the number of CPE entries stored in the index.</em>
<a class="jxr_linenumber" name="200" href="#200">200</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="201" href="#201">201</a> <em class="jxr_javadoccomment"> * @return the number of CPE entries stored in the index</em>
<a class="jxr_linenumber" name="202" href="#202">202</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="203" href="#203">203</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">int</strong> numDocs() {
<a class="jxr_linenumber" name="204" href="#204">204</a> <strong class="jxr_keyword">if</strong> (indexReader == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="205" href="#205">205</a> <strong class="jxr_keyword">return</strong> -1;
<a class="jxr_linenumber" name="206" href="#206">206</a> }
<a class="jxr_linenumber" name="207" href="#207">207</a> <strong class="jxr_keyword">return</strong> indexReader.numDocs();
<a class="jxr_linenumber" name="208" href="#208">208</a> }
<a class="jxr_linenumber" name="209" href="#209">209</a> }
</pre>
<hr/><div id="footer">This page was automatically generated by <a href="http://maven.apache.org/">Maven</a></div></body>
</html>

2
dependency-check-core/xref/org/owasp/dependencycheck/data/cpe/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.data.cpe</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.data.cpe</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/data/cpe/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.data.cpe</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.data.cpe</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/data/cwe/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.data.cwe</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.data.cwe</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/data/cwe/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.data.cwe</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.data.cwe</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/data/lucene/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.data.lucene</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.data.lucene</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/data/lucene/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.data.lucene</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.data.lucene</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/data/nvdcve/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.data.nvdcve</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.data.nvdcve</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/data/nvdcve/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.data.nvdcve</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.data.nvdcve</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

5
dependency-check-core/xref/org/owasp/dependencycheck/data/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.data</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.data</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -17,6 +17,9 @@
<ul>
<li>
<a href="CachedWebDataSource.html" target="classFrame">CachedWebDataSource</a>
</li>
<li>
<a href="NoDataException.html" target="classFrame">NoDataException</a>
</li>
<li>
<a href="UpdateException.html" target="classFrame">UpdateException</a>

7
dependency-check-core/xref/org/owasp/dependencycheck/data/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.data</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.data</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -39,6 +39,11 @@
<td>
<a href="CachedWebDataSource.html" target="classFrame">CachedWebDataSource</a>
</td>
</tr>
<tr>
<td>
<a href="NoDataException.html" target="classFrame">NoDataException</a>
</td>
</tr>
<tr>
<td>

2
dependency-check-core/xref/org/owasp/dependencycheck/data/update/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.data.update</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.data.update</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/data/update/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.data.update</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.data.update</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/dependency/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.dependency</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.dependency</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/dependency/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.dependency</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.dependency</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/jaxb/pom/generated/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.jaxb.pom.generated</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.jaxb.pom.generated</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/jaxb/pom/generated/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.jaxb.pom.generated</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.jaxb.pom.generated</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/jaxb/pom/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.jaxb.pom</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.jaxb.pom</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/jaxb/pom/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.jaxb.pom</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.jaxb.pom</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck</title>
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck</title>
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/reporting/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.reporting</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.reporting</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/reporting/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.reporting</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.reporting</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>

386
dependency-check-core/xref/org/owasp/dependencycheck/utils/Downloader.html
View File

@@ -33,190 +33,208 @@
<a class="jxr_linenumber" name="23" href="#23">23</a> <strong class="jxr_keyword">import</strong> java.io.FileOutputStream;
<a class="jxr_linenumber" name="24" href="#24">24</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
<a class="jxr_linenumber" name="25" href="#25">25</a> <strong class="jxr_keyword">import</strong> java.io.InputStream;
<a class="jxr_linenumber" name="26" href="#26">26</a> <strong class="jxr_keyword">import</strong> java.net.HttpURLConnection;
<a class="jxr_linenumber" name="27" href="#27">27</a> <strong class="jxr_keyword">import</strong> java.net.InetSocketAddress;
<a class="jxr_linenumber" name="28" href="#28">28</a> <strong class="jxr_keyword">import</strong> java.net.Proxy;
<a class="jxr_linenumber" name="29" href="#29">29</a> <strong class="jxr_keyword">import</strong> java.net.SocketAddress;
<a class="jxr_linenumber" name="30" href="#30">30</a> <strong class="jxr_keyword">import</strong> java.net.URISyntaxException;
<a class="jxr_linenumber" name="31" href="#31">31</a> <strong class="jxr_keyword">import</strong> java.net.URL;
<a class="jxr_linenumber" name="32" href="#32">32</a> <strong class="jxr_keyword">import</strong> java.util.logging.Level;
<a class="jxr_linenumber" name="33" href="#33">33</a> <strong class="jxr_keyword">import</strong> java.util.logging.Logger;
<a class="jxr_linenumber" name="34" href="#34">34</a> <strong class="jxr_keyword">import</strong> java.util.zip.GZIPInputStream;
<a class="jxr_linenumber" name="35" href="#35">35</a> <strong class="jxr_keyword">import</strong> java.util.zip.InflaterInputStream;
<a class="jxr_linenumber" name="36" href="#36">36</a>
<a class="jxr_linenumber" name="37" href="#37">37</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="38" href="#38">38</a> <em class="jxr_javadoccomment"> * A utility to download files from the Internet.</em>
<a class="jxr_linenumber" name="39" href="#39">39</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="40" href="#40">40</a> <em class="jxr_javadoccomment"> * @author Jeremy Long (jeremy.long@owasp.org)</em>
<a class="jxr_linenumber" name="41" href="#41">41</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="42" href="#42">42</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/utils/Downloader.html">Downloader</a> {
<a class="jxr_linenumber" name="43" href="#43">43</a>
<a class="jxr_linenumber" name="44" href="#44">44</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="45" href="#45">45</a> <em class="jxr_javadoccomment"> * Private constructor for utility class.</em>
<a class="jxr_linenumber" name="46" href="#46">46</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="47" href="#47">47</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/utils/Downloader.html">Downloader</a>() {
<a class="jxr_linenumber" name="48" href="#48">48</a> }
<a class="jxr_linenumber" name="49" href="#49">49</a>
<a class="jxr_linenumber" name="50" href="#50">50</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="51" href="#51">51</a> <em class="jxr_javadoccomment"> * Retrieves a file from a given URL and saves it to the outputPath.</em>
<a class="jxr_linenumber" name="52" href="#52">52</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="53" href="#53">53</a> <em class="jxr_javadoccomment"> * @param url the URL of the file to download.</em>
<a class="jxr_linenumber" name="54" href="#54">54</a> <em class="jxr_javadoccomment"> * @param outputPath the path to the save the file to.</em>
<a class="jxr_linenumber" name="55" href="#55">55</a> <em class="jxr_javadoccomment"> * @throws DownloadFailedException is thrown if there is an error</em>
<a class="jxr_linenumber" name="56" href="#56">56</a> <em class="jxr_javadoccomment"> * downloading the file.</em>
<a class="jxr_linenumber" name="57" href="#57">57</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="58" href="#58">58</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> fetchFile(URL url, File outputPath) <strong class="jxr_keyword">throws</strong> DownloadFailedException {
<a class="jxr_linenumber" name="59" href="#59">59</a> HttpURLConnection conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="60" href="#60">60</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="61" href="#61">61</a> conn = Downloader.getConnection(url);
<a class="jxr_linenumber" name="62" href="#62">62</a> conn.setRequestProperty(<span class="jxr_string">"Accept-Encoding"</span>, <span class="jxr_string">"gzip, deflate"</span>);
<a class="jxr_linenumber" name="63" href="#63">63</a> conn.connect();
<a class="jxr_linenumber" name="64" href="#64">64</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="65" href="#65">65</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="66" href="#66">66</a> <strong class="jxr_keyword">if</strong> (conn != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="67" href="#67">67</a> conn.disconnect();
<a class="jxr_linenumber" name="68" href="#68">68</a> }
<a class="jxr_linenumber" name="69" href="#69">69</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="70" href="#70">70</a> conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="71" href="#71">71</a> }
<a class="jxr_linenumber" name="72" href="#72">72</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/DownloadFailedException.html">DownloadFailedException</a>(<span class="jxr_string">"Error downloading file."</span>, ex);
<a class="jxr_linenumber" name="73" href="#73">73</a> }
<a class="jxr_linenumber" name="74" href="#74">74</a> <strong class="jxr_keyword">final</strong> String encoding = conn.getContentEncoding();
<a class="jxr_linenumber" name="75" href="#75">75</a>
<a class="jxr_linenumber" name="76" href="#76">76</a> BufferedOutputStream writer = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="77" href="#77">77</a> InputStream reader = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="78" href="#78">78</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="79" href="#79">79</a> <strong class="jxr_keyword">if</strong> (encoding != <strong class="jxr_keyword">null</strong> &amp;&amp; <span class="jxr_string">"gzip"</span>.equalsIgnoreCase(encoding)) {
<a class="jxr_linenumber" name="80" href="#80">80</a> reader = <strong class="jxr_keyword">new</strong> GZIPInputStream(conn.getInputStream());
<a class="jxr_linenumber" name="81" href="#81">81</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (encoding != <strong class="jxr_keyword">null</strong> &amp;&amp; <span class="jxr_string">"deflate"</span>.equalsIgnoreCase(encoding)) {
<a class="jxr_linenumber" name="82" href="#82">82</a> reader = <strong class="jxr_keyword">new</strong> InflaterInputStream(conn.getInputStream());
<a class="jxr_linenumber" name="83" href="#83">83</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="84" href="#84">84</a> reader = conn.getInputStream();
<a class="jxr_linenumber" name="85" href="#85">85</a> }
<a class="jxr_linenumber" name="86" href="#86">86</a>
<a class="jxr_linenumber" name="87" href="#87">87</a> writer = <strong class="jxr_keyword">new</strong> BufferedOutputStream(<strong class="jxr_keyword">new</strong> FileOutputStream(outputPath));
<a class="jxr_linenumber" name="88" href="#88">88</a> <strong class="jxr_keyword">final</strong> byte[] buffer = <strong class="jxr_keyword">new</strong> byte[4096];
<a class="jxr_linenumber" name="89" href="#89">89</a> <strong class="jxr_keyword">int</strong> bytesRead;
<a class="jxr_linenumber" name="90" href="#90">90</a> <strong class="jxr_keyword">while</strong> ((bytesRead = reader.read(buffer)) &gt; 0) {
<a class="jxr_linenumber" name="91" href="#91">91</a> writer.write(buffer, 0, bytesRead);
<a class="jxr_linenumber" name="92" href="#92">92</a> }
<a class="jxr_linenumber" name="93" href="#93">93</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="94" href="#94">94</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/DownloadFailedException.html">DownloadFailedException</a>(<span class="jxr_string">"Error saving downloaded file."</span>, ex);
<a class="jxr_linenumber" name="95" href="#95">95</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="96" href="#96">96</a> <strong class="jxr_keyword">if</strong> (writer != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="97" href="#97">97</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="98" href="#98">98</a> writer.close();
<a class="jxr_linenumber" name="99" href="#99">99</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="100" href="#100">100</a> Logger.getLogger(Downloader.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST,
<a class="jxr_linenumber" name="101" href="#101">101</a> <span class="jxr_string">"Error closing the writer in Downloader."</span>, ex);
<a class="jxr_linenumber" name="102" href="#102">102</a> }
<a class="jxr_linenumber" name="103" href="#103">103</a> }
<a class="jxr_linenumber" name="104" href="#104">104</a> <strong class="jxr_keyword">if</strong> (reader != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="105" href="#105">105</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="106" href="#106">106</a> reader.close();
<a class="jxr_linenumber" name="107" href="#107">107</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="108" href="#108">108</a> Logger.getLogger(Downloader.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST,
<a class="jxr_linenumber" name="109" href="#109">109</a> <span class="jxr_string">"Error closing the reader in Downloader."</span>, ex);
<a class="jxr_linenumber" name="110" href="#110">110</a> }
<a class="jxr_linenumber" name="111" href="#111">111</a> }
<a class="jxr_linenumber" name="112" href="#112">112</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="113" href="#113">113</a> conn.disconnect();
<a class="jxr_linenumber" name="114" href="#114">114</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="115" href="#115">115</a> conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="116" href="#116">116</a> }
<a class="jxr_linenumber" name="117" href="#117">117</a> }
<a class="jxr_linenumber" name="118" href="#118">118</a> }
<a class="jxr_linenumber" name="119" href="#119">119</a>
<a class="jxr_linenumber" name="120" href="#120">120</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="121" href="#121">121</a> <em class="jxr_javadoccomment"> * Makes an HTTP Head request to retrieve the last modified date of the</em>
<a class="jxr_linenumber" name="122" href="#122">122</a> <em class="jxr_javadoccomment"> * given URL. If the file:// protocol is specified, then the lastTimestamp</em>
<a class="jxr_linenumber" name="123" href="#123">123</a> <em class="jxr_javadoccomment"> * of the file is returned.</em>
<a class="jxr_linenumber" name="124" href="#124">124</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="125" href="#125">125</a> <em class="jxr_javadoccomment"> * @param url the URL to retrieve the timestamp from</em>
<a class="jxr_linenumber" name="126" href="#126">126</a> <em class="jxr_javadoccomment"> * @return an epoch timestamp</em>
<a class="jxr_linenumber" name="127" href="#127">127</a> <em class="jxr_javadoccomment"> * @throws DownloadFailedException is thrown if an exception occurs making</em>
<a class="jxr_linenumber" name="128" href="#128">128</a> <em class="jxr_javadoccomment"> * the HTTP request</em>
<a class="jxr_linenumber" name="129" href="#129">129</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="130" href="#130">130</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">long</strong> getLastModified(URL url) <strong class="jxr_keyword">throws</strong> DownloadFailedException {
<a class="jxr_linenumber" name="131" href="#131">131</a> <strong class="jxr_keyword">long</strong> timestamp = 0;
<a class="jxr_linenumber" name="132" href="#132">132</a> <em class="jxr_comment">//TODO add the FPR protocol?</em>
<a class="jxr_linenumber" name="133" href="#133">133</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"file"</span>.equalsIgnoreCase(url.getProtocol())) {
<a class="jxr_linenumber" name="134" href="#134">134</a> File lastModifiedFile;
<a class="jxr_linenumber" name="135" href="#135">135</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="136" href="#136">136</a> <em class="jxr_comment">// if (System.getProperty("os.name").toLowerCase().startsWith("windows")) {</em>
<a class="jxr_linenumber" name="137" href="#137">137</a> <em class="jxr_comment">// String filePath = url.toString();</em>
<a class="jxr_linenumber" name="138" href="#138">138</a> <em class="jxr_comment">// if (filePath.matches("file://[a-zA-Z]:.*")) {</em>
<a class="jxr_linenumber" name="139" href="#139">139</a> <em class="jxr_comment">// f = new File(filePath.substring(7));</em>
<a class="jxr_linenumber" name="140" href="#140">140</a> <em class="jxr_comment">// } else {</em>
<a class="jxr_linenumber" name="141" href="#141">141</a> <em class="jxr_comment">// f = new File(url.toURI());</em>
<a class="jxr_linenumber" name="142" href="#142">142</a> <em class="jxr_comment">// }</em>
<a class="jxr_linenumber" name="143" href="#143">143</a> <em class="jxr_comment">// } else {</em>
<a class="jxr_linenumber" name="144" href="#144">144</a> lastModifiedFile = <strong class="jxr_keyword">new</strong> File(url.toURI());
<a class="jxr_linenumber" name="145" href="#145">145</a> <em class="jxr_comment">// }</em>
<a class="jxr_linenumber" name="146" href="#146">146</a> } <strong class="jxr_keyword">catch</strong> (URISyntaxException ex) {
<a class="jxr_linenumber" name="147" href="#147">147</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to locate '%s'; is the cve.url-2.0.modified property set correctly?"</span>, url.toString());
<a class="jxr_linenumber" name="148" href="#148">148</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/DownloadFailedException.html">DownloadFailedException</a>(msg);
<a class="jxr_linenumber" name="149" href="#149">149</a> }
<a class="jxr_linenumber" name="150" href="#150">150</a> timestamp = lastModifiedFile.lastModified();
<a class="jxr_linenumber" name="151" href="#151">151</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="152" href="#152">152</a> HttpURLConnection conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="153" href="#153">153</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="154" href="#154">154</a> conn = Downloader.getConnection(url);
<a class="jxr_linenumber" name="155" href="#155">155</a> conn.setRequestMethod(<span class="jxr_string">"HEAD"</span>);
<a class="jxr_linenumber" name="156" href="#156">156</a> conn.connect();
<a class="jxr_linenumber" name="157" href="#157">157</a> timestamp = conn.getLastModified();
<a class="jxr_linenumber" name="158" href="#158">158</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="159" href="#159">159</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/DownloadFailedException.html">DownloadFailedException</a>(<span class="jxr_string">"Error making HTTP HEAD request."</span>, ex);
<a class="jxr_linenumber" name="160" href="#160">160</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="161" href="#161">161</a> <strong class="jxr_keyword">if</strong> (conn != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="162" href="#162">162</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="163" href="#163">163</a> conn.disconnect();
<a class="jxr_linenumber" name="164" href="#164">164</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="165" href="#165">165</a> conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="166" href="#166">166</a> }
<a class="jxr_linenumber" name="167" href="#167">167</a> }
<a class="jxr_linenumber" name="168" href="#168">168</a> }
<a class="jxr_linenumber" name="169" href="#169">169</a> }
<a class="jxr_linenumber" name="170" href="#170">170</a> <strong class="jxr_keyword">return</strong> timestamp;
<a class="jxr_linenumber" name="171" href="#171">171</a> }
<a class="jxr_linenumber" name="172" href="#172">172</a>
<a class="jxr_linenumber" name="173" href="#173">173</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="174" href="#174">174</a> <em class="jxr_javadoccomment"> * Utility method to get an HttpURLConnection. If the app is configured to</em>
<a class="jxr_linenumber" name="175" href="#175">175</a> <em class="jxr_javadoccomment"> * use a proxy this method will retrieve the proxy settings and use them</em>
<a class="jxr_linenumber" name="176" href="#176">176</a> <em class="jxr_javadoccomment"> * when setting up the connection.</em>
<a class="jxr_linenumber" name="177" href="#177">177</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="178" href="#178">178</a> <em class="jxr_javadoccomment"> * @param url the url to connect to</em>
<a class="jxr_linenumber" name="179" href="#179">179</a> <em class="jxr_javadoccomment"> * @return an HttpURLConnection</em>
<a class="jxr_linenumber" name="180" href="#180">180</a> <em class="jxr_javadoccomment"> * @throws DownloadFailedException thrown if there is an exception</em>
<a class="jxr_linenumber" name="181" href="#181">181</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="182" href="#182">182</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> HttpURLConnection getConnection(URL url) <strong class="jxr_keyword">throws</strong> DownloadFailedException {
<a class="jxr_linenumber" name="183" href="#183">183</a> HttpURLConnection conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="184" href="#184">184</a> Proxy proxy = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="185" href="#185">185</a> <strong class="jxr_keyword">final</strong> String proxyUrl = Settings.getString(Settings.KEYS.PROXY_URL);
<a class="jxr_linenumber" name="186" href="#186">186</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="187" href="#187">187</a> <strong class="jxr_keyword">if</strong> (proxyUrl != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="188" href="#188">188</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> proxyPort = Settings.getInt(Settings.KEYS.PROXY_PORT);
<a class="jxr_linenumber" name="189" href="#189">189</a> <strong class="jxr_keyword">final</strong> SocketAddress addr = <strong class="jxr_keyword">new</strong> InetSocketAddress(proxyUrl, proxyPort);
<a class="jxr_linenumber" name="190" href="#190">190</a> proxy = <strong class="jxr_keyword">new</strong> Proxy(Proxy.Type.HTTP, addr);
<a class="jxr_linenumber" name="191" href="#191">191</a> conn = (HttpURLConnection) url.openConnection(proxy);
<a class="jxr_linenumber" name="192" href="#192">192</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="193" href="#193">193</a> conn = (HttpURLConnection) url.openConnection();
<a class="jxr_linenumber" name="194" href="#194">194</a> }
<a class="jxr_linenumber" name="195" href="#195">195</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> timeout = Settings.getInt(Settings.KEYS.CONNECTION_TIMEOUT, 60000);
<a class="jxr_linenumber" name="196" href="#196">196</a> conn.setConnectTimeout(timeout);
<a class="jxr_linenumber" name="197" href="#197">197</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="198" href="#198">198</a> <strong class="jxr_keyword">if</strong> (conn != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="199" href="#199">199</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="200" href="#200">200</a> conn.disconnect();
<a class="jxr_linenumber" name="201" href="#201">201</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="202" href="#202">202</a> conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="203" href="#203">203</a> }
<a class="jxr_linenumber" name="204" href="#204">204</a> }
<a class="jxr_linenumber" name="205" href="#205">205</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/DownloadFailedException.html">DownloadFailedException</a>(<span class="jxr_string">"Error getting connection."</span>, ex);
<a class="jxr_linenumber" name="206" href="#206">206</a> }
<a class="jxr_linenumber" name="207" href="#207">207</a> <strong class="jxr_keyword">return</strong> conn;
<a class="jxr_linenumber" name="208" href="#208">208</a> }
<a class="jxr_linenumber" name="209" href="#209">209</a> }
<a class="jxr_linenumber" name="26" href="#26">26</a> <strong class="jxr_keyword">import</strong> java.net.Authenticator;
<a class="jxr_linenumber" name="27" href="#27">27</a> <strong class="jxr_keyword">import</strong> java.net.HttpURLConnection;
<a class="jxr_linenumber" name="28" href="#28">28</a> <strong class="jxr_keyword">import</strong> java.net.InetSocketAddress;
<a class="jxr_linenumber" name="29" href="#29">29</a> <strong class="jxr_keyword">import</strong> java.net.PasswordAuthentication;
<a class="jxr_linenumber" name="30" href="#30">30</a> <strong class="jxr_keyword">import</strong> java.net.Proxy;
<a class="jxr_linenumber" name="31" href="#31">31</a> <strong class="jxr_keyword">import</strong> java.net.SocketAddress;
<a class="jxr_linenumber" name="32" href="#32">32</a> <strong class="jxr_keyword">import</strong> java.net.URISyntaxException;
<a class="jxr_linenumber" name="33" href="#33">33</a> <strong class="jxr_keyword">import</strong> java.net.URL;
<a class="jxr_linenumber" name="34" href="#34">34</a> <strong class="jxr_keyword">import</strong> java.util.logging.Level;
<a class="jxr_linenumber" name="35" href="#35">35</a> <strong class="jxr_keyword">import</strong> java.util.logging.Logger;
<a class="jxr_linenumber" name="36" href="#36">36</a> <strong class="jxr_keyword">import</strong> java.util.zip.GZIPInputStream;
<a class="jxr_linenumber" name="37" href="#37">37</a> <strong class="jxr_keyword">import</strong> java.util.zip.InflaterInputStream;
<a class="jxr_linenumber" name="38" href="#38">38</a>
<a class="jxr_linenumber" name="39" href="#39">39</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="40" href="#40">40</a> <em class="jxr_javadoccomment"> * A utility to download files from the Internet.</em>
<a class="jxr_linenumber" name="41" href="#41">41</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="42" href="#42">42</a> <em class="jxr_javadoccomment"> * @author Jeremy Long (jeremy.long@owasp.org)</em>
<a class="jxr_linenumber" name="43" href="#43">43</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="44" href="#44">44</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/utils/Downloader.html">Downloader</a> {
<a class="jxr_linenumber" name="45" href="#45">45</a>
<a class="jxr_linenumber" name="46" href="#46">46</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="47" href="#47">47</a> <em class="jxr_javadoccomment"> * Private constructor for utility class.</em>
<a class="jxr_linenumber" name="48" href="#48">48</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="49" href="#49">49</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/utils/Downloader.html">Downloader</a>() {
<a class="jxr_linenumber" name="50" href="#50">50</a> }
<a class="jxr_linenumber" name="51" href="#51">51</a>
<a class="jxr_linenumber" name="52" href="#52">52</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="53" href="#53">53</a> <em class="jxr_javadoccomment"> * Retrieves a file from a given URL and saves it to the outputPath.</em>
<a class="jxr_linenumber" name="54" href="#54">54</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="55" href="#55">55</a> <em class="jxr_javadoccomment"> * @param url the URL of the file to download.</em>
<a class="jxr_linenumber" name="56" href="#56">56</a> <em class="jxr_javadoccomment"> * @param outputPath the path to the save the file to.</em>
<a class="jxr_linenumber" name="57" href="#57">57</a> <em class="jxr_javadoccomment"> * @throws DownloadFailedException is thrown if there is an error</em>
<a class="jxr_linenumber" name="58" href="#58">58</a> <em class="jxr_javadoccomment"> * downloading the file.</em>
<a class="jxr_linenumber" name="59" href="#59">59</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="60" href="#60">60</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> fetchFile(URL url, File outputPath) <strong class="jxr_keyword">throws</strong> DownloadFailedException {
<a class="jxr_linenumber" name="61" href="#61">61</a> HttpURLConnection conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="62" href="#62">62</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="63" href="#63">63</a> conn = Downloader.getConnection(url);
<a class="jxr_linenumber" name="64" href="#64">64</a> conn.setRequestProperty(<span class="jxr_string">"Accept-Encoding"</span>, <span class="jxr_string">"gzip, deflate"</span>);
<a class="jxr_linenumber" name="65" href="#65">65</a> conn.connect();
<a class="jxr_linenumber" name="66" href="#66">66</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="67" href="#67">67</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="68" href="#68">68</a> <strong class="jxr_keyword">if</strong> (conn != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="69" href="#69">69</a> conn.disconnect();
<a class="jxr_linenumber" name="70" href="#70">70</a> }
<a class="jxr_linenumber" name="71" href="#71">71</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="72" href="#72">72</a> conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="73" href="#73">73</a> }
<a class="jxr_linenumber" name="74" href="#74">74</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/DownloadFailedException.html">DownloadFailedException</a>(<span class="jxr_string">"Error downloading file."</span>, ex);
<a class="jxr_linenumber" name="75" href="#75">75</a> }
<a class="jxr_linenumber" name="76" href="#76">76</a> <strong class="jxr_keyword">final</strong> String encoding = conn.getContentEncoding();
<a class="jxr_linenumber" name="77" href="#77">77</a>
<a class="jxr_linenumber" name="78" href="#78">78</a> BufferedOutputStream writer = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="79" href="#79">79</a> InputStream reader = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="80" href="#80">80</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="81" href="#81">81</a> <strong class="jxr_keyword">if</strong> (encoding != <strong class="jxr_keyword">null</strong> &amp;&amp; <span class="jxr_string">"gzip"</span>.equalsIgnoreCase(encoding)) {
<a class="jxr_linenumber" name="82" href="#82">82</a> reader = <strong class="jxr_keyword">new</strong> GZIPInputStream(conn.getInputStream());
<a class="jxr_linenumber" name="83" href="#83">83</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (encoding != <strong class="jxr_keyword">null</strong> &amp;&amp; <span class="jxr_string">"deflate"</span>.equalsIgnoreCase(encoding)) {
<a class="jxr_linenumber" name="84" href="#84">84</a> reader = <strong class="jxr_keyword">new</strong> InflaterInputStream(conn.getInputStream());
<a class="jxr_linenumber" name="85" href="#85">85</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="86" href="#86">86</a> reader = conn.getInputStream();
<a class="jxr_linenumber" name="87" href="#87">87</a> }
<a class="jxr_linenumber" name="88" href="#88">88</a>
<a class="jxr_linenumber" name="89" href="#89">89</a> writer = <strong class="jxr_keyword">new</strong> BufferedOutputStream(<strong class="jxr_keyword">new</strong> FileOutputStream(outputPath));
<a class="jxr_linenumber" name="90" href="#90">90</a> <strong class="jxr_keyword">final</strong> byte[] buffer = <strong class="jxr_keyword">new</strong> byte[4096];
<a class="jxr_linenumber" name="91" href="#91">91</a> <strong class="jxr_keyword">int</strong> bytesRead;
<a class="jxr_linenumber" name="92" href="#92">92</a> <strong class="jxr_keyword">while</strong> ((bytesRead = reader.read(buffer)) &gt; 0) {
<a class="jxr_linenumber" name="93" href="#93">93</a> writer.write(buffer, 0, bytesRead);
<a class="jxr_linenumber" name="94" href="#94">94</a> }
<a class="jxr_linenumber" name="95" href="#95">95</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="96" href="#96">96</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/DownloadFailedException.html">DownloadFailedException</a>(<span class="jxr_string">"Error saving downloaded file."</span>, ex);
<a class="jxr_linenumber" name="97" href="#97">97</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="98" href="#98">98</a> <strong class="jxr_keyword">if</strong> (writer != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="99" href="#99">99</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="100" href="#100">100</a> writer.close();
<a class="jxr_linenumber" name="101" href="#101">101</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="102" href="#102">102</a> Logger.getLogger(Downloader.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST,
<a class="jxr_linenumber" name="103" href="#103">103</a> <span class="jxr_string">"Error closing the writer in Downloader."</span>, ex);
<a class="jxr_linenumber" name="104" href="#104">104</a> }
<a class="jxr_linenumber" name="105" href="#105">105</a> }
<a class="jxr_linenumber" name="106" href="#106">106</a> <strong class="jxr_keyword">if</strong> (reader != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="107" href="#107">107</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="108" href="#108">108</a> reader.close();
<a class="jxr_linenumber" name="109" href="#109">109</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="110" href="#110">110</a> Logger.getLogger(Downloader.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST,
<a class="jxr_linenumber" name="111" href="#111">111</a> <span class="jxr_string">"Error closing the reader in Downloader."</span>, ex);
<a class="jxr_linenumber" name="112" href="#112">112</a> }
<a class="jxr_linenumber" name="113" href="#113">113</a> }
<a class="jxr_linenumber" name="114" href="#114">114</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="115" href="#115">115</a> conn.disconnect();
<a class="jxr_linenumber" name="116" href="#116">116</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="117" href="#117">117</a> conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="118" href="#118">118</a> }
<a class="jxr_linenumber" name="119" href="#119">119</a> }
<a class="jxr_linenumber" name="120" href="#120">120</a> }
<a class="jxr_linenumber" name="121" href="#121">121</a>
<a class="jxr_linenumber" name="122" href="#122">122</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="123" href="#123">123</a> <em class="jxr_javadoccomment"> * Makes an HTTP Head request to retrieve the last modified date of the</em>
<a class="jxr_linenumber" name="124" href="#124">124</a> <em class="jxr_javadoccomment"> * given URL. If the file:// protocol is specified, then the lastTimestamp</em>
<a class="jxr_linenumber" name="125" href="#125">125</a> <em class="jxr_javadoccomment"> * of the file is returned.</em>
<a class="jxr_linenumber" name="126" href="#126">126</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="127" href="#127">127</a> <em class="jxr_javadoccomment"> * @param url the URL to retrieve the timestamp from</em>
<a class="jxr_linenumber" name="128" href="#128">128</a> <em class="jxr_javadoccomment"> * @return an epoch timestamp</em>
<a class="jxr_linenumber" name="129" href="#129">129</a> <em class="jxr_javadoccomment"> * @throws DownloadFailedException is thrown if an exception occurs making</em>
<a class="jxr_linenumber" name="130" href="#130">130</a> <em class="jxr_javadoccomment"> * the HTTP request</em>
<a class="jxr_linenumber" name="131" href="#131">131</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="132" href="#132">132</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">long</strong> getLastModified(URL url) <strong class="jxr_keyword">throws</strong> DownloadFailedException {
<a class="jxr_linenumber" name="133" href="#133">133</a> <strong class="jxr_keyword">long</strong> timestamp = 0;
<a class="jxr_linenumber" name="134" href="#134">134</a> <em class="jxr_comment">//TODO add the FPR protocol?</em>
<a class="jxr_linenumber" name="135" href="#135">135</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"file"</span>.equalsIgnoreCase(url.getProtocol())) {
<a class="jxr_linenumber" name="136" href="#136">136</a> File lastModifiedFile;
<a class="jxr_linenumber" name="137" href="#137">137</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="138" href="#138">138</a> <em class="jxr_comment">// if (System.getProperty("os.name").toLowerCase().startsWith("windows")) {</em>
<a class="jxr_linenumber" name="139" href="#139">139</a> <em class="jxr_comment">// String filePath = url.toString();</em>
<a class="jxr_linenumber" name="140" href="#140">140</a> <em class="jxr_comment">// if (filePath.matches("file://[a-zA-Z]:.*")) {</em>
<a class="jxr_linenumber" name="141" href="#141">141</a> <em class="jxr_comment">// f = new File(filePath.substring(7));</em>
<a class="jxr_linenumber" name="142" href="#142">142</a> <em class="jxr_comment">// } else {</em>
<a class="jxr_linenumber" name="143" href="#143">143</a> <em class="jxr_comment">// f = new File(url.toURI());</em>
<a class="jxr_linenumber" name="144" href="#144">144</a> <em class="jxr_comment">// }</em>
<a class="jxr_linenumber" name="145" href="#145">145</a> <em class="jxr_comment">// } else {</em>
<a class="jxr_linenumber" name="146" href="#146">146</a> lastModifiedFile = <strong class="jxr_keyword">new</strong> File(url.toURI());
<a class="jxr_linenumber" name="147" href="#147">147</a> <em class="jxr_comment">// }</em>
<a class="jxr_linenumber" name="148" href="#148">148</a> } <strong class="jxr_keyword">catch</strong> (URISyntaxException ex) {
<a class="jxr_linenumber" name="149" href="#149">149</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to locate '%s'; is the cve.url-2.0.modified property set correctly?"</span>, url.toString());
<a class="jxr_linenumber" name="150" href="#150">150</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/DownloadFailedException.html">DownloadFailedException</a>(msg);
<a class="jxr_linenumber" name="151" href="#151">151</a> }
<a class="jxr_linenumber" name="152" href="#152">152</a> timestamp = lastModifiedFile.lastModified();
<a class="jxr_linenumber" name="153" href="#153">153</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="154" href="#154">154</a> HttpURLConnection conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="155" href="#155">155</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="156" href="#156">156</a> conn = Downloader.getConnection(url);
<a class="jxr_linenumber" name="157" href="#157">157</a> conn.setRequestMethod(<span class="jxr_string">"HEAD"</span>);
<a class="jxr_linenumber" name="158" href="#158">158</a> conn.connect();
<a class="jxr_linenumber" name="159" href="#159">159</a> timestamp = conn.getLastModified();
<a class="jxr_linenumber" name="160" href="#160">160</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="161" href="#161">161</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/DownloadFailedException.html">DownloadFailedException</a>(<span class="jxr_string">"Error making HTTP HEAD request."</span>, ex);
<a class="jxr_linenumber" name="162" href="#162">162</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="163" href="#163">163</a> <strong class="jxr_keyword">if</strong> (conn != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="164" href="#164">164</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="165" href="#165">165</a> conn.disconnect();
<a class="jxr_linenumber" name="166" href="#166">166</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="167" href="#167">167</a> conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="168" href="#168">168</a> }
<a class="jxr_linenumber" name="169" href="#169">169</a> }
<a class="jxr_linenumber" name="170" href="#170">170</a> }
<a class="jxr_linenumber" name="171" href="#171">171</a> }
<a class="jxr_linenumber" name="172" href="#172">172</a> <strong class="jxr_keyword">return</strong> timestamp;
<a class="jxr_linenumber" name="173" href="#173">173</a> }
<a class="jxr_linenumber" name="174" href="#174">174</a>
<a class="jxr_linenumber" name="175" href="#175">175</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="176" href="#176">176</a> <em class="jxr_javadoccomment"> * Utility method to get an HttpURLConnection. If the app is configured to</em>
<a class="jxr_linenumber" name="177" href="#177">177</a> <em class="jxr_javadoccomment"> * use a proxy this method will retrieve the proxy settings and use them</em>
<a class="jxr_linenumber" name="178" href="#178">178</a> <em class="jxr_javadoccomment"> * when setting up the connection.</em>
<a class="jxr_linenumber" name="179" href="#179">179</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="180" href="#180">180</a> <em class="jxr_javadoccomment"> * @param url the url to connect to</em>
<a class="jxr_linenumber" name="181" href="#181">181</a> <em class="jxr_javadoccomment"> * @return an HttpURLConnection</em>
<a class="jxr_linenumber" name="182" href="#182">182</a> <em class="jxr_javadoccomment"> * @throws DownloadFailedException thrown if there is an exception</em>
<a class="jxr_linenumber" name="183" href="#183">183</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="184" href="#184">184</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> HttpURLConnection getConnection(URL url) <strong class="jxr_keyword">throws</strong> DownloadFailedException {
<a class="jxr_linenumber" name="185" href="#185">185</a> HttpURLConnection conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="186" href="#186">186</a> Proxy proxy = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="187" href="#187">187</a> <strong class="jxr_keyword">final</strong> String proxyUrl = Settings.getString(Settings.KEYS.PROXY_URL);
<a class="jxr_linenumber" name="188" href="#188">188</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="189" href="#189">189</a> <strong class="jxr_keyword">if</strong> (proxyUrl != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="190" href="#190">190</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> proxyPort = Settings.getInt(Settings.KEYS.PROXY_PORT);
<a class="jxr_linenumber" name="191" href="#191">191</a> <strong class="jxr_keyword">final</strong> SocketAddress addr = <strong class="jxr_keyword">new</strong> InetSocketAddress(proxyUrl, proxyPort);
<a class="jxr_linenumber" name="192" href="#192">192</a>
<a class="jxr_linenumber" name="193" href="#193">193</a> <strong class="jxr_keyword">final</strong> String username = Settings.getString(Settings.KEYS.PROXY_USERNAME);
<a class="jxr_linenumber" name="194" href="#194">194</a> <strong class="jxr_keyword">final</strong> String password = Settings.getString(Settings.KEYS.PROXY_PASSWORD);
<a class="jxr_linenumber" name="195" href="#195">195</a> <strong class="jxr_keyword">if</strong> (username != <strong class="jxr_keyword">null</strong> &amp;&amp; password != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="196" href="#196">196</a> <strong class="jxr_keyword">final</strong> Authenticator auth = <strong class="jxr_keyword">new</strong> Authenticator() {
<a class="jxr_linenumber" name="197" href="#197">197</a> @Override
<a class="jxr_linenumber" name="198" href="#198">198</a> <strong class="jxr_keyword">public</strong> PasswordAuthentication getPasswordAuthentication() {
<a class="jxr_linenumber" name="199" href="#199">199</a> <strong class="jxr_keyword">if</strong> (getRequestorType().equals(RequestorType.PROXY)) {
<a class="jxr_linenumber" name="200" href="#200">200</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> PasswordAuthentication(username, password.toCharArray());
<a class="jxr_linenumber" name="201" href="#201">201</a> }
<a class="jxr_linenumber" name="202" href="#202">202</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">super</strong>.getPasswordAuthentication();
<a class="jxr_linenumber" name="203" href="#203">203</a> }
<a class="jxr_linenumber" name="204" href="#204">204</a> };
<a class="jxr_linenumber" name="205" href="#205">205</a> Authenticator.setDefault(auth);
<a class="jxr_linenumber" name="206" href="#206">206</a> }
<a class="jxr_linenumber" name="207" href="#207">207</a>
<a class="jxr_linenumber" name="208" href="#208">208</a> proxy = <strong class="jxr_keyword">new</strong> Proxy(Proxy.Type.HTTP, addr);
<a class="jxr_linenumber" name="209" href="#209">209</a> conn = (HttpURLConnection) url.openConnection(proxy);
<a class="jxr_linenumber" name="210" href="#210">210</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="211" href="#211">211</a> conn = (HttpURLConnection) url.openConnection();
<a class="jxr_linenumber" name="212" href="#212">212</a> }
<a class="jxr_linenumber" name="213" href="#213">213</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> timeout = Settings.getInt(Settings.KEYS.CONNECTION_TIMEOUT, 60000);
<a class="jxr_linenumber" name="214" href="#214">214</a> conn.setConnectTimeout(timeout);
<a class="jxr_linenumber" name="215" href="#215">215</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="216" href="#216">216</a> <strong class="jxr_keyword">if</strong> (conn != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="217" href="#217">217</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="218" href="#218">218</a> conn.disconnect();
<a class="jxr_linenumber" name="219" href="#219">219</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="220" href="#220">220</a> conn = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="221" href="#221">221</a> }
<a class="jxr_linenumber" name="222" href="#222">222</a> }
<a class="jxr_linenumber" name="223" href="#223">223</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/DownloadFailedException.html">DownloadFailedException</a>(<span class="jxr_string">"Error getting connection."</span>, ex);
<a class="jxr_linenumber" name="224" href="#224">224</a> }
<a class="jxr_linenumber" name="225" href="#225">225</a> <strong class="jxr_keyword">return</strong> conn;
<a class="jxr_linenumber" name="226" href="#226">226</a> }
<a class="jxr_linenumber" name="227" href="#227">227</a> }
</pre>
<hr/><div id="footer">This page was automatically generated by <a href="http://maven.apache.org/">Maven</a></div></body>
</html>

60
dependency-check-core/xref/org/owasp/dependencycheck/utils/LogUtils.html
View File

@@ -60,29 +60,43 @@
<a class="jxr_linenumber" name="50" href="#50">50</a> LogManager.getLogManager().reset();
<a class="jxr_linenumber" name="51" href="#51">51</a> LogManager.getLogManager().readConfiguration(in);
<a class="jxr_linenumber" name="52" href="#52">52</a> <strong class="jxr_keyword">if</strong> (verboseLogFile != <strong class="jxr_keyword">null</strong> &amp;&amp; !verboseLogFile.isEmpty()) {
<a class="jxr_linenumber" name="53" href="#53">53</a> <strong class="jxr_keyword">final</strong> Logger logger = Logger.getLogger(<span class="jxr_string">""</span>);
<a class="jxr_linenumber" name="54" href="#54">54</a> <strong class="jxr_keyword">final</strong> FileHandler handler = <strong class="jxr_keyword">new</strong> FileHandler(verboseLogFile, <strong class="jxr_keyword">true</strong>);
<a class="jxr_linenumber" name="55" href="#55">55</a> handler.setFormatter(<strong class="jxr_keyword">new</strong> SimpleFormatter());
<a class="jxr_linenumber" name="56" href="#56">56</a> handler.setLevel(Level.FINE);
<a class="jxr_linenumber" name="57" href="#57">57</a> handler.setFilter(<strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/LogFilter.html">LogFilter</a>());
<a class="jxr_linenumber" name="58" href="#58">58</a> logger.addHandler(handler);
<a class="jxr_linenumber" name="59" href="#59">59</a> logger.setLevel(Level.FINE);
<a class="jxr_linenumber" name="60" href="#60">60</a> }
<a class="jxr_linenumber" name="61" href="#61">61</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="62" href="#62">62</a> Logger.getLogger(LogUtils.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <span class="jxr_string">"IO Error preparing the logger"</span>, ex);
<a class="jxr_linenumber" name="63" href="#63">63</a> } <strong class="jxr_keyword">catch</strong> (SecurityException ex) {
<a class="jxr_linenumber" name="64" href="#64">64</a> Logger.getLogger(LogUtils.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <span class="jxr_string">"Error preparing the logger"</span>, ex);
<a class="jxr_linenumber" name="65" href="#65">65</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="66" href="#66">66</a> <strong class="jxr_keyword">if</strong> (in != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="67" href="#67">67</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="68" href="#68">68</a> in.close();
<a class="jxr_linenumber" name="69" href="#69">69</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="70" href="#70">70</a> Logger.getLogger(LogUtils.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <span class="jxr_string">"Error closing resource stream"</span>, ex);
<a class="jxr_linenumber" name="71" href="#71">71</a> }
<a class="jxr_linenumber" name="72" href="#72">72</a> }
<a class="jxr_linenumber" name="73" href="#73">73</a> }
<a class="jxr_linenumber" name="74" href="#74">74</a> }
<a class="jxr_linenumber" name="75" href="#75">75</a> }
<a class="jxr_linenumber" name="53" href="#53">53</a> verboseLoggingEnabled = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="54" href="#54">54</a> <strong class="jxr_keyword">final</strong> Logger logger = Logger.getLogger(<span class="jxr_string">""</span>);
<a class="jxr_linenumber" name="55" href="#55">55</a> <strong class="jxr_keyword">final</strong> FileHandler handler = <strong class="jxr_keyword">new</strong> FileHandler(verboseLogFile, <strong class="jxr_keyword">true</strong>);
<a class="jxr_linenumber" name="56" href="#56">56</a> handler.setFormatter(<strong class="jxr_keyword">new</strong> SimpleFormatter());
<a class="jxr_linenumber" name="57" href="#57">57</a> handler.setLevel(Level.FINE);
<a class="jxr_linenumber" name="58" href="#58">58</a> handler.setFilter(<strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/LogFilter.html">LogFilter</a>());
<a class="jxr_linenumber" name="59" href="#59">59</a> logger.addHandler(handler);
<a class="jxr_linenumber" name="60" href="#60">60</a> logger.setLevel(Level.FINE);
<a class="jxr_linenumber" name="61" href="#61">61</a> }
<a class="jxr_linenumber" name="62" href="#62">62</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="63" href="#63">63</a> Logger.getLogger(LogUtils.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <span class="jxr_string">"IO Error preparing the logger"</span>, ex);
<a class="jxr_linenumber" name="64" href="#64">64</a> } <strong class="jxr_keyword">catch</strong> (SecurityException ex) {
<a class="jxr_linenumber" name="65" href="#65">65</a> Logger.getLogger(LogUtils.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <span class="jxr_string">"Error preparing the logger"</span>, ex);
<a class="jxr_linenumber" name="66" href="#66">66</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="67" href="#67">67</a> <strong class="jxr_keyword">if</strong> (in != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="68" href="#68">68</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="69" href="#69">69</a> in.close();
<a class="jxr_linenumber" name="70" href="#70">70</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
<a class="jxr_linenumber" name="71" href="#71">71</a> Logger.getLogger(LogUtils.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <span class="jxr_string">"Error closing resource stream"</span>, ex);
<a class="jxr_linenumber" name="72" href="#72">72</a> }
<a class="jxr_linenumber" name="73" href="#73">73</a> }
<a class="jxr_linenumber" name="74" href="#74">74</a> }
<a class="jxr_linenumber" name="75" href="#75">75</a> }
<a class="jxr_linenumber" name="76" href="#76">76</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="77" href="#77">77</a> <em class="jxr_javadoccomment"> * Whether or not verbose logging is enabled.</em>
<a class="jxr_linenumber" name="78" href="#78">78</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="79" href="#79">79</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">boolean</strong> verboseLoggingEnabled = false;
<a class="jxr_linenumber" name="80" href="#80">80</a>
<a class="jxr_linenumber" name="81" href="#81">81</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="82" href="#82">82</a> <em class="jxr_javadoccomment"> * Get the value of verboseLoggingEnabled.</em>
<a class="jxr_linenumber" name="83" href="#83">83</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="84" href="#84">84</a> <em class="jxr_javadoccomment"> * @return the value of verboseLoggingEnabled</em>
<a class="jxr_linenumber" name="85" href="#85">85</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="86" href="#86">86</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">boolean</strong> isVerboseLoggingEnabled() {
<a class="jxr_linenumber" name="87" href="#87">87</a> <strong class="jxr_keyword">return</strong> verboseLoggingEnabled;
<a class="jxr_linenumber" name="88" href="#88">88</a> }
<a class="jxr_linenumber" name="89" href="#89">89</a> }
</pre>
<hr/><div id="footer">This page was automatically generated by <a href="http://maven.apache.org/">Maven</a></div></body>
</html>

608
dependency-check-core/xref/org/owasp/dependencycheck/utils/Settings.html
View File

@@ -136,312 +136,320 @@
<a class="jxr_linenumber" name="126" href="#126">126</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="127" href="#127">127</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String PROXY_PORT = <span class="jxr_string">"proxy.port"</span>;
<a class="jxr_linenumber" name="128" href="#128">128</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="129" href="#129">129</a> <em class="jxr_javadoccomment"> * The properties key for the connection timeout.</em>
<a class="jxr_linenumber" name="129" href="#129">129</a> <em class="jxr_javadoccomment"> * The properties key for the proxy username.</em>
<a class="jxr_linenumber" name="130" href="#130">130</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="131" href="#131">131</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONNECTION_TIMEOUT = <span class="jxr_string">"connection.timeout"</span>;
<a class="jxr_linenumber" name="131" href="#131">131</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String PROXY_USERNAME = <span class="jxr_string">"proxy.username"</span>;
<a class="jxr_linenumber" name="132" href="#132">132</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="133" href="#133">133</a> <em class="jxr_javadoccomment"> * The location of the temporary directory.</em>
<a class="jxr_linenumber" name="133" href="#133">133</a> <em class="jxr_javadoccomment"> * The properties key for the proxy password.</em>
<a class="jxr_linenumber" name="134" href="#134">134</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="135" href="#135">135</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String TEMP_DIRECTORY = <span class="jxr_string">"temp.directory"</span>;
<a class="jxr_linenumber" name="136" href="#136">136</a> }
<a class="jxr_linenumber" name="137" href="#137">137</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="138" href="#138">138</a> <em class="jxr_javadoccomment"> * The properties file location.</em>
<a class="jxr_linenumber" name="139" href="#139">139</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="140" href="#140">140</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String PROPERTIES_FILE = <span class="jxr_string">"dependencycheck.properties"</span>;
<a class="jxr_linenumber" name="141" href="#141">141</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="142" href="#142">142</a> <em class="jxr_javadoccomment"> * The singleton instance variable.</em>
<a class="jxr_linenumber" name="143" href="#143">143</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="144" href="#144">144</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/utils/Settings.html">Settings</a> INSTANCE = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/Settings.html">Settings</a>();
<a class="jxr_linenumber" name="135" href="#135">135</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String PROXY_PASSWORD = <span class="jxr_string">"proxy.password"</span>;
<a class="jxr_linenumber" name="136" href="#136">136</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="137" href="#137">137</a> <em class="jxr_javadoccomment"> * The properties key for the connection timeout.</em>
<a class="jxr_linenumber" name="138" href="#138">138</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="139" href="#139">139</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONNECTION_TIMEOUT = <span class="jxr_string">"connection.timeout"</span>;
<a class="jxr_linenumber" name="140" href="#140">140</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="141" href="#141">141</a> <em class="jxr_javadoccomment"> * The location of the temporary directory.</em>
<a class="jxr_linenumber" name="142" href="#142">142</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="143" href="#143">143</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String TEMP_DIRECTORY = <span class="jxr_string">"temp.directory"</span>;
<a class="jxr_linenumber" name="144" href="#144">144</a> }
<a class="jxr_linenumber" name="145" href="#145">145</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="146" href="#146">146</a> <em class="jxr_javadoccomment"> * The properties.</em>
<a class="jxr_linenumber" name="146" href="#146">146</a> <em class="jxr_javadoccomment"> * The properties file location.</em>
<a class="jxr_linenumber" name="147" href="#147">147</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="148" href="#148">148</a> <strong class="jxr_keyword">private</strong> Properties props = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="149" href="#149">149</a>
<a class="jxr_linenumber" name="150" href="#150">150</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="151" href="#151">151</a> <em class="jxr_javadoccomment"> * Private constructor for the Settings class. This class loads the</em>
<a class="jxr_linenumber" name="152" href="#152">152</a> <em class="jxr_javadoccomment"> * properties files.</em>
<a class="jxr_linenumber" name="153" href="#153">153</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="154" href="#154">154</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/utils/Settings.html">Settings</a>() {
<a class="jxr_linenumber" name="155" href="#155">155</a> InputStream in = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="156" href="#156">156</a> props = <strong class="jxr_keyword">new</strong> Properties();
<a class="jxr_linenumber" name="157" href="#157">157</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="158" href="#158">158</a> in = <strong class="jxr_keyword">this</strong>.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE);
<a class="jxr_linenumber" name="159" href="#159">159</a> props.load(in);
<a class="jxr_linenumber" name="160" href="#160">160</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="161" href="#161">161</a> Logger.getLogger(Settings.<strong class="jxr_keyword">class</strong>.getName()).log(Level.SEVERE, <span class="jxr_string">"Unable to load default settings."</span>);
<a class="jxr_linenumber" name="162" href="#162">162</a> Logger.getLogger(Settings.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="163" href="#163">163</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="164" href="#164">164</a> <strong class="jxr_keyword">if</strong> (in != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="165" href="#165">165</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="166" href="#166">166</a> in.close();
<a class="jxr_linenumber" name="167" href="#167">167</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="168" href="#168">168</a> Logger.getLogger(Settings.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="169" href="#169">169</a> }
<a class="jxr_linenumber" name="170" href="#170">170</a> }
<a class="jxr_linenumber" name="171" href="#171">171</a> }
<a class="jxr_linenumber" name="172" href="#172">172</a> }
<a class="jxr_linenumber" name="173" href="#173">173</a>
<a class="jxr_linenumber" name="174" href="#174">174</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="175" href="#175">175</a> <em class="jxr_javadoccomment"> * Sets a property value.</em>
<a class="jxr_linenumber" name="176" href="#176">176</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="177" href="#177">177</a> <em class="jxr_javadoccomment"> * @param key the key for the property</em>
<a class="jxr_linenumber" name="178" href="#178">178</a> <em class="jxr_javadoccomment"> * @param value the value for the property</em>
<a class="jxr_linenumber" name="179" href="#179">179</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="180" href="#180">180</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> setString(String key, String value) {
<a class="jxr_linenumber" name="181" href="#181">181</a> INSTANCE.props.setProperty(key, value);
<a class="jxr_linenumber" name="182" href="#182">182</a> }
<a class="jxr_linenumber" name="183" href="#183">183</a>
<a class="jxr_linenumber" name="184" href="#184">184</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="185" href="#185">185</a> <em class="jxr_javadoccomment"> * Sets a property value.</em>
<a class="jxr_linenumber" name="186" href="#186">186</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="187" href="#187">187</a> <em class="jxr_javadoccomment"> * @param key the key for the property</em>
<a class="jxr_linenumber" name="188" href="#188">188</a> <em class="jxr_javadoccomment"> * @param value the value for the property</em>
<a class="jxr_linenumber" name="189" href="#189">189</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="190" href="#190">190</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> setBoolean(String key, <strong class="jxr_keyword">boolean</strong> value) {
<a class="jxr_linenumber" name="191" href="#191">191</a> <strong class="jxr_keyword">if</strong> (value) {
<a class="jxr_linenumber" name="192" href="#192">192</a> INSTANCE.props.setProperty(key, Boolean.TRUE.toString());
<a class="jxr_linenumber" name="193" href="#193">193</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="194" href="#194">194</a> INSTANCE.props.setProperty(key, Boolean.FALSE.toString());
<a class="jxr_linenumber" name="195" href="#195">195</a> }
<a class="jxr_linenumber" name="196" href="#196">196</a> }
<a class="jxr_linenumber" name="197" href="#197">197</a>
<a class="jxr_linenumber" name="198" href="#198">198</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="199" href="#199">199</a> <em class="jxr_javadoccomment"> * Merges a new properties file into the current properties. This method</em>
<a class="jxr_linenumber" name="200" href="#200">200</a> <em class="jxr_javadoccomment"> * allows for the loading of a user provided properties file.&lt;br/&gt;&lt;br/&gt;</em>
<a class="jxr_linenumber" name="201" href="#201">201</a> <em class="jxr_javadoccomment"> * Note: even if using this method - system properties will be loaded before</em>
<a class="jxr_linenumber" name="202" href="#202">202</a> <em class="jxr_javadoccomment"> * properties loaded from files.</em>
<a class="jxr_linenumber" name="203" href="#203">203</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="204" href="#204">204</a> <em class="jxr_javadoccomment"> * @param filePath the path to the properties file to merge.</em>
<a class="jxr_linenumber" name="205" href="#205">205</a> <em class="jxr_javadoccomment"> * @throws FileNotFoundException is thrown when the filePath points to a</em>
<a class="jxr_linenumber" name="206" href="#206">206</a> <em class="jxr_javadoccomment"> * non-existent file</em>
<a class="jxr_linenumber" name="207" href="#207">207</a> <em class="jxr_javadoccomment"> * @throws IOException is thrown when there is an exception loading/merging</em>
<a class="jxr_linenumber" name="208" href="#208">208</a> <em class="jxr_javadoccomment"> * the properties</em>
<a class="jxr_linenumber" name="209" href="#209">209</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="210" href="#210">210</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> mergeProperties(File filePath) <strong class="jxr_keyword">throws</strong> FileNotFoundException, IOException {
<a class="jxr_linenumber" name="211" href="#211">211</a> <strong class="jxr_keyword">final</strong> FileInputStream fis = <strong class="jxr_keyword">new</strong> FileInputStream(filePath);
<a class="jxr_linenumber" name="212" href="#212">212</a> mergeProperties(fis);
<a class="jxr_linenumber" name="213" href="#213">213</a> }
<a class="jxr_linenumber" name="214" href="#214">214</a>
<a class="jxr_linenumber" name="215" href="#215">215</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="216" href="#216">216</a> <em class="jxr_javadoccomment"> * Merges a new properties file into the current properties. This method</em>
<a class="jxr_linenumber" name="217" href="#217">217</a> <em class="jxr_javadoccomment"> * allows for the loading of a user provided properties file.&lt;br/&gt;&lt;br/&gt;</em>
<a class="jxr_linenumber" name="218" href="#218">218</a> <em class="jxr_javadoccomment"> * Note: even if using this method - system properties will be loaded before</em>
<a class="jxr_linenumber" name="219" href="#219">219</a> <em class="jxr_javadoccomment"> * properties loaded from files.</em>
<a class="jxr_linenumber" name="220" href="#220">220</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="221" href="#221">221</a> <em class="jxr_javadoccomment"> * @param filePath the path to the properties file to merge.</em>
<a class="jxr_linenumber" name="222" href="#222">222</a> <em class="jxr_javadoccomment"> * @throws FileNotFoundException is thrown when the filePath points to a</em>
<a class="jxr_linenumber" name="223" href="#223">223</a> <em class="jxr_javadoccomment"> * non-existent file</em>
<a class="jxr_linenumber" name="224" href="#224">224</a> <em class="jxr_javadoccomment"> * @throws IOException is thrown when there is an exception loading/merging</em>
<a class="jxr_linenumber" name="225" href="#225">225</a> <em class="jxr_javadoccomment"> * the properties</em>
<a class="jxr_linenumber" name="226" href="#226">226</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="227" href="#227">227</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> mergeProperties(String filePath) <strong class="jxr_keyword">throws</strong> FileNotFoundException, IOException {
<a class="jxr_linenumber" name="228" href="#228">228</a> <strong class="jxr_keyword">final</strong> FileInputStream fis = <strong class="jxr_keyword">new</strong> FileInputStream(filePath);
<a class="jxr_linenumber" name="229" href="#229">229</a> mergeProperties(fis);
<a class="jxr_linenumber" name="230" href="#230">230</a> }
<a class="jxr_linenumber" name="231" href="#231">231</a>
<a class="jxr_linenumber" name="232" href="#232">232</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="233" href="#233">233</a> <em class="jxr_javadoccomment"> * Merges a new properties file into the current properties. This method</em>
<a class="jxr_linenumber" name="234" href="#234">234</a> <em class="jxr_javadoccomment"> * allows for the loading of a user provided properties file.&lt;br/&gt;&lt;br/&gt;</em>
<a class="jxr_linenumber" name="235" href="#235">235</a> <em class="jxr_javadoccomment"> * Note: even if using this method - system properties will be loaded before</em>
<a class="jxr_linenumber" name="236" href="#236">236</a> <em class="jxr_javadoccomment"> * properties loaded from files.</em>
<a class="jxr_linenumber" name="237" href="#237">237</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="238" href="#238">238</a> <em class="jxr_javadoccomment"> * @param stream an Input Stream pointing at a properties file to merge</em>
<a class="jxr_linenumber" name="239" href="#239">239</a> <em class="jxr_javadoccomment"> * @throws IOException is thrown when there is an exception loading/merging</em>
<a class="jxr_linenumber" name="240" href="#240">240</a> <em class="jxr_javadoccomment"> * the properties</em>
<a class="jxr_linenumber" name="241" href="#241">241</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="242" href="#242">242</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> mergeProperties(InputStream stream) <strong class="jxr_keyword">throws</strong> IOException {
<a class="jxr_linenumber" name="243" href="#243">243</a> INSTANCE.props.load(stream);
<a class="jxr_linenumber" name="244" href="#244">244</a> }
<a class="jxr_linenumber" name="245" href="#245">245</a>
<a class="jxr_linenumber" name="246" href="#246">246</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="247" href="#247">247</a> <em class="jxr_javadoccomment"> * Returns a value from the properties file as a File object. If the value</em>
<a class="jxr_linenumber" name="248" href="#248">248</a> <em class="jxr_javadoccomment"> * was specified as a system property or passed in via the -Dprop=value</em>
<a class="jxr_linenumber" name="249" href="#249">249</a> <em class="jxr_javadoccomment"> * argument - this method will return the value from the system properties</em>
<a class="jxr_linenumber" name="250" href="#250">250</a> <em class="jxr_javadoccomment"> * before the values in the contained configuration file.</em>
<a class="jxr_linenumber" name="251" href="#251">251</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="252" href="#252">252</a> <em class="jxr_javadoccomment"> * This method will also replace a leading "[JAR]\&quot; sequence with the path</em>
<a class="jxr_linenumber" name="253" href="#253">253</a> <em class="jxr_javadoccomment"> * to the folder containing the JAR file containing this class.</em>
<a class="jxr_linenumber" name="254" href="#254">254</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="255" href="#255">255</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="256" href="#256">256</a> <em class="jxr_javadoccomment"> * @return the property from the properties file converted to a File object</em>
<a class="jxr_linenumber" name="257" href="#257">257</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="258" href="#258">258</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> File getFile(String key) {
<a class="jxr_linenumber" name="259" href="#259">259</a> <strong class="jxr_keyword">final</strong> String file = getString(key);
<a class="jxr_linenumber" name="260" href="#260">260</a> <strong class="jxr_keyword">final</strong> String baseDir = getString(Settings.KEYS.DATA_DIRECTORY);
<a class="jxr_linenumber" name="261" href="#261">261</a> <strong class="jxr_keyword">if</strong> (baseDir != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="262" href="#262">262</a> <strong class="jxr_keyword">if</strong> (baseDir.startsWith(<span class="jxr_string">"[JAR]/"</span>)) {
<a class="jxr_linenumber" name="263" href="#263">263</a> <strong class="jxr_keyword">final</strong> File jarPath = getJarPath();
<a class="jxr_linenumber" name="264" href="#264">264</a> <strong class="jxr_keyword">final</strong> File newBase = <strong class="jxr_keyword">new</strong> File(jarPath, baseDir.substring(6));
<a class="jxr_linenumber" name="265" href="#265">265</a> <strong class="jxr_keyword">if</strong> (Settings.KEYS.DATA_DIRECTORY.equals(key)) {
<a class="jxr_linenumber" name="266" href="#266">266</a> <strong class="jxr_keyword">return</strong> newBase;
<a class="jxr_linenumber" name="267" href="#267">267</a> }
<a class="jxr_linenumber" name="268" href="#268">268</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> File(newBase, file);
<a class="jxr_linenumber" name="269" href="#269">269</a> }
<a class="jxr_linenumber" name="270" href="#270">270</a> <strong class="jxr_keyword">if</strong> (Settings.KEYS.DATA_DIRECTORY.equals(key)) {
<a class="jxr_linenumber" name="271" href="#271">271</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> File(baseDir);
<a class="jxr_linenumber" name="272" href="#272">272</a> }
<a class="jxr_linenumber" name="273" href="#273">273</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> File(baseDir, file);
<a class="jxr_linenumber" name="274" href="#274">274</a> }
<a class="jxr_linenumber" name="275" href="#275">275</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> File(file);
<a class="jxr_linenumber" name="276" href="#276">276</a> }
<a class="jxr_linenumber" name="277" href="#277">277</a>
<a class="jxr_linenumber" name="278" href="#278">278</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="279" href="#279">279</a> <em class="jxr_javadoccomment"> * Attempts to retrieve the folder containing the Jar file containing the</em>
<a class="jxr_linenumber" name="280" href="#280">280</a> <em class="jxr_javadoccomment"> * Settings class.</em>
<a class="jxr_linenumber" name="281" href="#281">281</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="282" href="#282">282</a> <em class="jxr_javadoccomment"> * @return a File object</em>
<a class="jxr_linenumber" name="283" href="#283">283</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="284" href="#284">284</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> File getJarPath() {
<a class="jxr_linenumber" name="285" href="#285">285</a> <strong class="jxr_keyword">final</strong> String jarPath = Settings.<strong class="jxr_keyword">class</strong>.getProtectionDomain().getCodeSource().getLocation().getPath();
<a class="jxr_linenumber" name="286" href="#286">286</a> String decodedPath = <span class="jxr_string">"."</span>;
<a class="jxr_linenumber" name="287" href="#287">287</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="288" href="#288">288</a> decodedPath = URLDecoder.decode(jarPath, <span class="jxr_string">"UTF-8"</span>);
<a class="jxr_linenumber" name="289" href="#289">289</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
<a class="jxr_linenumber" name="290" href="#290">290</a> Logger.getLogger(Settings.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="291" href="#291">291</a> }
<a class="jxr_linenumber" name="292" href="#292">292</a>
<a class="jxr_linenumber" name="293" href="#293">293</a> <strong class="jxr_keyword">final</strong> File path = <strong class="jxr_keyword">new</strong> File(decodedPath);
<a class="jxr_linenumber" name="294" href="#294">294</a> <strong class="jxr_keyword">if</strong> (path.getName().toLowerCase().endsWith(<span class="jxr_string">".jar"</span>)) {
<a class="jxr_linenumber" name="295" href="#295">295</a> <strong class="jxr_keyword">return</strong> path.getParentFile();
<a class="jxr_linenumber" name="296" href="#296">296</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="297" href="#297">297</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> File(<span class="jxr_string">"."</span>);
<a class="jxr_linenumber" name="298" href="#298">298</a> }
<a class="jxr_linenumber" name="299" href="#299">299</a> }
<a class="jxr_linenumber" name="148" href="#148">148</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String PROPERTIES_FILE = <span class="jxr_string">"dependencycheck.properties"</span>;
<a class="jxr_linenumber" name="149" href="#149">149</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="150" href="#150">150</a> <em class="jxr_javadoccomment"> * The singleton instance variable.</em>
<a class="jxr_linenumber" name="151" href="#151">151</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="152" href="#152">152</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/utils/Settings.html">Settings</a> INSTANCE = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/Settings.html">Settings</a>();
<a class="jxr_linenumber" name="153" href="#153">153</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="154" href="#154">154</a> <em class="jxr_javadoccomment"> * The properties.</em>
<a class="jxr_linenumber" name="155" href="#155">155</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="156" href="#156">156</a> <strong class="jxr_keyword">private</strong> Properties props = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="157" href="#157">157</a>
<a class="jxr_linenumber" name="158" href="#158">158</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="159" href="#159">159</a> <em class="jxr_javadoccomment"> * Private constructor for the Settings class. This class loads the</em>
<a class="jxr_linenumber" name="160" href="#160">160</a> <em class="jxr_javadoccomment"> * properties files.</em>
<a class="jxr_linenumber" name="161" href="#161">161</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="162" href="#162">162</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/utils/Settings.html">Settings</a>() {
<a class="jxr_linenumber" name="163" href="#163">163</a> InputStream in = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="164" href="#164">164</a> props = <strong class="jxr_keyword">new</strong> Properties();
<a class="jxr_linenumber" name="165" href="#165">165</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="166" href="#166">166</a> in = <strong class="jxr_keyword">this</strong>.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE);
<a class="jxr_linenumber" name="167" href="#167">167</a> props.load(in);
<a class="jxr_linenumber" name="168" href="#168">168</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="169" href="#169">169</a> Logger.getLogger(Settings.<strong class="jxr_keyword">class</strong>.getName()).log(Level.SEVERE, <span class="jxr_string">"Unable to load default settings."</span>);
<a class="jxr_linenumber" name="170" href="#170">170</a> Logger.getLogger(Settings.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="171" href="#171">171</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="172" href="#172">172</a> <strong class="jxr_keyword">if</strong> (in != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="173" href="#173">173</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="174" href="#174">174</a> in.close();
<a class="jxr_linenumber" name="175" href="#175">175</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="176" href="#176">176</a> Logger.getLogger(Settings.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="177" href="#177">177</a> }
<a class="jxr_linenumber" name="178" href="#178">178</a> }
<a class="jxr_linenumber" name="179" href="#179">179</a> }
<a class="jxr_linenumber" name="180" href="#180">180</a> }
<a class="jxr_linenumber" name="181" href="#181">181</a>
<a class="jxr_linenumber" name="182" href="#182">182</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="183" href="#183">183</a> <em class="jxr_javadoccomment"> * Sets a property value.</em>
<a class="jxr_linenumber" name="184" href="#184">184</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="185" href="#185">185</a> <em class="jxr_javadoccomment"> * @param key the key for the property</em>
<a class="jxr_linenumber" name="186" href="#186">186</a> <em class="jxr_javadoccomment"> * @param value the value for the property</em>
<a class="jxr_linenumber" name="187" href="#187">187</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="188" href="#188">188</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> setString(String key, String value) {
<a class="jxr_linenumber" name="189" href="#189">189</a> INSTANCE.props.setProperty(key, value);
<a class="jxr_linenumber" name="190" href="#190">190</a> }
<a class="jxr_linenumber" name="191" href="#191">191</a>
<a class="jxr_linenumber" name="192" href="#192">192</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="193" href="#193">193</a> <em class="jxr_javadoccomment"> * Sets a property value.</em>
<a class="jxr_linenumber" name="194" href="#194">194</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="195" href="#195">195</a> <em class="jxr_javadoccomment"> * @param key the key for the property</em>
<a class="jxr_linenumber" name="196" href="#196">196</a> <em class="jxr_javadoccomment"> * @param value the value for the property</em>
<a class="jxr_linenumber" name="197" href="#197">197</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="198" href="#198">198</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> setBoolean(String key, <strong class="jxr_keyword">boolean</strong> value) {
<a class="jxr_linenumber" name="199" href="#199">199</a> <strong class="jxr_keyword">if</strong> (value) {
<a class="jxr_linenumber" name="200" href="#200">200</a> INSTANCE.props.setProperty(key, Boolean.TRUE.toString());
<a class="jxr_linenumber" name="201" href="#201">201</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="202" href="#202">202</a> INSTANCE.props.setProperty(key, Boolean.FALSE.toString());
<a class="jxr_linenumber" name="203" href="#203">203</a> }
<a class="jxr_linenumber" name="204" href="#204">204</a> }
<a class="jxr_linenumber" name="205" href="#205">205</a>
<a class="jxr_linenumber" name="206" href="#206">206</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="207" href="#207">207</a> <em class="jxr_javadoccomment"> * Merges a new properties file into the current properties. This method</em>
<a class="jxr_linenumber" name="208" href="#208">208</a> <em class="jxr_javadoccomment"> * allows for the loading of a user provided properties file.&lt;br/&gt;&lt;br/&gt;</em>
<a class="jxr_linenumber" name="209" href="#209">209</a> <em class="jxr_javadoccomment"> * Note: even if using this method - system properties will be loaded before</em>
<a class="jxr_linenumber" name="210" href="#210">210</a> <em class="jxr_javadoccomment"> * properties loaded from files.</em>
<a class="jxr_linenumber" name="211" href="#211">211</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="212" href="#212">212</a> <em class="jxr_javadoccomment"> * @param filePath the path to the properties file to merge.</em>
<a class="jxr_linenumber" name="213" href="#213">213</a> <em class="jxr_javadoccomment"> * @throws FileNotFoundException is thrown when the filePath points to a</em>
<a class="jxr_linenumber" name="214" href="#214">214</a> <em class="jxr_javadoccomment"> * non-existent file</em>
<a class="jxr_linenumber" name="215" href="#215">215</a> <em class="jxr_javadoccomment"> * @throws IOException is thrown when there is an exception loading/merging</em>
<a class="jxr_linenumber" name="216" href="#216">216</a> <em class="jxr_javadoccomment"> * the properties</em>
<a class="jxr_linenumber" name="217" href="#217">217</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="218" href="#218">218</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> mergeProperties(File filePath) <strong class="jxr_keyword">throws</strong> FileNotFoundException, IOException {
<a class="jxr_linenumber" name="219" href="#219">219</a> <strong class="jxr_keyword">final</strong> FileInputStream fis = <strong class="jxr_keyword">new</strong> FileInputStream(filePath);
<a class="jxr_linenumber" name="220" href="#220">220</a> mergeProperties(fis);
<a class="jxr_linenumber" name="221" href="#221">221</a> }
<a class="jxr_linenumber" name="222" href="#222">222</a>
<a class="jxr_linenumber" name="223" href="#223">223</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="224" href="#224">224</a> <em class="jxr_javadoccomment"> * Merges a new properties file into the current properties. This method</em>
<a class="jxr_linenumber" name="225" href="#225">225</a> <em class="jxr_javadoccomment"> * allows for the loading of a user provided properties file.&lt;br/&gt;&lt;br/&gt;</em>
<a class="jxr_linenumber" name="226" href="#226">226</a> <em class="jxr_javadoccomment"> * Note: even if using this method - system properties will be loaded before</em>
<a class="jxr_linenumber" name="227" href="#227">227</a> <em class="jxr_javadoccomment"> * properties loaded from files.</em>
<a class="jxr_linenumber" name="228" href="#228">228</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="229" href="#229">229</a> <em class="jxr_javadoccomment"> * @param filePath the path to the properties file to merge.</em>
<a class="jxr_linenumber" name="230" href="#230">230</a> <em class="jxr_javadoccomment"> * @throws FileNotFoundException is thrown when the filePath points to a</em>
<a class="jxr_linenumber" name="231" href="#231">231</a> <em class="jxr_javadoccomment"> * non-existent file</em>
<a class="jxr_linenumber" name="232" href="#232">232</a> <em class="jxr_javadoccomment"> * @throws IOException is thrown when there is an exception loading/merging</em>
<a class="jxr_linenumber" name="233" href="#233">233</a> <em class="jxr_javadoccomment"> * the properties</em>
<a class="jxr_linenumber" name="234" href="#234">234</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="235" href="#235">235</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> mergeProperties(String filePath) <strong class="jxr_keyword">throws</strong> FileNotFoundException, IOException {
<a class="jxr_linenumber" name="236" href="#236">236</a> <strong class="jxr_keyword">final</strong> FileInputStream fis = <strong class="jxr_keyword">new</strong> FileInputStream(filePath);
<a class="jxr_linenumber" name="237" href="#237">237</a> mergeProperties(fis);
<a class="jxr_linenumber" name="238" href="#238">238</a> }
<a class="jxr_linenumber" name="239" href="#239">239</a>
<a class="jxr_linenumber" name="240" href="#240">240</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="241" href="#241">241</a> <em class="jxr_javadoccomment"> * Merges a new properties file into the current properties. This method</em>
<a class="jxr_linenumber" name="242" href="#242">242</a> <em class="jxr_javadoccomment"> * allows for the loading of a user provided properties file.&lt;br/&gt;&lt;br/&gt;</em>
<a class="jxr_linenumber" name="243" href="#243">243</a> <em class="jxr_javadoccomment"> * Note: even if using this method - system properties will be loaded before</em>
<a class="jxr_linenumber" name="244" href="#244">244</a> <em class="jxr_javadoccomment"> * properties loaded from files.</em>
<a class="jxr_linenumber" name="245" href="#245">245</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="246" href="#246">246</a> <em class="jxr_javadoccomment"> * @param stream an Input Stream pointing at a properties file to merge</em>
<a class="jxr_linenumber" name="247" href="#247">247</a> <em class="jxr_javadoccomment"> * @throws IOException is thrown when there is an exception loading/merging</em>
<a class="jxr_linenumber" name="248" href="#248">248</a> <em class="jxr_javadoccomment"> * the properties</em>
<a class="jxr_linenumber" name="249" href="#249">249</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="250" href="#250">250</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> mergeProperties(InputStream stream) <strong class="jxr_keyword">throws</strong> IOException {
<a class="jxr_linenumber" name="251" href="#251">251</a> INSTANCE.props.load(stream);
<a class="jxr_linenumber" name="252" href="#252">252</a> }
<a class="jxr_linenumber" name="253" href="#253">253</a>
<a class="jxr_linenumber" name="254" href="#254">254</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="255" href="#255">255</a> <em class="jxr_javadoccomment"> * Returns a value from the properties file as a File object. If the value</em>
<a class="jxr_linenumber" name="256" href="#256">256</a> <em class="jxr_javadoccomment"> * was specified as a system property or passed in via the -Dprop=value</em>
<a class="jxr_linenumber" name="257" href="#257">257</a> <em class="jxr_javadoccomment"> * argument - this method will return the value from the system properties</em>
<a class="jxr_linenumber" name="258" href="#258">258</a> <em class="jxr_javadoccomment"> * before the values in the contained configuration file.</em>
<a class="jxr_linenumber" name="259" href="#259">259</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="260" href="#260">260</a> <em class="jxr_javadoccomment"> * This method will also replace a leading "[JAR]\&quot; sequence with the path</em>
<a class="jxr_linenumber" name="261" href="#261">261</a> <em class="jxr_javadoccomment"> * to the folder containing the JAR file containing this class.</em>
<a class="jxr_linenumber" name="262" href="#262">262</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="263" href="#263">263</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="264" href="#264">264</a> <em class="jxr_javadoccomment"> * @return the property from the properties file converted to a File object</em>
<a class="jxr_linenumber" name="265" href="#265">265</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="266" href="#266">266</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> File getFile(String key) {
<a class="jxr_linenumber" name="267" href="#267">267</a> <strong class="jxr_keyword">final</strong> String file = getString(key);
<a class="jxr_linenumber" name="268" href="#268">268</a> <strong class="jxr_keyword">final</strong> String baseDir = getString(Settings.KEYS.DATA_DIRECTORY);
<a class="jxr_linenumber" name="269" href="#269">269</a> <strong class="jxr_keyword">if</strong> (baseDir != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="270" href="#270">270</a> <strong class="jxr_keyword">if</strong> (baseDir.startsWith(<span class="jxr_string">"[JAR]/"</span>)) {
<a class="jxr_linenumber" name="271" href="#271">271</a> <strong class="jxr_keyword">final</strong> File jarPath = getJarPath();
<a class="jxr_linenumber" name="272" href="#272">272</a> <strong class="jxr_keyword">final</strong> File newBase = <strong class="jxr_keyword">new</strong> File(jarPath, baseDir.substring(6));
<a class="jxr_linenumber" name="273" href="#273">273</a> <strong class="jxr_keyword">if</strong> (Settings.KEYS.DATA_DIRECTORY.equals(key)) {
<a class="jxr_linenumber" name="274" href="#274">274</a> <strong class="jxr_keyword">return</strong> newBase;
<a class="jxr_linenumber" name="275" href="#275">275</a> }
<a class="jxr_linenumber" name="276" href="#276">276</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> File(newBase, file);
<a class="jxr_linenumber" name="277" href="#277">277</a> }
<a class="jxr_linenumber" name="278" href="#278">278</a> <strong class="jxr_keyword">if</strong> (Settings.KEYS.DATA_DIRECTORY.equals(key)) {
<a class="jxr_linenumber" name="279" href="#279">279</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> File(baseDir);
<a class="jxr_linenumber" name="280" href="#280">280</a> }
<a class="jxr_linenumber" name="281" href="#281">281</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> File(baseDir, file);
<a class="jxr_linenumber" name="282" href="#282">282</a> }
<a class="jxr_linenumber" name="283" href="#283">283</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> File(file);
<a class="jxr_linenumber" name="284" href="#284">284</a> }
<a class="jxr_linenumber" name="285" href="#285">285</a>
<a class="jxr_linenumber" name="286" href="#286">286</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="287" href="#287">287</a> <em class="jxr_javadoccomment"> * Attempts to retrieve the folder containing the Jar file containing the</em>
<a class="jxr_linenumber" name="288" href="#288">288</a> <em class="jxr_javadoccomment"> * Settings class.</em>
<a class="jxr_linenumber" name="289" href="#289">289</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="290" href="#290">290</a> <em class="jxr_javadoccomment"> * @return a File object</em>
<a class="jxr_linenumber" name="291" href="#291">291</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="292" href="#292">292</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> File getJarPath() {
<a class="jxr_linenumber" name="293" href="#293">293</a> <strong class="jxr_keyword">final</strong> String jarPath = Settings.<strong class="jxr_keyword">class</strong>.getProtectionDomain().getCodeSource().getLocation().getPath();
<a class="jxr_linenumber" name="294" href="#294">294</a> String decodedPath = <span class="jxr_string">"."</span>;
<a class="jxr_linenumber" name="295" href="#295">295</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="296" href="#296">296</a> decodedPath = URLDecoder.decode(jarPath, <span class="jxr_string">"UTF-8"</span>);
<a class="jxr_linenumber" name="297" href="#297">297</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
<a class="jxr_linenumber" name="298" href="#298">298</a> Logger.getLogger(Settings.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
<a class="jxr_linenumber" name="299" href="#299">299</a> }
<a class="jxr_linenumber" name="300" href="#300">300</a>
<a class="jxr_linenumber" name="301" href="#301">301</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="302" href="#302">302</a> <em class="jxr_javadoccomment"> * Returns a value from the properties file. If the value was specified as a</em>
<a class="jxr_linenumber" name="303" href="#303">303</a> <em class="jxr_javadoccomment"> * system property or passed in via the -Dprop=value argument - this method</em>
<a class="jxr_linenumber" name="304" href="#304">304</a> <em class="jxr_javadoccomment"> * will return the value from the system properties before the values in the</em>
<a class="jxr_linenumber" name="305" href="#305">305</a> <em class="jxr_javadoccomment"> * contained configuration file.</em>
<a class="jxr_linenumber" name="306" href="#306">306</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="307" href="#307">307</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="308" href="#308">308</a> <em class="jxr_javadoccomment"> * @param defaultValue the default value for the requested property</em>
<a class="jxr_linenumber" name="309" href="#309">309</a> <em class="jxr_javadoccomment"> * @return the property from the properties file</em>
<a class="jxr_linenumber" name="310" href="#310">310</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="311" href="#311">311</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> String getString(String key, String defaultValue) {
<a class="jxr_linenumber" name="312" href="#312">312</a> <strong class="jxr_keyword">final</strong> String str = System.getProperty(key, INSTANCE.props.getProperty(key, defaultValue));
<a class="jxr_linenumber" name="313" href="#313">313</a> <strong class="jxr_keyword">return</strong> str;
<a class="jxr_linenumber" name="314" href="#314">314</a> }
<a class="jxr_linenumber" name="315" href="#315">315</a>
<a class="jxr_linenumber" name="316" href="#316">316</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="317" href="#317">317</a> <em class="jxr_javadoccomment"> * Returns the temporary directory.</em>
<a class="jxr_linenumber" name="318" href="#318">318</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="319" href="#319">319</a> <em class="jxr_javadoccomment"> * @return the temporary directory</em>
<a class="jxr_linenumber" name="320" href="#320">320</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="321" href="#321">321</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> File getTempDirectory() {
<a class="jxr_linenumber" name="322" href="#322">322</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> File(Settings.getString(Settings.KEYS.TEMP_DIRECTORY, System.getProperty(<span class="jxr_string">"java.io.tmpdir"</span>)));
<a class="jxr_linenumber" name="323" href="#323">323</a> }
<a class="jxr_linenumber" name="324" href="#324">324</a>
<a class="jxr_linenumber" name="325" href="#325">325</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="326" href="#326">326</a> <em class="jxr_javadoccomment"> * Returns a value from the properties file. If the value was specified as a</em>
<a class="jxr_linenumber" name="327" href="#327">327</a> <em class="jxr_javadoccomment"> * system property or passed in via the -Dprop=value argument - this method</em>
<a class="jxr_linenumber" name="328" href="#328">328</a> <em class="jxr_javadoccomment"> * will return the value from the system properties before the values in the</em>
<a class="jxr_linenumber" name="329" href="#329">329</a> <em class="jxr_javadoccomment"> * contained configuration file.</em>
<a class="jxr_linenumber" name="330" href="#330">330</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="331" href="#331">331</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="332" href="#332">332</a> <em class="jxr_javadoccomment"> * @return the property from the properties file</em>
<a class="jxr_linenumber" name="333" href="#333">333</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="334" href="#334">334</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> String getString(String key) {
<a class="jxr_linenumber" name="335" href="#335">335</a> <strong class="jxr_keyword">return</strong> System.getProperty(key, INSTANCE.props.getProperty(key));
<a class="jxr_linenumber" name="336" href="#336">336</a> }
<a class="jxr_linenumber" name="337" href="#337">337</a>
<a class="jxr_linenumber" name="338" href="#338">338</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="339" href="#339">339</a> <em class="jxr_javadoccomment"> * Removes a property from the local properties collection. This is mainly</em>
<a class="jxr_linenumber" name="340" href="#340">340</a> <em class="jxr_javadoccomment"> * used in test cases.</em>
<a class="jxr_linenumber" name="341" href="#341">341</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="342" href="#342">342</a> <em class="jxr_javadoccomment"> * @param key the property key to remove</em>
<a class="jxr_linenumber" name="343" href="#343">343</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="344" href="#344">344</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> removeProperty(String key) {
<a class="jxr_linenumber" name="345" href="#345">345</a> INSTANCE.props.remove(key);
<a class="jxr_linenumber" name="346" href="#346">346</a> }
<a class="jxr_linenumber" name="347" href="#347">347</a>
<a class="jxr_linenumber" name="348" href="#348">348</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="349" href="#349">349</a> <em class="jxr_javadoccomment"> * Returns an int value from the properties file. If the value was specified</em>
<a class="jxr_linenumber" name="350" href="#350">350</a> <em class="jxr_javadoccomment"> * as a system property or passed in via the -Dprop=value argument - this</em>
<a class="jxr_linenumber" name="351" href="#351">351</a> <em class="jxr_javadoccomment"> * method will return the value from the system properties before the values</em>
<a class="jxr_linenumber" name="352" href="#352">352</a> <em class="jxr_javadoccomment"> * in the contained configuration file.</em>
<a class="jxr_linenumber" name="353" href="#353">353</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="354" href="#354">354</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="355" href="#355">355</a> <em class="jxr_javadoccomment"> * @return the property from the properties file</em>
<a class="jxr_linenumber" name="356" href="#356">356</a> <em class="jxr_javadoccomment"> * @throws InvalidSettingException is thrown if there is an error retrieving</em>
<a class="jxr_linenumber" name="357" href="#357">357</a> <em class="jxr_javadoccomment"> * the setting</em>
<a class="jxr_linenumber" name="358" href="#358">358</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="359" href="#359">359</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">int</strong> getInt(String key) <strong class="jxr_keyword">throws</strong> InvalidSettingException {
<a class="jxr_linenumber" name="360" href="#360">360</a> <strong class="jxr_keyword">int</strong> value;
<a class="jxr_linenumber" name="361" href="#361">361</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="362" href="#362">362</a> value = Integer.parseInt(Settings.getString(key));
<a class="jxr_linenumber" name="363" href="#363">363</a> } <strong class="jxr_keyword">catch</strong> (NumberFormatException ex) {
<a class="jxr_linenumber" name="364" href="#364">364</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/InvalidSettingException.html">InvalidSettingException</a>(<span class="jxr_string">"Could not convert property '"</span> + key + <span class="jxr_string">"' to an int."</span>, ex);
<a class="jxr_linenumber" name="365" href="#365">365</a> }
<a class="jxr_linenumber" name="366" href="#366">366</a> <strong class="jxr_keyword">return</strong> value;
<a class="jxr_linenumber" name="367" href="#367">367</a> }
<a class="jxr_linenumber" name="368" href="#368">368</a>
<a class="jxr_linenumber" name="369" href="#369">369</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="370" href="#370">370</a> <em class="jxr_javadoccomment"> * Returns an int value from the properties file. If the value was specified</em>
<a class="jxr_linenumber" name="371" href="#371">371</a> <em class="jxr_javadoccomment"> * as a system property or passed in via the -Dprop=value argument - this</em>
<a class="jxr_linenumber" name="372" href="#372">372</a> <em class="jxr_javadoccomment"> * method will return the value from the system properties before the values</em>
<a class="jxr_linenumber" name="373" href="#373">373</a> <em class="jxr_javadoccomment"> * in the contained configuration file.</em>
<a class="jxr_linenumber" name="374" href="#374">374</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="375" href="#375">375</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="376" href="#376">376</a> <em class="jxr_javadoccomment"> * @param defaultValue the default value to return</em>
<a class="jxr_linenumber" name="377" href="#377">377</a> <em class="jxr_javadoccomment"> * @return the property from the properties file or the defaultValue if the</em>
<a class="jxr_linenumber" name="378" href="#378">378</a> <em class="jxr_javadoccomment"> * property does not exist or cannot be converted to an integer</em>
<a class="jxr_linenumber" name="379" href="#379">379</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="380" href="#380">380</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">int</strong> getInt(String key, <strong class="jxr_keyword">int</strong> defaultValue) {
<a class="jxr_linenumber" name="381" href="#381">381</a> <strong class="jxr_keyword">int</strong> value;
<a class="jxr_linenumber" name="382" href="#382">382</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="383" href="#383">383</a> value = Integer.parseInt(Settings.getString(key));
<a class="jxr_linenumber" name="384" href="#384">384</a> } <strong class="jxr_keyword">catch</strong> (NumberFormatException ex) {
<a class="jxr_linenumber" name="385" href="#385">385</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Could not convert property '%s' to an int."</span>, key);
<a class="jxr_linenumber" name="386" href="#386">386</a> Logger.getLogger(Settings.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, msg, ex);
<a class="jxr_linenumber" name="387" href="#387">387</a> value = defaultValue;
<a class="jxr_linenumber" name="388" href="#388">388</a> }
<a class="jxr_linenumber" name="389" href="#389">389</a> <strong class="jxr_keyword">return</strong> value;
<a class="jxr_linenumber" name="390" href="#390">390</a> }
<a class="jxr_linenumber" name="391" href="#391">391</a>
<a class="jxr_linenumber" name="392" href="#392">392</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="393" href="#393">393</a> <em class="jxr_javadoccomment"> * Returns a long value from the properties file. If the value was specified</em>
<a class="jxr_linenumber" name="394" href="#394">394</a> <em class="jxr_javadoccomment"> * as a system property or passed in via the -Dprop=value argument - this</em>
<a class="jxr_linenumber" name="395" href="#395">395</a> <em class="jxr_javadoccomment"> * method will return the value from the system properties before the values</em>
<a class="jxr_linenumber" name="396" href="#396">396</a> <em class="jxr_javadoccomment"> * in the contained configuration file.</em>
<a class="jxr_linenumber" name="397" href="#397">397</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="398" href="#398">398</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="399" href="#399">399</a> <em class="jxr_javadoccomment"> * @return the property from the properties file</em>
<a class="jxr_linenumber" name="400" href="#400">400</a> <em class="jxr_javadoccomment"> * @throws InvalidSettingException is thrown if there is an error retrieving</em>
<a class="jxr_linenumber" name="401" href="#401">401</a> <em class="jxr_javadoccomment"> * the setting</em>
<a class="jxr_linenumber" name="402" href="#402">402</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="403" href="#403">403</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">long</strong> getLong(String key) <strong class="jxr_keyword">throws</strong> InvalidSettingException {
<a class="jxr_linenumber" name="404" href="#404">404</a> <strong class="jxr_keyword">long</strong> value;
<a class="jxr_linenumber" name="405" href="#405">405</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="406" href="#406">406</a> value = Long.parseLong(Settings.getString(key));
<a class="jxr_linenumber" name="407" href="#407">407</a> } <strong class="jxr_keyword">catch</strong> (NumberFormatException ex) {
<a class="jxr_linenumber" name="408" href="#408">408</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/InvalidSettingException.html">InvalidSettingException</a>(<span class="jxr_string">"Could not convert property '"</span> + key + <span class="jxr_string">"' to an int."</span>, ex);
<a class="jxr_linenumber" name="409" href="#409">409</a> }
<a class="jxr_linenumber" name="410" href="#410">410</a> <strong class="jxr_keyword">return</strong> value;
<a class="jxr_linenumber" name="411" href="#411">411</a> }
<a class="jxr_linenumber" name="412" href="#412">412</a>
<a class="jxr_linenumber" name="413" href="#413">413</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="414" href="#414">414</a> <em class="jxr_javadoccomment"> * Returns a boolean value from the properties file. If the value was</em>
<a class="jxr_linenumber" name="415" href="#415">415</a> <em class="jxr_javadoccomment"> * specified as a system property or passed in via the</em>
<a class="jxr_linenumber" name="416" href="#416">416</a> <em class="jxr_javadoccomment"> * &lt;code&gt;-Dprop=value&lt;/code&gt; argument this method will return the value from</em>
<a class="jxr_linenumber" name="417" href="#417">417</a> <em class="jxr_javadoccomment"> * the system properties before the values in the contained configuration</em>
<a class="jxr_linenumber" name="418" href="#418">418</a> <em class="jxr_javadoccomment"> * file.</em>
<a class="jxr_linenumber" name="419" href="#419">419</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="420" href="#420">420</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="421" href="#421">421</a> <em class="jxr_javadoccomment"> * @return the property from the properties file</em>
<a class="jxr_linenumber" name="422" href="#422">422</a> <em class="jxr_javadoccomment"> * @throws InvalidSettingException is thrown if there is an error retrieving</em>
<a class="jxr_linenumber" name="423" href="#423">423</a> <em class="jxr_javadoccomment"> * the setting</em>
<a class="jxr_linenumber" name="424" href="#424">424</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="425" href="#425">425</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">boolean</strong> getBoolean(String key) <strong class="jxr_keyword">throws</strong> InvalidSettingException {
<a class="jxr_linenumber" name="426" href="#426">426</a> <strong class="jxr_keyword">boolean</strong> value;
<a class="jxr_linenumber" name="427" href="#427">427</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="428" href="#428">428</a> value = Boolean.parseBoolean(Settings.getString(key));
<a class="jxr_linenumber" name="429" href="#429">429</a> } <strong class="jxr_keyword">catch</strong> (NumberFormatException ex) {
<a class="jxr_linenumber" name="430" href="#430">430</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/InvalidSettingException.html">InvalidSettingException</a>(<span class="jxr_string">"Could not convert property '"</span> + key + <span class="jxr_string">"' to an int."</span>, ex);
<a class="jxr_linenumber" name="431" href="#431">431</a> }
<a class="jxr_linenumber" name="432" href="#432">432</a> <strong class="jxr_keyword">return</strong> value;
<a class="jxr_linenumber" name="433" href="#433">433</a> }
<a class="jxr_linenumber" name="434" href="#434">434</a> }
<a class="jxr_linenumber" name="301" href="#301">301</a> <strong class="jxr_keyword">final</strong> File path = <strong class="jxr_keyword">new</strong> File(decodedPath);
<a class="jxr_linenumber" name="302" href="#302">302</a> <strong class="jxr_keyword">if</strong> (path.getName().toLowerCase().endsWith(<span class="jxr_string">".jar"</span>)) {
<a class="jxr_linenumber" name="303" href="#303">303</a> <strong class="jxr_keyword">return</strong> path.getParentFile();
<a class="jxr_linenumber" name="304" href="#304">304</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="305" href="#305">305</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> File(<span class="jxr_string">"."</span>);
<a class="jxr_linenumber" name="306" href="#306">306</a> }
<a class="jxr_linenumber" name="307" href="#307">307</a> }
<a class="jxr_linenumber" name="308" href="#308">308</a>
<a class="jxr_linenumber" name="309" href="#309">309</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="310" href="#310">310</a> <em class="jxr_javadoccomment"> * Returns a value from the properties file. If the value was specified as a</em>
<a class="jxr_linenumber" name="311" href="#311">311</a> <em class="jxr_javadoccomment"> * system property or passed in via the -Dprop=value argument - this method</em>
<a class="jxr_linenumber" name="312" href="#312">312</a> <em class="jxr_javadoccomment"> * will return the value from the system properties before the values in the</em>
<a class="jxr_linenumber" name="313" href="#313">313</a> <em class="jxr_javadoccomment"> * contained configuration file.</em>
<a class="jxr_linenumber" name="314" href="#314">314</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="315" href="#315">315</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="316" href="#316">316</a> <em class="jxr_javadoccomment"> * @param defaultValue the default value for the requested property</em>
<a class="jxr_linenumber" name="317" href="#317">317</a> <em class="jxr_javadoccomment"> * @return the property from the properties file</em>
<a class="jxr_linenumber" name="318" href="#318">318</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="319" href="#319">319</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> String getString(String key, String defaultValue) {
<a class="jxr_linenumber" name="320" href="#320">320</a> <strong class="jxr_keyword">final</strong> String str = System.getProperty(key, INSTANCE.props.getProperty(key, defaultValue));
<a class="jxr_linenumber" name="321" href="#321">321</a> <strong class="jxr_keyword">return</strong> str;
<a class="jxr_linenumber" name="322" href="#322">322</a> }
<a class="jxr_linenumber" name="323" href="#323">323</a>
<a class="jxr_linenumber" name="324" href="#324">324</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="325" href="#325">325</a> <em class="jxr_javadoccomment"> * Returns the temporary directory.</em>
<a class="jxr_linenumber" name="326" href="#326">326</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="327" href="#327">327</a> <em class="jxr_javadoccomment"> * @return the temporary directory</em>
<a class="jxr_linenumber" name="328" href="#328">328</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="329" href="#329">329</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> File getTempDirectory() {
<a class="jxr_linenumber" name="330" href="#330">330</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> File(Settings.getString(Settings.KEYS.TEMP_DIRECTORY, System.getProperty(<span class="jxr_string">"java.io.tmpdir"</span>)));
<a class="jxr_linenumber" name="331" href="#331">331</a> }
<a class="jxr_linenumber" name="332" href="#332">332</a>
<a class="jxr_linenumber" name="333" href="#333">333</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="334" href="#334">334</a> <em class="jxr_javadoccomment"> * Returns a value from the properties file. If the value was specified as a</em>
<a class="jxr_linenumber" name="335" href="#335">335</a> <em class="jxr_javadoccomment"> * system property or passed in via the -Dprop=value argument - this method</em>
<a class="jxr_linenumber" name="336" href="#336">336</a> <em class="jxr_javadoccomment"> * will return the value from the system properties before the values in the</em>
<a class="jxr_linenumber" name="337" href="#337">337</a> <em class="jxr_javadoccomment"> * contained configuration file.</em>
<a class="jxr_linenumber" name="338" href="#338">338</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="339" href="#339">339</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="340" href="#340">340</a> <em class="jxr_javadoccomment"> * @return the property from the properties file</em>
<a class="jxr_linenumber" name="341" href="#341">341</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="342" href="#342">342</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> String getString(String key) {
<a class="jxr_linenumber" name="343" href="#343">343</a> <strong class="jxr_keyword">return</strong> System.getProperty(key, INSTANCE.props.getProperty(key));
<a class="jxr_linenumber" name="344" href="#344">344</a> }
<a class="jxr_linenumber" name="345" href="#345">345</a>
<a class="jxr_linenumber" name="346" href="#346">346</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="347" href="#347">347</a> <em class="jxr_javadoccomment"> * Removes a property from the local properties collection. This is mainly</em>
<a class="jxr_linenumber" name="348" href="#348">348</a> <em class="jxr_javadoccomment"> * used in test cases.</em>
<a class="jxr_linenumber" name="349" href="#349">349</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="350" href="#350">350</a> <em class="jxr_javadoccomment"> * @param key the property key to remove</em>
<a class="jxr_linenumber" name="351" href="#351">351</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="352" href="#352">352</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> removeProperty(String key) {
<a class="jxr_linenumber" name="353" href="#353">353</a> INSTANCE.props.remove(key);
<a class="jxr_linenumber" name="354" href="#354">354</a> }
<a class="jxr_linenumber" name="355" href="#355">355</a>
<a class="jxr_linenumber" name="356" href="#356">356</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="357" href="#357">357</a> <em class="jxr_javadoccomment"> * Returns an int value from the properties file. If the value was specified</em>
<a class="jxr_linenumber" name="358" href="#358">358</a> <em class="jxr_javadoccomment"> * as a system property or passed in via the -Dprop=value argument - this</em>
<a class="jxr_linenumber" name="359" href="#359">359</a> <em class="jxr_javadoccomment"> * method will return the value from the system properties before the values</em>
<a class="jxr_linenumber" name="360" href="#360">360</a> <em class="jxr_javadoccomment"> * in the contained configuration file.</em>
<a class="jxr_linenumber" name="361" href="#361">361</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="362" href="#362">362</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="363" href="#363">363</a> <em class="jxr_javadoccomment"> * @return the property from the properties file</em>
<a class="jxr_linenumber" name="364" href="#364">364</a> <em class="jxr_javadoccomment"> * @throws InvalidSettingException is thrown if there is an error retrieving</em>
<a class="jxr_linenumber" name="365" href="#365">365</a> <em class="jxr_javadoccomment"> * the setting</em>
<a class="jxr_linenumber" name="366" href="#366">366</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="367" href="#367">367</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">int</strong> getInt(String key) <strong class="jxr_keyword">throws</strong> InvalidSettingException {
<a class="jxr_linenumber" name="368" href="#368">368</a> <strong class="jxr_keyword">int</strong> value;
<a class="jxr_linenumber" name="369" href="#369">369</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="370" href="#370">370</a> value = Integer.parseInt(Settings.getString(key));
<a class="jxr_linenumber" name="371" href="#371">371</a> } <strong class="jxr_keyword">catch</strong> (NumberFormatException ex) {
<a class="jxr_linenumber" name="372" href="#372">372</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/InvalidSettingException.html">InvalidSettingException</a>(<span class="jxr_string">"Could not convert property '"</span> + key + <span class="jxr_string">"' to an int."</span>, ex);
<a class="jxr_linenumber" name="373" href="#373">373</a> }
<a class="jxr_linenumber" name="374" href="#374">374</a> <strong class="jxr_keyword">return</strong> value;
<a class="jxr_linenumber" name="375" href="#375">375</a> }
<a class="jxr_linenumber" name="376" href="#376">376</a>
<a class="jxr_linenumber" name="377" href="#377">377</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="378" href="#378">378</a> <em class="jxr_javadoccomment"> * Returns an int value from the properties file. If the value was specified</em>
<a class="jxr_linenumber" name="379" href="#379">379</a> <em class="jxr_javadoccomment"> * as a system property or passed in via the -Dprop=value argument - this</em>
<a class="jxr_linenumber" name="380" href="#380">380</a> <em class="jxr_javadoccomment"> * method will return the value from the system properties before the values</em>
<a class="jxr_linenumber" name="381" href="#381">381</a> <em class="jxr_javadoccomment"> * in the contained configuration file.</em>
<a class="jxr_linenumber" name="382" href="#382">382</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="383" href="#383">383</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="384" href="#384">384</a> <em class="jxr_javadoccomment"> * @param defaultValue the default value to return</em>
<a class="jxr_linenumber" name="385" href="#385">385</a> <em class="jxr_javadoccomment"> * @return the property from the properties file or the defaultValue if the</em>
<a class="jxr_linenumber" name="386" href="#386">386</a> <em class="jxr_javadoccomment"> * property does not exist or cannot be converted to an integer</em>
<a class="jxr_linenumber" name="387" href="#387">387</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="388" href="#388">388</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">int</strong> getInt(String key, <strong class="jxr_keyword">int</strong> defaultValue) {
<a class="jxr_linenumber" name="389" href="#389">389</a> <strong class="jxr_keyword">int</strong> value;
<a class="jxr_linenumber" name="390" href="#390">390</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="391" href="#391">391</a> value = Integer.parseInt(Settings.getString(key));
<a class="jxr_linenumber" name="392" href="#392">392</a> } <strong class="jxr_keyword">catch</strong> (NumberFormatException ex) {
<a class="jxr_linenumber" name="393" href="#393">393</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Could not convert property '%s' to an int."</span>, key);
<a class="jxr_linenumber" name="394" href="#394">394</a> Logger.getLogger(Settings.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, msg, ex);
<a class="jxr_linenumber" name="395" href="#395">395</a> value = defaultValue;
<a class="jxr_linenumber" name="396" href="#396">396</a> }
<a class="jxr_linenumber" name="397" href="#397">397</a> <strong class="jxr_keyword">return</strong> value;
<a class="jxr_linenumber" name="398" href="#398">398</a> }
<a class="jxr_linenumber" name="399" href="#399">399</a>
<a class="jxr_linenumber" name="400" href="#400">400</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="401" href="#401">401</a> <em class="jxr_javadoccomment"> * Returns a long value from the properties file. If the value was specified</em>
<a class="jxr_linenumber" name="402" href="#402">402</a> <em class="jxr_javadoccomment"> * as a system property or passed in via the -Dprop=value argument - this</em>
<a class="jxr_linenumber" name="403" href="#403">403</a> <em class="jxr_javadoccomment"> * method will return the value from the system properties before the values</em>
<a class="jxr_linenumber" name="404" href="#404">404</a> <em class="jxr_javadoccomment"> * in the contained configuration file.</em>
<a class="jxr_linenumber" name="405" href="#405">405</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="406" href="#406">406</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="407" href="#407">407</a> <em class="jxr_javadoccomment"> * @return the property from the properties file</em>
<a class="jxr_linenumber" name="408" href="#408">408</a> <em class="jxr_javadoccomment"> * @throws InvalidSettingException is thrown if there is an error retrieving</em>
<a class="jxr_linenumber" name="409" href="#409">409</a> <em class="jxr_javadoccomment"> * the setting</em>
<a class="jxr_linenumber" name="410" href="#410">410</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="411" href="#411">411</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">long</strong> getLong(String key) <strong class="jxr_keyword">throws</strong> InvalidSettingException {
<a class="jxr_linenumber" name="412" href="#412">412</a> <strong class="jxr_keyword">long</strong> value;
<a class="jxr_linenumber" name="413" href="#413">413</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="414" href="#414">414</a> value = Long.parseLong(Settings.getString(key));
<a class="jxr_linenumber" name="415" href="#415">415</a> } <strong class="jxr_keyword">catch</strong> (NumberFormatException ex) {
<a class="jxr_linenumber" name="416" href="#416">416</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/InvalidSettingException.html">InvalidSettingException</a>(<span class="jxr_string">"Could not convert property '"</span> + key + <span class="jxr_string">"' to an int."</span>, ex);
<a class="jxr_linenumber" name="417" href="#417">417</a> }
<a class="jxr_linenumber" name="418" href="#418">418</a> <strong class="jxr_keyword">return</strong> value;
<a class="jxr_linenumber" name="419" href="#419">419</a> }
<a class="jxr_linenumber" name="420" href="#420">420</a>
<a class="jxr_linenumber" name="421" href="#421">421</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="422" href="#422">422</a> <em class="jxr_javadoccomment"> * Returns a boolean value from the properties file. If the value was</em>
<a class="jxr_linenumber" name="423" href="#423">423</a> <em class="jxr_javadoccomment"> * specified as a system property or passed in via the</em>
<a class="jxr_linenumber" name="424" href="#424">424</a> <em class="jxr_javadoccomment"> * &lt;code&gt;-Dprop=value&lt;/code&gt; argument this method will return the value from</em>
<a class="jxr_linenumber" name="425" href="#425">425</a> <em class="jxr_javadoccomment"> * the system properties before the values in the contained configuration</em>
<a class="jxr_linenumber" name="426" href="#426">426</a> <em class="jxr_javadoccomment"> * file.</em>
<a class="jxr_linenumber" name="427" href="#427">427</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="428" href="#428">428</a> <em class="jxr_javadoccomment"> * @param key the key to lookup within the properties file</em>
<a class="jxr_linenumber" name="429" href="#429">429</a> <em class="jxr_javadoccomment"> * @return the property from the properties file</em>
<a class="jxr_linenumber" name="430" href="#430">430</a> <em class="jxr_javadoccomment"> * @throws InvalidSettingException is thrown if there is an error retrieving</em>
<a class="jxr_linenumber" name="431" href="#431">431</a> <em class="jxr_javadoccomment"> * the setting</em>
<a class="jxr_linenumber" name="432" href="#432">432</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="433" href="#433">433</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">boolean</strong> getBoolean(String key) <strong class="jxr_keyword">throws</strong> InvalidSettingException {
<a class="jxr_linenumber" name="434" href="#434">434</a> <strong class="jxr_keyword">boolean</strong> value;
<a class="jxr_linenumber" name="435" href="#435">435</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="436" href="#436">436</a> value = Boolean.parseBoolean(Settings.getString(key));
<a class="jxr_linenumber" name="437" href="#437">437</a> } <strong class="jxr_keyword">catch</strong> (NumberFormatException ex) {
<a class="jxr_linenumber" name="438" href="#438">438</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/utils/InvalidSettingException.html">InvalidSettingException</a>(<span class="jxr_string">"Could not convert property '"</span> + key + <span class="jxr_string">"' to an int."</span>, ex);
<a class="jxr_linenumber" name="439" href="#439">439</a> }
<a class="jxr_linenumber" name="440" href="#440">440</a> <strong class="jxr_keyword">return</strong> value;
<a class="jxr_linenumber" name="441" href="#441">441</a> }
<a class="jxr_linenumber" name="442" href="#442">442</a> }
</pre>
<hr/><div id="footer">This page was automatically generated by <a href="http://maven.apache.org/">Maven</a></div></body>
</html>

2
dependency-check-core/xref/org/owasp/dependencycheck/utils/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.utils</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.utils</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/org/owasp/dependencycheck/utils/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference Package org.owasp.dependencycheck.utils</title>
<title>Dependency-Check Core 1.0.5 Reference Package org.owasp.dependencycheck.utils</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>

2
dependency-check-core/xref/overview-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference</title>
<title>Dependency-Check Core 1.0.5 Reference</title>
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="style" />
</head>
<body>

4
dependency-check-core/xref/overview-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check Core 1.0.4 Reference</title>
<title>Dependency-Check Core 1.0.5 Reference</title>
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="style" />
</head>
<body>
@@ -24,7 +24,7 @@
</ul>
</div>
<h2>Dependency-Check Core 1.0.4 Reference</h2>
<h2>Dependency-Check Core 1.0.5 Reference</h2>
<table class="summary">
<thead>