mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-14 06:06:04 +01:00
Merge branch 'upmaster' into ruby-bundler
This commit is contained in:
Dale Visser
@@ -17,7 +17,7 @@ Copyright & License
|
||||
|
||||
Dependency-Check is Copyright (c) 2012-2014 Jeremy Long. All Rights Reserved.
|
||||
|
||||
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE.txt](https://github.com/jeremylong/DependencyCheck/dependency-check-cli/blob/master/LICENSE.txt) file for the full license.
|
||||
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE.txt](https://raw.githubusercontent.com/jeremylong/DependencyCheck/master/LICENSE.txt) file for the full license.
|
||||
|
||||
Dependency-Check makes use of several other open source libraries. Please see the [NOTICE.txt] [notices] file for more information.
|
||||
|
||||
@@ -25,4 +25,4 @@ Dependency-Check makes use of several other open source libraries. Please see th
|
||||
[wiki]: https://github.com/jeremylong/DependencyCheck/wiki
|
||||
[subscribe]: mailto:dependency-check+subscribe@googlegroups.com
|
||||
[post]: mailto:dependency-check@googlegroups.com
|
||||
[notices]: https://github.com/jeremylong/DependencyCheck/blob/master/NOTICES.txt
|
||||
[notices]: https://raw.githubusercontent.com/jeremylong/DependencyCheck/master/NOTICE.txt
|
||||
@@ -210,13 +210,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
</systemProperties>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-compiler-plugin</artifactId>
|
||||
<configuration>
|
||||
<compilerArgument>-Xlint:unchecked</compilerArgument>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<reporting>
|
||||
|
||||
@@ -42,6 +42,7 @@ import java.util.EnumMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
@@ -59,7 +60,7 @@ public class Engine implements FileFilter {
|
||||
/**
|
||||
* A Map of analyzers grouped by Analysis phase.
|
||||
*/
|
||||
private EnumMap<AnalysisPhase, List<Analyzer>> analyzers = new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class);
|
||||
private Map<AnalysisPhase, List<Analyzer>> analyzers = new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class);
|
||||
|
||||
/**
|
||||
* A Map of analyzers grouped by Analysis phase.
|
||||
@@ -478,6 +479,7 @@ public class Engine implements FileFilter {
|
||||
* @param file a file extension
|
||||
* @return true or false depending on whether or not the file extension is supported
|
||||
*/
|
||||
@Override
|
||||
public boolean accept(File file) {
|
||||
if (file == null) {
|
||||
return false;
|
||||
|
||||
@@ -28,6 +28,7 @@ import org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream;
|
||||
import org.apache.commons.compress.compressors.bzip2.BZip2Utils;
|
||||
import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
|
||||
import org.apache.commons.compress.compressors.gzip.GzipUtils;
|
||||
import org.apache.commons.compress.utils.IOUtils;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||
import org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException;
|
||||
@@ -54,10 +55,6 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* The logger.
|
||||
*/
|
||||
private static final Logger LOGGER = LoggerFactory.getLogger(ArchiveAnalyzer.class);
|
||||
/**
|
||||
* The buffer size to use when extracting files from the archive.
|
||||
*/
|
||||
private static final int BUFFER_SIZE = 4096;
|
||||
/**
|
||||
* The count of directories created during analysis. This is used for creating temporary directories.
|
||||
*/
|
||||
@@ -385,7 +382,6 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
|
||||
private static void extractAcceptedFile(ArchiveInputStream input, File file) throws AnalysisException {
|
||||
LOGGER.debug("Extracting '{}'", file.getPath());
|
||||
BufferedOutputStream bos = null;
|
||||
FileOutputStream fos = null;
|
||||
try {
|
||||
final File parent = file.getParentFile();
|
||||
@@ -396,13 +392,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
}
|
||||
}
|
||||
fos = new FileOutputStream(file);
|
||||
bos = new BufferedOutputStream(fos, BUFFER_SIZE);
|
||||
int count;
|
||||
final byte[] data = new byte[BUFFER_SIZE];
|
||||
while ((count = input.read(data, 0, BUFFER_SIZE)) != -1) {
|
||||
bos.write(data, 0, count);
|
||||
}
|
||||
bos.flush();
|
||||
IOUtils.copy(input, fos);
|
||||
} catch (FileNotFoundException ex) {
|
||||
LOGGER.debug("", ex);
|
||||
final String msg = String.format("Unable to find file '%s'.", file.getName());
|
||||
@@ -412,7 +402,6 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
final String msg = String.format("IO Exception while parsing file '%s'.", file.getName());
|
||||
throw new AnalysisException(msg, ex);
|
||||
} finally {
|
||||
close(bos);
|
||||
close(fos);
|
||||
}
|
||||
}
|
||||
@@ -429,11 +418,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
FileOutputStream out = null;
|
||||
try {
|
||||
out = new FileOutputStream(outputFile);
|
||||
final byte[] buffer = new byte[BUFFER_SIZE];
|
||||
int n; // = 0
|
||||
while (-1 != (n = inputStream.read(buffer))) {
|
||||
out.write(buffer, 0, n);
|
||||
}
|
||||
IOUtils.copy(inputStream, out);
|
||||
} catch (FileNotFoundException ex) {
|
||||
LOGGER.debug("", ex);
|
||||
throw new ArchiveExtractionException(ex);
|
||||
|
||||
@@ -147,7 +147,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
|
||||
// First, see if there was an error
|
||||
final String error = xpath.evaluate("/assembly/error", doc);
|
||||
if (error != null && !"".equals(error)) {
|
||||
if (error != null && !error.isEmpty()) {
|
||||
throw new AnalysisException(error);
|
||||
}
|
||||
|
||||
@@ -246,7 +246,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream());
|
||||
final XPath xpath = XPathFactory.newInstance().newXPath();
|
||||
final String error = xpath.evaluate("/assembly/error", doc);
|
||||
if (p.waitFor() != 1 || error == null || "".equals(error)) {
|
||||
if (p.waitFor() != 1 || error == null || error.isEmpty()) {
|
||||
LOGGER.warn("An error occurred with the .NET AssemblyAnalyzer, please see the log for more details.");
|
||||
LOGGER.debug("GrokAssembly.exe is not working properly");
|
||||
grokAssemblyExe = null;
|
||||
|
||||
@@ -339,7 +339,7 @@ public class CPEAnalyzer implements Analyzer {
|
||||
|
||||
final String cleanText = cleanseText(searchText);
|
||||
|
||||
if ("".equals(cleanText)) {
|
||||
if (cleanText.isEmpty()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -75,6 +75,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
||||
*
|
||||
* @return the name of the analyzer.
|
||||
*/
|
||||
@Override
|
||||
public String getName() {
|
||||
return ANALYZER_NAME;
|
||||
}
|
||||
@@ -84,6 +85,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
||||
*
|
||||
* @return the phase that the analyzer is intended to run in.
|
||||
*/
|
||||
@Override
|
||||
public AnalysisPhase getAnalysisPhase() {
|
||||
return ANALYSIS_PHASE;
|
||||
}
|
||||
|
||||
@@ -69,6 +69,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
|
||||
*
|
||||
* @return the name of the analyzer.
|
||||
*/
|
||||
@Override
|
||||
public String getName() {
|
||||
return ANALYZER_NAME;
|
||||
}
|
||||
@@ -78,6 +79,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
|
||||
*
|
||||
* @return the phase that the analyzer is intended to run in.
|
||||
*/
|
||||
@Override
|
||||
public AnalysisPhase getAnalysisPhase() {
|
||||
return ANALYSIS_PHASE;
|
||||
}
|
||||
@@ -378,18 +380,16 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
|
||||
*/
|
||||
private void addFalseNegativeCPEs(Dependency dependency) {
|
||||
//TODO move this to the hint analyzer
|
||||
final Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
|
||||
while (itr.hasNext()) {
|
||||
final Identifier i = itr.next();
|
||||
if ("cpe".equals(i.getType()) && i.getValue() != null
|
||||
&& (i.getValue().startsWith("cpe:/a:oracle:opensso:")
|
||||
|| i.getValue().startsWith("cpe:/a:oracle:opensso_enterprise:")
|
||||
|| i.getValue().startsWith("cpe:/a:sun:opensso_enterprise:")
|
||||
|| i.getValue().startsWith("cpe:/a:sun:opensso:"))) {
|
||||
final String newCpe = String.format("cpe:/a:sun:opensso_enterprise:%s", i.getValue().substring(22));
|
||||
final String newCpe2 = String.format("cpe:/a:oracle:opensso_enterprise:%s", i.getValue().substring(22));
|
||||
final String newCpe3 = String.format("cpe:/a:sun:opensso:%s", i.getValue().substring(22));
|
||||
final String newCpe4 = String.format("cpe:/a:oracle:opensso:%s", i.getValue().substring(22));
|
||||
for (final Identifier identifier : dependency.getIdentifiers()) {
|
||||
if ("cpe".equals(identifier.getType()) && identifier.getValue() != null
|
||||
&& (identifier.getValue().startsWith("cpe:/a:oracle:opensso:")
|
||||
|| identifier.getValue().startsWith("cpe:/a:oracle:opensso_enterprise:")
|
||||
|| identifier.getValue().startsWith("cpe:/a:sun:opensso_enterprise:")
|
||||
|| identifier.getValue().startsWith("cpe:/a:sun:opensso:"))) {
|
||||
final String newCpe = String.format("cpe:/a:sun:opensso_enterprise:%s", identifier.getValue().substring(22));
|
||||
final String newCpe2 = String.format("cpe:/a:oracle:opensso_enterprise:%s", identifier.getValue().substring(22));
|
||||
final String newCpe3 = String.format("cpe:/a:sun:opensso:%s", identifier.getValue().substring(22));
|
||||
final String newCpe4 = String.format("cpe:/a:oracle:opensso:%s", identifier.getValue().substring(22));
|
||||
try {
|
||||
dependency.addIdentifier("cpe",
|
||||
newCpe,
|
||||
|
||||
@@ -48,6 +48,7 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
*
|
||||
* @return the name of the analyzer.
|
||||
*/
|
||||
@Override
|
||||
public String getName() {
|
||||
return ANALYZER_NAME;
|
||||
}
|
||||
@@ -57,6 +58,7 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
*
|
||||
* @return the phase that the analyzer is intended to run in.
|
||||
*/
|
||||
@Override
|
||||
public AnalysisPhase getAnalysisPhase() {
|
||||
return ANALYSIS_PHASE;
|
||||
}
|
||||
|
||||
@@ -17,7 +17,6 @@
|
||||
*/
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import java.io.BufferedOutputStream;
|
||||
import java.io.File;
|
||||
import java.io.FileFilter;
|
||||
import java.io.FileOutputStream;
|
||||
@@ -42,6 +41,7 @@ import java.util.jar.JarFile;
|
||||
import java.util.jar.Manifest;
|
||||
import java.util.regex.Pattern;
|
||||
import java.util.zip.ZipEntry;
|
||||
import org.apache.commons.compress.utils.IOUtils;
|
||||
import org.jsoup.Jsoup;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||
@@ -69,10 +69,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* The logger.
|
||||
*/
|
||||
private static final Logger LOGGER = LoggerFactory.getLogger(JarAnalyzer.class);
|
||||
/**
|
||||
* The buffer size to use when extracting files from the archive.
|
||||
*/
|
||||
private static final int BUFFER_SIZE = 4096;
|
||||
/**
|
||||
* The count of directories created during analysis. This is used for creating temporary directories.
|
||||
*/
|
||||
@@ -198,6 +194,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
*
|
||||
* @return the phase that the analyzer is intended to run in.
|
||||
*/
|
||||
@Override
|
||||
public AnalysisPhase getAnalysisPhase() {
|
||||
return ANALYSIS_PHASE;
|
||||
}
|
||||
@@ -396,26 +393,18 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
private Model extractPom(String path, JarFile jar, Dependency dependency) throws AnalysisException {
|
||||
InputStream input = null;
|
||||
FileOutputStream fos = null;
|
||||
BufferedOutputStream bos = null;
|
||||
final File tmpDir = getNextTempDirectory();
|
||||
final File file = new File(tmpDir, "pom.xml");
|
||||
try {
|
||||
final ZipEntry entry = jar.getEntry(path);
|
||||
input = jar.getInputStream(entry);
|
||||
fos = new FileOutputStream(file);
|
||||
bos = new BufferedOutputStream(fos, BUFFER_SIZE);
|
||||
int count;
|
||||
final byte[] data = new byte[BUFFER_SIZE];
|
||||
while ((count = input.read(data, 0, BUFFER_SIZE)) != -1) {
|
||||
bos.write(data, 0, count);
|
||||
}
|
||||
bos.flush();
|
||||
IOUtils.copy(input, fos);
|
||||
dependency.setActualFilePath(file.getAbsolutePath());
|
||||
} catch (IOException ex) {
|
||||
LOGGER.warn("An error occurred reading '{}' from '{}'.", path, dependency.getFilePath());
|
||||
LOGGER.error("", ex);
|
||||
} finally {
|
||||
closeStream(bos);
|
||||
closeStream(fos);
|
||||
closeStream(input);
|
||||
}
|
||||
|
||||
@@ -116,7 +116,7 @@ public class CentralSearch {
|
||||
if ("0".equals(numFound)) {
|
||||
missing = true;
|
||||
} else {
|
||||
final ArrayList<MavenArtifact> result = new ArrayList<MavenArtifact>();
|
||||
final List<MavenArtifact> result = new ArrayList<MavenArtifact>();
|
||||
final NodeList docs = (NodeList) xpath.evaluate("/response/result/doc", doc, XPathConstants.NODESET);
|
||||
for (int i = 0; i < docs.getLength(); i++) {
|
||||
final String g = xpath.evaluate("./str[@name='g']", docs.item(i));
|
||||
|
||||
@@ -151,7 +151,7 @@ public final class CpeMemoryIndex {
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
private Analyzer createIndexingAnalyzer() {
|
||||
final Map fieldAnalyzers = new HashMap();
|
||||
final Map<String,Analyzer> fieldAnalyzers = new HashMap<String, Analyzer>();
|
||||
fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer());
|
||||
return new PerFieldAnalyzerWrapper(new FieldAnalyzer(LuceneUtils.CURRENT_VERSION), fieldAnalyzers);
|
||||
}
|
||||
|
||||
@@ -24,6 +24,7 @@ import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.ObjectInputStream;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -45,21 +46,21 @@ public final class CweDB {
|
||||
/**
|
||||
* A HashMap of the CWE data.
|
||||
*/
|
||||
private static final HashMap<String, String> CWE = loadData();
|
||||
private static final Map<String, String> CWE = loadData();
|
||||
|
||||
/**
|
||||
* Loads a HashMap containing the CWE data from a resource found in the jar.
|
||||
*
|
||||
* @return a HashMap of CWE data
|
||||
*/
|
||||
private static HashMap<String, String> loadData() {
|
||||
private static Map<String, String> loadData() {
|
||||
ObjectInputStream oin = null;
|
||||
try {
|
||||
final String filePath = "data/cwe.hashmap.serialized";
|
||||
final InputStream input = CweDB.class.getClassLoader().getResourceAsStream(filePath);
|
||||
oin = new ObjectInputStream(input);
|
||||
@SuppressWarnings("unchecked")
|
||||
final HashMap<String, String> ret = (HashMap<String, String>) oin.readObject();
|
||||
final Map<String, String> ret = (HashMap<String, String>) oin.readObject();
|
||||
return ret;
|
||||
} catch (ClassNotFoundException ex) {
|
||||
LOGGER.warn("Unable to load CWE data. This should not be an issue.");
|
||||
|
||||
@@ -132,10 +132,10 @@ public class NexusSearch {
|
||||
"/org.sonatype.nexus.rest.model.NexusArtifact/pomLink",
|
||||
doc);
|
||||
final MavenArtifact ma = new MavenArtifact(groupId, artifactId, version);
|
||||
if (link != null && !"".equals(link)) {
|
||||
if (link != null && !link.isEmpty()) {
|
||||
ma.setArtifactUrl(link);
|
||||
}
|
||||
if (pomLink != null && !"".equals(pomLink)) {
|
||||
if (pomLink != null && !pomLink.isEmpty()) {
|
||||
ma.setPomUrl(pomLink);
|
||||
}
|
||||
return ma;
|
||||
|
||||
@@ -340,7 +340,6 @@ public class CveDB {
|
||||
* @throws DatabaseException thrown if there is an exception retrieving data
|
||||
*/
|
||||
public List<Vulnerability> getVulnerabilities(String cpeStr) throws DatabaseException {
|
||||
ResultSet rs = null;
|
||||
final VulnerableSoftware cpe = new VulnerableSoftware();
|
||||
try {
|
||||
cpe.parseName(cpeStr);
|
||||
@@ -350,7 +349,8 @@ public class CveDB {
|
||||
final DependencyVersion detectedVersion = parseDependencyVersion(cpe);
|
||||
final List<Vulnerability> vulnerabilities = new ArrayList<Vulnerability>();
|
||||
|
||||
PreparedStatement ps;
|
||||
PreparedStatement ps = null;
|
||||
ResultSet rs = null;
|
||||
try {
|
||||
ps = getConnection().prepareStatement(statementBundle.getString("SELECT_CVE_FROM_SOFTWARE"));
|
||||
ps.setString(1, cpe.getVendor());
|
||||
@@ -384,12 +384,11 @@ public class CveDB {
|
||||
v.setMatchedCPE(matchedCPE.getKey(), matchedCPE.getValue() ? "Y" : null);
|
||||
vulnerabilities.add(v);
|
||||
}
|
||||
DBUtils.closeResultSet(rs);
|
||||
DBUtils.closeStatement(ps);
|
||||
} catch (SQLException ex) {
|
||||
throw new DatabaseException("Exception retrieving vulnerability for " + cpeStr, ex);
|
||||
} finally {
|
||||
DBUtils.closeResultSet(rs);
|
||||
DBUtils.closeStatement(ps);
|
||||
}
|
||||
return vulnerabilities;
|
||||
}
|
||||
@@ -490,7 +489,7 @@ public class CveDB {
|
||||
deleteReferences = getConnection().prepareStatement(statementBundle.getString("DELETE_REFERENCE"));
|
||||
deleteSoftware = getConnection().prepareStatement(statementBundle.getString("DELETE_SOFTWARE"));
|
||||
updateVulnerability = getConnection().prepareStatement(statementBundle.getString("UPDATE_VULNERABILITY"));
|
||||
final String ids[] = {"id"};
|
||||
final String[] ids = {"id"};
|
||||
insertVulnerability = getConnection().prepareStatement(statementBundle.getString("INSERT_VULNERABILITY"),
|
||||
//Statement.RETURN_GENERATED_KEYS);
|
||||
ids);
|
||||
@@ -767,9 +766,9 @@ public class CveDB {
|
||||
* @return a dependency version
|
||||
*/
|
||||
private DependencyVersion parseDependencyVersion(VulnerableSoftware cpe) {
|
||||
DependencyVersion cpeVersion;
|
||||
final DependencyVersion cpeVersion;
|
||||
if (cpe.getVersion() != null && !cpe.getVersion().isEmpty()) {
|
||||
String versionText;
|
||||
final String versionText;
|
||||
if (cpe.getUpdate() != null && !cpe.getUpdate().isEmpty()) {
|
||||
versionText = String.format("%s.%s", cpe.getVersion(), cpe.getUpdate());
|
||||
} else {
|
||||
@@ -783,6 +782,8 @@ public class CveDB {
|
||||
}
|
||||
|
||||
/**
|
||||
* This method is only referenced in unused code.
|
||||
*
|
||||
* Deletes unused dictionary entries from the database.
|
||||
*/
|
||||
public void deleteUnusedCpe() {
|
||||
@@ -798,6 +799,8 @@ public class CveDB {
|
||||
}
|
||||
|
||||
/**
|
||||
* This method is only referenced in unused code and will likely break on MySQL if ever used due to the MERGE statement.
|
||||
*
|
||||
* Merges CPE entries into the database.
|
||||
*
|
||||
* @param cpe the CPE identifier
|
||||
|
||||
@@ -115,7 +115,7 @@ class DriverShim implements Driver {
|
||||
* @throws SQLFeatureNotSupportedException thrown if the feature is not supported
|
||||
* @see java.sql.Driver#getParentLogger()
|
||||
*/
|
||||
//@Override
|
||||
@Override
|
||||
public java.util.logging.Logger getParentLogger() throws SQLFeatureNotSupportedException {
|
||||
//return driver.getParentLogger();
|
||||
Method m = null;
|
||||
|
||||
@@ -43,6 +43,9 @@ import org.slf4j.LoggerFactory;
|
||||
import org.xml.sax.SAXException;
|
||||
|
||||
/**
|
||||
*
|
||||
* This class is currently unused and if enabled will likely not work on MySQL as the MERGE statement is used.
|
||||
*
|
||||
* The CpeUpdater is designed to download the CPE data file from NIST and import the data into the database. However, as this
|
||||
* currently adds no beneficial data, compared to what is in the CPE data contained in the CVE data files, this class is not
|
||||
* currently used. The code is being kept as a future update may utilize more data from the CPE xml files.
|
||||
|
||||
@@ -28,7 +28,8 @@ import java.util.Set;
|
||||
import java.util.SortedSet;
|
||||
import java.util.TreeSet;
|
||||
|
||||
import org.apache.commons.lang3.ObjectUtils;
|
||||
import org.apache.commons.lang3.builder.EqualsBuilder;
|
||||
import org.apache.commons.lang3.builder.HashCodeBuilder;
|
||||
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
|
||||
import org.owasp.dependencycheck.utils.Checksum;
|
||||
import org.slf4j.Logger;
|
||||
@@ -43,6 +44,10 @@ import org.slf4j.LoggerFactory;
|
||||
*/
|
||||
public class Dependency implements Serializable, Comparable<Dependency> {
|
||||
|
||||
/**
|
||||
* The serial version UID for serialization.
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
/**
|
||||
* The logger.
|
||||
*/
|
||||
@@ -692,6 +697,7 @@ public class Dependency implements Serializable, Comparable<Dependency> {
|
||||
* @param o a dependency to compare
|
||||
* @return an integer representing the natural ordering
|
||||
*/
|
||||
@Override
|
||||
public int compareTo(Dependency o) {
|
||||
return this.getFilePath().compareToIgnoreCase(o.getFilePath());
|
||||
}
|
||||
@@ -708,21 +714,24 @@ public class Dependency implements Serializable, Comparable<Dependency> {
|
||||
return false;
|
||||
}
|
||||
final Dependency other = (Dependency) obj;
|
||||
return ObjectUtils.equals(this.actualFilePath, other.actualFilePath)
|
||||
&& ObjectUtils.equals(this.filePath, other.filePath)
|
||||
&& ObjectUtils.equals(this.fileName, other.fileName)
|
||||
&& ObjectUtils.equals(this.md5sum, other.md5sum)
|
||||
&& ObjectUtils.equals(this.sha1sum, other.sha1sum)
|
||||
&& ObjectUtils.equals(this.identifiers, other.identifiers)
|
||||
&& ObjectUtils.equals(this.vendorEvidence, other.vendorEvidence)
|
||||
&& ObjectUtils.equals(this.productEvidence, other.productEvidence)
|
||||
&& ObjectUtils.equals(this.versionEvidence, other.versionEvidence)
|
||||
&& ObjectUtils.equals(this.description, other.description)
|
||||
&& ObjectUtils.equals(this.license, other.license)
|
||||
&& ObjectUtils.equals(this.vulnerabilities, other.vulnerabilities)
|
||||
//&& ObjectUtils.equals(this.relatedDependencies, other.relatedDependencies)
|
||||
&& ObjectUtils.equals(this.projectReferences, other.projectReferences)
|
||||
&& ObjectUtils.equals(this.availableVersions, other.availableVersions);
|
||||
return new EqualsBuilder()
|
||||
.appendSuper(super.equals(obj))
|
||||
.append(this.actualFilePath, other.actualFilePath)
|
||||
.append(this.filePath, other.filePath)
|
||||
.append(this.fileName, other.fileName)
|
||||
.append(this.md5sum, other.md5sum)
|
||||
.append(this.sha1sum, other.sha1sum)
|
||||
.append(this.identifiers, other.identifiers)
|
||||
.append(this.vendorEvidence, other.vendorEvidence)
|
||||
.append(this.productEvidence, other.productEvidence)
|
||||
.append(this.versionEvidence, other.versionEvidence)
|
||||
.append(this.description, other.description)
|
||||
.append(this.license, other.license)
|
||||
.append(this.vulnerabilities, other.vulnerabilities)
|
||||
//.append(this.relatedDependencies, other.relatedDependencies)
|
||||
.append(this.projectReferences, other.projectReferences)
|
||||
.append(this.availableVersions, other.availableVersions)
|
||||
.isEquals();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -732,15 +741,23 @@ public class Dependency implements Serializable, Comparable<Dependency> {
|
||||
*/
|
||||
@Override
|
||||
public int hashCode() {
|
||||
int hash = MAGIC_HASH_INIT_VALUE;
|
||||
for (Object field : new Object[]{this.actualFilePath, this.filePath, this.fileName, this.md5sum,
|
||||
this.sha1sum, this.identifiers, this.vendorEvidence, this.productEvidence, this.versionEvidence,
|
||||
this.description, this.license, this.vulnerabilities,
|
||||
//this.relatedDependencies,
|
||||
this.projectReferences, this.availableVersions}) {
|
||||
hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(field);
|
||||
}
|
||||
return hash;
|
||||
return new HashCodeBuilder(MAGIC_HASH_INIT_VALUE, MAGIC_HASH_MULTIPLIER)
|
||||
.append(actualFilePath)
|
||||
.append(filePath)
|
||||
.append(fileName)
|
||||
.append(md5sum)
|
||||
.append(sha1sum)
|
||||
.append(identifiers)
|
||||
.append(vendorEvidence)
|
||||
.append(productEvidence)
|
||||
.append(versionEvidence)
|
||||
.append(description)
|
||||
.append(license)
|
||||
.append(vulnerabilities)
|
||||
//.append(relatedDependencies)
|
||||
.append(projectReferences)
|
||||
.append(availableVersions)
|
||||
.toHashCode();
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -19,6 +19,7 @@ package org.owasp.dependencycheck.dependency;
|
||||
|
||||
import org.apache.commons.lang3.ObjectUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.commons.lang3.builder.HashCodeBuilder;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
@@ -29,6 +30,10 @@ import java.io.Serializable;
|
||||
*/
|
||||
public class Evidence implements Serializable, Comparable<Evidence> {
|
||||
|
||||
/**
|
||||
* The serial version UID for serialization.
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
/**
|
||||
* Used as starting point for generating the value in {@link #hashCode()}.
|
||||
*/
|
||||
@@ -194,12 +199,12 @@ public class Evidence implements Serializable, Comparable<Evidence> {
|
||||
*/
|
||||
@Override
|
||||
public int hashCode() {
|
||||
int hash = MAGIC_HASH_INIT_VALUE;
|
||||
hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(StringUtils.lowerCase(this.name));
|
||||
hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(StringUtils.lowerCase(this.source));
|
||||
hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(StringUtils.lowerCase(this.value));
|
||||
hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(this.confidence);
|
||||
return hash;
|
||||
return new HashCodeBuilder(MAGIC_HASH_INIT_VALUE, MAGIC_HASH_MULTIPLIER)
|
||||
.append(StringUtils.lowerCase(name))
|
||||
.append(StringUtils.lowerCase(source))
|
||||
.append(StringUtils.lowerCase(value))
|
||||
.append(confidence)
|
||||
.toHashCode();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -230,6 +235,7 @@ public class Evidence implements Serializable, Comparable<Evidence> {
|
||||
* @param o the evidence being compared
|
||||
* @return an integer indicating the ordering of the two objects
|
||||
*/
|
||||
@Override
|
||||
public int compareTo(Evidence o) {
|
||||
if (o == null) {
|
||||
return 1;
|
||||
|
||||
@@ -39,6 +39,10 @@ import org.slf4j.LoggerFactory;
|
||||
*/
|
||||
public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
|
||||
/**
|
||||
* The serial version UID for serialization.
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
/**
|
||||
* The logger.
|
||||
*/
|
||||
@@ -47,6 +51,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
* Used to iterate over highest confidence evidence contained in the collection.
|
||||
*/
|
||||
private static final Filter<Evidence> HIGHEST_CONFIDENCE = new Filter<Evidence>() {
|
||||
@Override
|
||||
public boolean passes(Evidence evidence) {
|
||||
return evidence.getConfidence() == Confidence.HIGHEST;
|
||||
}
|
||||
@@ -55,6 +60,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
* Used to iterate over high confidence evidence contained in the collection.
|
||||
*/
|
||||
private static final Filter<Evidence> HIGH_CONFIDENCE = new Filter<Evidence>() {
|
||||
@Override
|
||||
public boolean passes(Evidence evidence) {
|
||||
return evidence.getConfidence() == Confidence.HIGH;
|
||||
}
|
||||
@@ -63,6 +69,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
* Used to iterate over medium confidence evidence contained in the collection.
|
||||
*/
|
||||
private static final Filter<Evidence> MEDIUM_CONFIDENCE = new Filter<Evidence>() {
|
||||
@Override
|
||||
public boolean passes(Evidence evidence) {
|
||||
return evidence.getConfidence() == Confidence.MEDIUM;
|
||||
}
|
||||
@@ -71,6 +78,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
* Used to iterate over low confidence evidence contained in the collection.
|
||||
*/
|
||||
private static final Filter<Evidence> LOW_CONFIDENCE = new Filter<Evidence>() {
|
||||
@Override
|
||||
public boolean passes(Evidence evidence) {
|
||||
return evidence.getConfidence() == Confidence.LOW;
|
||||
}
|
||||
@@ -79,6 +87,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
* Used to iterate over evidence that has was used (aka read) from the collection.
|
||||
*/
|
||||
private static final Filter<Evidence> EVIDENCE_USED = new Filter<Evidence>() {
|
||||
@Override
|
||||
public boolean passes(Evidence evidence) {
|
||||
return evidence.isUsed();
|
||||
}
|
||||
@@ -218,6 +227,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
*
|
||||
* @return an Iterator<Evidence>.
|
||||
*/
|
||||
@Override
|
||||
public Iterator<Evidence> iterator() {
|
||||
return list.iterator();
|
||||
}
|
||||
|
||||
@@ -25,6 +25,11 @@ import java.io.Serializable;
|
||||
*/
|
||||
public class Identifier implements Serializable, Comparable<Identifier> {
|
||||
|
||||
/**
|
||||
* The serial version UID for serialization.
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
* Default constructor. Should only be used for automatic class
|
||||
* creation as is the case with many XML parsers (for the parsing
|
||||
@@ -216,6 +221,7 @@ public class Identifier implements Serializable, Comparable<Identifier> {
|
||||
* @param o the object being compared
|
||||
* @return an integer indicating the ordering
|
||||
*/
|
||||
@Override
|
||||
public int compareTo(Identifier o) {
|
||||
if (o == null) {
|
||||
return -1;
|
||||
|
||||
@@ -133,6 +133,7 @@ public class Reference implements Serializable, Comparable<Reference> {
|
||||
* @param o the Reference being compared
|
||||
* @return an integer indicating the ordering of the two objects
|
||||
*/
|
||||
@Override
|
||||
public int compareTo(Reference o) {
|
||||
if (source.equals(o.source)) {
|
||||
if (name.equals(o.name)) {
|
||||
|
||||
@@ -390,6 +390,7 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
|
||||
* @return a negative integer, zero, or a positive integer as this object is less than, equal to, or greater than
|
||||
* the specified vulnerability
|
||||
*/
|
||||
@Override
|
||||
public int compareTo(Vulnerability v) {
|
||||
return v.getName().compareTo(this.getName());
|
||||
}
|
||||
|
||||
@@ -39,6 +39,7 @@ public class VulnerabilityComparator implements Comparator<Vulnerability>, Seria
|
||||
* @param o2 a second vulnerability
|
||||
* @return the comparison
|
||||
*/
|
||||
@Override
|
||||
public int compare(Vulnerability o1, Vulnerability o2) {
|
||||
return o2.getName().compareTo(o1.getName());
|
||||
}
|
||||
|
||||
@@ -46,6 +46,7 @@ public class VelocityLoggerRedirect implements LogChute {
|
||||
*
|
||||
* @param rsvc the RuntimeServices
|
||||
*/
|
||||
@Override
|
||||
public void init(RuntimeServices rsvc) {
|
||||
// do nothing
|
||||
}
|
||||
@@ -57,6 +58,7 @@ public class VelocityLoggerRedirect implements LogChute {
|
||||
* @param level the logging level
|
||||
* @param message the message to be logged
|
||||
*/
|
||||
@Override
|
||||
public void log(int level, String message) {
|
||||
switch (level) {
|
||||
case TRACE_ID:
|
||||
@@ -87,6 +89,7 @@ public class VelocityLoggerRedirect implements LogChute {
|
||||
* @param message the message to be logged
|
||||
* @param t a throwable to log
|
||||
*/
|
||||
@Override
|
||||
public void log(int level, String message, Throwable t) {
|
||||
switch (level) {
|
||||
case TRACE_ID:
|
||||
@@ -115,6 +118,7 @@ public class VelocityLoggerRedirect implements LogChute {
|
||||
* @param level the logging level
|
||||
* @return true
|
||||
*/
|
||||
@Override
|
||||
public boolean isLevelEnabled(int level) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -86,7 +86,7 @@ public class SuppressionHandler extends DefaultHandler {
|
||||
/**
|
||||
* The current node text being extracted from the element.
|
||||
*/
|
||||
private StringBuffer currentText;
|
||||
private StringBuilder currentText;
|
||||
|
||||
/**
|
||||
* Handles the start element event.
|
||||
@@ -100,7 +100,7 @@ public class SuppressionHandler extends DefaultHandler {
|
||||
@Override
|
||||
public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
|
||||
currentAttributes = attributes;
|
||||
currentText = new StringBuffer();
|
||||
currentText = new StringBuilder();
|
||||
if (SUPPRESS.equals(qName)) {
|
||||
rule = new SuppressionRule();
|
||||
final String base = currentAttributes.getValue("base");
|
||||
|
||||
@@ -26,6 +26,11 @@ import java.io.IOException;
|
||||
*/
|
||||
public class SuppressionParseException extends IOException {
|
||||
|
||||
/**
|
||||
* The serial version UID for serialization.
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
* Creates a new SuppressionParseException.
|
||||
*/
|
||||
|
||||
@@ -37,7 +37,7 @@ import org.apache.commons.lang3.StringUtils;
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public class DependencyVersion implements Iterable, Comparable<DependencyVersion> {
|
||||
public class DependencyVersion implements Iterable<String>, Comparable<DependencyVersion> {
|
||||
|
||||
/**
|
||||
* Constructor for a empty DependencyVersion.
|
||||
@@ -103,7 +103,8 @@ public class DependencyVersion implements Iterable, Comparable<DependencyVersion
|
||||
*
|
||||
* @return an iterator for the version parts
|
||||
*/
|
||||
public Iterator iterator() {
|
||||
@Override
|
||||
public Iterator<String> iterator() {
|
||||
return versionParts.iterator();
|
||||
}
|
||||
|
||||
|
||||
@@ -18,7 +18,6 @@
|
||||
package org.owasp.dependencycheck.utils;
|
||||
|
||||
import java.io.BufferedInputStream;
|
||||
import java.io.BufferedOutputStream;
|
||||
import java.io.Closeable;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
@@ -26,13 +25,13 @@ import java.io.FileNotFoundException;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.FilenameFilter;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.zip.ZipEntry;
|
||||
import java.util.zip.ZipInputStream;
|
||||
|
||||
import org.apache.commons.compress.archivers.ArchiveEntry;
|
||||
import org.apache.commons.compress.archivers.ArchiveInputStream;
|
||||
import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream;
|
||||
import org.apache.commons.compress.utils.IOUtils;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||
import org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException;
|
||||
@@ -50,10 +49,6 @@ public final class ExtractionUtil {
|
||||
* The logger.
|
||||
*/
|
||||
private static final Logger LOGGER = LoggerFactory.getLogger(ExtractionUtil.class);
|
||||
/**
|
||||
* The buffer size to use when extracting files from the archive.
|
||||
*/
|
||||
private static final int BUFFER_SIZE = 4096;
|
||||
|
||||
/**
|
||||
* Private constructor for a utility class.
|
||||
@@ -108,12 +103,10 @@ public final class ExtractionUtil {
|
||||
} else {
|
||||
final File file = new File(extractTo, entry.getName());
|
||||
if (engine == null || engine.accept(file)) {
|
||||
BufferedOutputStream bos = null;
|
||||
FileOutputStream fos;
|
||||
FileOutputStream fos = null;
|
||||
try {
|
||||
fos = new FileOutputStream(file);
|
||||
bos = new BufferedOutputStream(fos, BUFFER_SIZE);
|
||||
transferUsingBuffer(zis, bos);
|
||||
IOUtils.copy(zis, fos);
|
||||
} catch (FileNotFoundException ex) {
|
||||
LOGGER.debug("", ex);
|
||||
final String msg = String.format("Unable to find file '%s'.", file.getName());
|
||||
@@ -123,7 +116,7 @@ public final class ExtractionUtil {
|
||||
final String msg = String.format("IO Exception while parsing file '%s'.", file.getName());
|
||||
throw new ExtractionException(msg, ex);
|
||||
} finally {
|
||||
closeStream(bos);
|
||||
closeStream(fos);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -225,13 +218,11 @@ public final class ExtractionUtil {
|
||||
if (filter.accept(file.getParentFile(), file.getName())) {
|
||||
LOGGER.debug("Extracting '{}'",
|
||||
file.getPath());
|
||||
BufferedOutputStream bos = null;
|
||||
FileOutputStream fos = null;
|
||||
try {
|
||||
createParentFile(file);
|
||||
fos = new FileOutputStream(file);
|
||||
bos = new BufferedOutputStream(fos, BUFFER_SIZE);
|
||||
transferUsingBuffer(input, bos);
|
||||
IOUtils.copy(input, fos);
|
||||
} catch (FileNotFoundException ex) {
|
||||
LOGGER.debug("", ex);
|
||||
final String msg = String.format("Unable to find file '%s'.",
|
||||
@@ -244,29 +235,11 @@ public final class ExtractionUtil {
|
||||
file.getName());
|
||||
throw new ExtractionException(msg, ex);
|
||||
} finally {
|
||||
closeStream(bos);
|
||||
closeStream(fos);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Transfers data from one stream to another using a buffer.
|
||||
*
|
||||
* @param input the input stream
|
||||
* @param bos the output stream
|
||||
* @throws IOException thrown if there is an error reading/writing to the streams
|
||||
*/
|
||||
private static void transferUsingBuffer(InputStream input,
|
||||
BufferedOutputStream bos) throws IOException {
|
||||
int count;
|
||||
final byte[] data = new byte[BUFFER_SIZE];
|
||||
while ((count = input.read(data, 0, BUFFER_SIZE)) != -1) {
|
||||
bos.write(data, 0, count);
|
||||
}
|
||||
bos.flush();
|
||||
}
|
||||
|
||||
/**
|
||||
* Closes the stream.
|
||||
*
|
||||
|
||||
@@ -23,6 +23,7 @@ public abstract class Filter<T> {
|
||||
public Iterable<T> filter(final Iterable<T> iterable) {
|
||||
return new Iterable<T>() {
|
||||
|
||||
@Override
|
||||
public Iterator<T> iterator() {
|
||||
return filter(iterable.iterator());
|
||||
}
|
||||
@@ -39,10 +40,12 @@ public abstract class Filter<T> {
|
||||
toNext();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasNext() {
|
||||
return next != null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public T next() {
|
||||
if (next == null) {
|
||||
throw new NoSuchElementException();
|
||||
@@ -52,6 +55,7 @@ public abstract class Filter<T> {
|
||||
return returnValue;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void remove() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
@@ -100,7 +100,7 @@ public class PomHandler extends DefaultHandler {
|
||||
/**
|
||||
* The current node text being extracted from the element.
|
||||
*/
|
||||
private StringBuffer currentText;
|
||||
private StringBuilder currentText;
|
||||
|
||||
/**
|
||||
* Handles the start element event.
|
||||
@@ -113,7 +113,7 @@ public class PomHandler extends DefaultHandler {
|
||||
*/
|
||||
@Override
|
||||
public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
|
||||
currentText = new StringBuffer();
|
||||
currentText = new StringBuilder();
|
||||
stack.push(qName);
|
||||
if (LICENSE.equals(qName)) {
|
||||
license = new License();
|
||||
|
||||
@@ -26,6 +26,11 @@ import java.io.IOException;
|
||||
*/
|
||||
public class PomParseException extends IOException {
|
||||
|
||||
/**
|
||||
* The serial version UID for serialization.
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
* Creates a new SuppressionParseException.
|
||||
*/
|
||||
|
||||
@@ -35,5 +35,6 @@ INSERT_PROPERTY=INSERT INTO properties (id, value) VALUES (?, ?)
|
||||
UPDATE_PROPERTY=UPDATE properties SET value = ? WHERE id = ?
|
||||
DELETE_PROPERTY=DELETE FROM properties WHERE id = ?
|
||||
|
||||
#the following two statements are unused and are only referenecd in dead code
|
||||
DELETE_UNUSED_DICT_CPE=DELETE FROM cpeEntry WHERE dictionaryEntry=true AND id NOT IN (SELECT cpeEntryId FROM software)
|
||||
ADD_DICT_CPE=MERGE INTO cpeEntry (cpe, vendor, product, dictionaryEntry) KEY(cpe) VALUES(?,?,?,true)
|
||||
|
||||
@@ -56,6 +56,13 @@
|
||||
<cpe>cpe:/a:oracle:glassfish</cpe>
|
||||
<cpe>cpe:/a:oracle:oracle_client</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
Suppresses false positives on glassfish
|
||||
]]></notes>
|
||||
<gav regex="true">org\.glassfish:.*(json|faces).*</gav>
|
||||
<cpe>cpe:/a:oracle:glassfish</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
Suppresses false positives on the grizzly-framework
|
||||
|
||||
@@ -52,6 +52,7 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
|
||||
*
|
||||
* @throws Exception if there is a problem
|
||||
*/
|
||||
@Override
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
super.setUp();
|
||||
|
||||
@@ -17,14 +17,8 @@
|
||||
*/
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import java.io.File;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
/**
|
||||
*
|
||||
|
||||
@@ -23,8 +23,6 @@ import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.dependency.Evidence;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
@@ -17,39 +17,14 @@
|
||||
*/
|
||||
package org.owasp.dependencycheck.data.cpe;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public class IndexEntryTest extends TestCase {
|
||||
|
||||
@BeforeClass
|
||||
public static void setUpClass() throws Exception {
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
public static void tearDownClass() throws Exception {
|
||||
}
|
||||
|
||||
@Before
|
||||
@Override
|
||||
public void setUp() throws Exception {
|
||||
super.setUp();
|
||||
}
|
||||
|
||||
@After
|
||||
@Override
|
||||
public void tearDown() throws Exception {
|
||||
super.tearDown();
|
||||
}
|
||||
public class IndexEntryTest {
|
||||
|
||||
/**
|
||||
* Test of setName method, of class IndexEntry.
|
||||
|
||||
@@ -47,11 +47,13 @@ public class TokenPairConcatenatingFilterTest extends BaseTokenStreamTestCase {
|
||||
public static void tearDownClass() {
|
||||
}
|
||||
|
||||
@Override
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
super.setUp();
|
||||
}
|
||||
|
||||
@Override
|
||||
@After
|
||||
public void tearDown() throws Exception {
|
||||
super.tearDown();
|
||||
|
||||
@@ -18,7 +18,6 @@
|
||||
package org.owasp.dependencycheck.data.nuget;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.File;
|
||||
import java.io.InputStream;
|
||||
import java.io.PrintStream;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
@@ -19,6 +19,7 @@ package org.owasp.dependencycheck.data.nvdcve;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Map.Entry;
|
||||
import java.util.Set;
|
||||
import org.junit.Assert;
|
||||
@@ -121,7 +122,7 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
|
||||
@Test
|
||||
public void testGetMatchingSoftware() throws Exception {
|
||||
CveDB instance = null;
|
||||
HashMap<String, Boolean> versions = new HashMap<String, Boolean>();
|
||||
Map<String, Boolean> versions = new HashMap<String, Boolean>();
|
||||
DependencyVersion identifiedVersion = new DependencyVersion("1.0.1o");
|
||||
versions.put("cpe:/a:openssl:openssl:1.0.1e", Boolean.FALSE);
|
||||
try {
|
||||
|
||||
@@ -15,12 +15,7 @@
|
||||
*/
|
||||
package org.owasp.dependencycheck.data.update;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import static org.junit.Assert.*;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
|
||||
/**
|
||||
|
||||
@@ -20,13 +20,9 @@ package org.owasp.dependencycheck.suppression;
|
||||
import java.io.File;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
@@ -40,25 +36,6 @@ import org.owasp.dependencycheck.dependency.Vulnerability;
|
||||
*/
|
||||
public class SuppressionRuleTest {
|
||||
|
||||
public SuppressionRuleTest() {
|
||||
}
|
||||
|
||||
@BeforeClass
|
||||
public static void setUpClass() {
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
public static void tearDownClass() {
|
||||
}
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
}
|
||||
|
||||
@After
|
||||
public void tearDown() {
|
||||
}
|
||||
|
||||
//<editor-fold defaultstate="collapsed" desc="Stupid tests of properties">
|
||||
/**
|
||||
* Test of FilePath property, of class SuppressionRule.
|
||||
@@ -91,7 +68,7 @@ public class SuppressionRuleTest {
|
||||
@Test
|
||||
public void testCpe() {
|
||||
SuppressionRule instance = new SuppressionRule();
|
||||
ArrayList<PropertyType> cpe = new ArrayList<PropertyType>();
|
||||
List<PropertyType> cpe = new ArrayList<PropertyType>();
|
||||
instance.setCpe(cpe);
|
||||
assertFalse(instance.hasCpe());
|
||||
PropertyType pt = new PropertyType();
|
||||
@@ -109,7 +86,7 @@ public class SuppressionRuleTest {
|
||||
@Test
|
||||
public void testGetCvssBelow() {
|
||||
SuppressionRule instance = new SuppressionRule();
|
||||
ArrayList<Float> cvss = new ArrayList<Float>();
|
||||
List<Float> cvss = new ArrayList<Float>();
|
||||
instance.setCvssBelow(cvss);
|
||||
assertFalse(instance.hasCvssBelow());
|
||||
instance.addCvssBelow(0.7f);
|
||||
@@ -124,7 +101,7 @@ public class SuppressionRuleTest {
|
||||
@Test
|
||||
public void testCwe() {
|
||||
SuppressionRule instance = new SuppressionRule();
|
||||
ArrayList<String> cwe = new ArrayList<String>();
|
||||
List<String> cwe = new ArrayList<String>();
|
||||
instance.setCwe(cwe);
|
||||
assertFalse(instance.hasCwe());
|
||||
instance.addCwe("2");
|
||||
@@ -139,7 +116,7 @@ public class SuppressionRuleTest {
|
||||
@Test
|
||||
public void testCve() {
|
||||
SuppressionRule instance = new SuppressionRule();
|
||||
ArrayList<String> cve = new ArrayList<String>();
|
||||
List<String> cve = new ArrayList<String>();
|
||||
instance.setCve(cve);
|
||||
assertFalse(instance.hasCve());
|
||||
instance.addCve("CVE-2013-1337");
|
||||
|
||||
@@ -20,13 +20,9 @@ package org.owasp.dependencycheck.utils;
|
||||
import java.util.Arrays;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import static org.junit.Assert.assertArrayEquals;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
|
||||
/**
|
||||
@@ -35,25 +31,6 @@ import org.junit.Test;
|
||||
*/
|
||||
public class DependencyVersionTest {
|
||||
|
||||
public DependencyVersionTest() {
|
||||
}
|
||||
|
||||
@BeforeClass
|
||||
public static void setUpClass() {
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
public static void tearDownClass() {
|
||||
}
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
}
|
||||
|
||||
@After
|
||||
public void tearDown() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of parseVersion method, of class DependencyVersion.
|
||||
*/
|
||||
@@ -73,6 +50,7 @@ public class DependencyVersionTest {
|
||||
assertEquals(2, parts.size());
|
||||
assertEquals("x6", parts.get(0));
|
||||
assertEquals("0", parts.get(1));
|
||||
// TODO(code review): should this be here/do something?
|
||||
//assertEquals("0", parts.get(2));
|
||||
|
||||
}
|
||||
@@ -84,6 +62,7 @@ public class DependencyVersionTest {
|
||||
public void testIterator() {
|
||||
DependencyVersion instance = new DependencyVersion("1.2.3");
|
||||
Iterator result = instance.iterator();
|
||||
assertTrue(result.hasNext());
|
||||
int count = 1;
|
||||
while (result.hasNext()) {
|
||||
String v = (String) result.next();
|
||||
@@ -155,7 +134,6 @@ public class DependencyVersionTest {
|
||||
public void testCompareTo() {
|
||||
DependencyVersion instance = new DependencyVersion("1.2.3");
|
||||
DependencyVersion version = new DependencyVersion("1.2.3");
|
||||
int expResult = 0;
|
||||
assertEquals(0, instance.compareTo(version));
|
||||
version = new DependencyVersion("1.1");
|
||||
assertEquals(1, instance.compareTo(version));
|
||||
@@ -204,7 +182,7 @@ public class DependencyVersionTest {
|
||||
DependencyVersion instance = new DependencyVersion();
|
||||
List<String> versionParts = Arrays.asList("1", "1", "1");
|
||||
instance.setVersionParts(versionParts);
|
||||
List<String> expResult = Arrays.asList("1", "1", "1");;
|
||||
List<String> expResult = Arrays.asList("1", "1", "1");
|
||||
List<String> result = instance.getVersionParts();
|
||||
assertEquals(expResult, result);
|
||||
}
|
||||
|
||||
@@ -64,6 +64,7 @@ public class FilterTest {
|
||||
}
|
||||
private static final Filter<String> TEST_FILTER
|
||||
= new Filter<String>() {
|
||||
@Override
|
||||
public boolean passes(String str) {
|
||||
return str.contains("keep");
|
||||
}
|
||||
|
||||
@@ -18,10 +18,7 @@ package org.owasp.dependencycheck.xml.pom;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Properties;
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
|
||||
import org.junit.Test;
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
|
||||
@@ -15,18 +15,11 @@
|
||||
*/
|
||||
package org.owasp.dependencycheck.xml.pom;
|
||||
|
||||
import org.owasp.dependencycheck.xml.pom.PomUtils;
|
||||
import java.io.File;
|
||||
import javax.xml.transform.sax.SAXSource;
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
|
||||
import org.junit.Test;
|
||||
import static org.junit.Assert.*;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.xml.pom.Model;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -34,25 +27,6 @@ import org.owasp.dependencycheck.xml.pom.Model;
|
||||
*/
|
||||
public class PomUtilsTest {
|
||||
|
||||
public PomUtilsTest() {
|
||||
}
|
||||
|
||||
@BeforeClass
|
||||
public static void setUpClass() {
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
public static void tearDownClass() {
|
||||
}
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
}
|
||||
|
||||
@After
|
||||
public void tearDown() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of readPom method, of class PomUtils.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user