resolve merge conflict and update test cases

2026-03-14 14:11:35 +01:00 · 2017-09-30 07:27:44 -04:00
parent 1be196698d 1bfd2d7ac1
commit 3b019d173c
8 changed files with 98 additions and 12 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -280,7 +280,7 @@ public class Engine implements FileFilter, AutoCloseable {
        } catch (InvalidSettingException ex) {
            LOGGER.trace("Experimenal setting not configured; defaulting to false");
        }
-        final AnalyzerService service = new AnalyzerService(serviceClassLoader, loadExperimental);
+        final AnalyzerService service = new AnalyzerService(serviceClassLoader, settings);
        final List<Analyzer> iterator = service.getAnalyzers(mode.getPhases());
        for (Analyzer a : iterator) {
            a.initialize(this.settings);
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java
@@ -25,6 +25,8 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.ServiceLoader;
 import javax.annotation.concurrent.ThreadSafe;
+import org.owasp.dependencycheck.utils.InvalidSettingException;
+import org.owasp.dependencycheck.utils.Settings;

 /**
 * The Analyzer Service Loader. This class loads all services that implement
@@ -47,18 +49,18 @@ public class AnalyzerService {
    /**
     * The configured settings.
     */
-    private final boolean loadExperimental;
+    private final Settings settings;

    /**
     * Creates a new instance of AnalyzerService.
     *
     * @param classLoader the ClassLoader to use when dynamically loading
     * Analyzer and Update services
-     * @param loadExperimental whether or not to load the experimental analyzers
+     * @param settings the configured settings
     */
-    public AnalyzerService(ClassLoader classLoader, boolean loadExperimental) {
-        this.loadExperimental = loadExperimental;
+    public AnalyzerService(ClassLoader classLoader, Settings settings) {
        service = ServiceLoader.load(Analyzer.class, classLoader);
+        this.settings = settings;
    }

    /**
@@ -91,12 +93,23 @@ public class AnalyzerService {
    private List<Analyzer> getAnalyzers(List<AnalysisPhase> phases) {
        final List<Analyzer> analyzers = new ArrayList<>();
        final Iterator<Analyzer> iterator = service.iterator();
+        boolean experimentalEnabled = false;
+        boolean retiredEnabled = false;
+        try {
+            experimentalEnabled = settings.getBoolean(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, false);
+            retiredEnabled = settings.getBoolean(Settings.KEYS.ANALYZER_RETIRED_ENABLED, false);
+        } catch (InvalidSettingException ex) {
+            LOGGER.error("invalid experimental or retired setting", ex);
+        }
        while (iterator.hasNext()) {
            final Analyzer a = iterator.next();
            if (!phases.contains(a.getAnalysisPhase())) {
                continue;
            }
-            if (!loadExperimental && a.getClass().isAnnotationPresent(Experimental.class)) {
+            if (!experimentalEnabled && a.getClass().isAnnotationPresent(Experimental.class)) {
+                continue;
+            }
+            if (!retiredEnabled && a.getClass().isAnnotationPresent(Retired.class)) {
                continue;
            }
            LOGGER.debug("Loaded Analyzer {}", a.getName());
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
@@ -47,8 +47,8 @@ import org.owasp.dependencycheck.dependency.EvidenceType;
 *
 * @author Dale Visser
 */
-@Experimental
@ThreadSafe
+@Retired
 public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {

    /**
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/Retired.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/Retired.java
@@ -0,0 +1,34 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2017 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.analyzer;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * Annotation used to flag an analyzer as retired.
+ *
+ * @author Steve Springett
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.TYPE)
+public @interface Retired {
+
+}
--- a/dependency-check-core/src/main/resources/dependencycheck.properties
+++ b/dependency-check-core/src/main/resources/dependencycheck.properties
@@ -88,7 +88,10 @@ archive.scan.depth=3
 downloader.quick.query.timestamp=true
 downloader.tls.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3

+# defines if the experimental and retired analyzers can be enabled
 analyzer.experimental.enabled=false
+analyzer.retired.enabled=false
+
 analyzer.jar.enabled=true
 analyzer.archive.enabled=true
 analyzer.node.package.enabled=true