mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-22 09:09:31 +01:00
Merge branch 'bootclasspath_fixes' of https://github.com/anderruiz/DependencyCheck into anderruiz-bootclasspath_fixes
This commit is contained in:
Jeremy Long
@@ -107,7 +107,7 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
|
|||||||
final SuppressionParser parser = new SuppressionParser();
|
final SuppressionParser parser = new SuppressionParser();
|
||||||
File file = null;
|
File file = null;
|
||||||
try {
|
try {
|
||||||
final InputStream in = this.getClass().getClassLoader().getResourceAsStream("dependencycheck-base-suppression.xml");
|
final InputStream in = FileUtils.getResourceAsStream("dependencycheck-base-suppression.xml");
|
||||||
rules = parser.parseSuppressionRules(in);
|
rules = parser.parseSuppressionRules(in);
|
||||||
} catch (SAXException ex) {
|
} catch (SAXException ex) {
|
||||||
throw new SuppressionParseException("Unable to parse the base suppression data file", ex);
|
throw new SuppressionParseException("Unable to parse the base suppression data file", ex);
|
||||||
@@ -132,7 +132,7 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
|
|||||||
file = new File(suppressionFilePath);
|
file = new File(suppressionFilePath);
|
||||||
|
|
||||||
if (!file.exists()) {
|
if (!file.exists()) {
|
||||||
try (InputStream suppressionsFromClasspath = this.getClass().getClassLoader().getResourceAsStream(suppressionFilePath)) {
|
try (InputStream suppressionsFromClasspath = FileUtils.getResourceAsStream(suppressionFilePath)) {
|
||||||
if (suppressionsFromClasspath != null) {
|
if (suppressionsFromClasspath != null) {
|
||||||
deleteTempFile = true;
|
deleteTempFile = true;
|
||||||
file = FileUtils.getTempFile("suppression", "xml");
|
file = FileUtils.getTempFile("suppression", "xml");
|
||||||
|
|||||||
@@ -30,6 +30,7 @@ import org.owasp.dependencycheck.dependency.Confidence;
|
|||||||
import org.owasp.dependencycheck.dependency.Dependency;
|
import org.owasp.dependencycheck.dependency.Dependency;
|
||||||
import org.owasp.dependencycheck.dependency.Evidence;
|
import org.owasp.dependencycheck.dependency.Evidence;
|
||||||
import org.owasp.dependencycheck.utils.FileFilterBuilder;
|
import org.owasp.dependencycheck.utils.FileFilterBuilder;
|
||||||
|
import org.owasp.dependencycheck.utils.FileUtils;
|
||||||
import org.owasp.dependencycheck.utils.Settings;
|
import org.owasp.dependencycheck.utils.Settings;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
@@ -208,10 +209,9 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
throw new InitializationException("Unable to create temporary file for the assembly analyzer", ex);
|
throw new InitializationException("Unable to create temporary file for the assembly analyzer", ex);
|
||||||
}
|
}
|
||||||
try (FileOutputStream fos = new FileOutputStream(tempFile);
|
try (FileOutputStream fos = new FileOutputStream(tempFile);
|
||||||
InputStream is = AssemblyAnalyzer.class.getClassLoader().getResourceAsStream("GrokAssembly.exe");
|
InputStream is = FileUtils.getResourceAsStream("GrokAssembly.exe");
|
||||||
FileOutputStream fosCfg = new FileOutputStream(cfg);
|
FileOutputStream fosCfg = new FileOutputStream(cfg);
|
||||||
InputStream isCfg = AssemblyAnalyzer.class.getClassLoader().getResourceAsStream("GrokAssembly.exe.config")) {
|
InputStream isCfg = FileUtils.getResourceAsStream("GrokAssembly.exe.config")) {
|
||||||
IOUtils.copy(is, fos);
|
|
||||||
grokAssemblyExe = tempFile;
|
grokAssemblyExe = tempFile;
|
||||||
LOGGER.debug("Extracted GrokAssembly.exe to {}", grokAssemblyExe.getPath());
|
LOGGER.debug("Extracted GrokAssembly.exe to {}", grokAssemblyExe.getPath());
|
||||||
IOUtils.copy(isCfg, fosCfg);
|
IOUtils.copy(isCfg, fosCfg);
|
||||||
|
|||||||
@@ -219,7 +219,7 @@ public class HintAnalyzer extends AbstractAnalyzer {
|
|||||||
final HintParser parser = new HintParser();
|
final HintParser parser = new HintParser();
|
||||||
File file = null;
|
File file = null;
|
||||||
try {
|
try {
|
||||||
hints = parser.parseHints(this.getClass().getClassLoader().getResourceAsStream(HINT_RULE_FILE_NAME));
|
hints = parser.parseHints(FileUtils.getResourceAsStream(HINT_RULE_FILE_NAME));
|
||||||
} catch (HintParseException | SAXException ex) {
|
} catch (HintParseException | SAXException ex) {
|
||||||
LOGGER.error("Unable to parse the base hint data file");
|
LOGGER.error("Unable to parse the base hint data file");
|
||||||
LOGGER.debug("Unable to parse the base hint data file", ex);
|
LOGGER.debug("Unable to parse the base hint data file", ex);
|
||||||
@@ -243,7 +243,7 @@ public class HintAnalyzer extends AbstractAnalyzer {
|
|||||||
} else {
|
} else {
|
||||||
file = new File(filePath);
|
file = new File(filePath);
|
||||||
if (!file.exists()) {
|
if (!file.exists()) {
|
||||||
try (InputStream fromClasspath = this.getClass().getClassLoader().getResourceAsStream(filePath)) {
|
try (InputStream fromClasspath = FileUtils.getResourceAsStream(filePath)) {
|
||||||
if (fromClasspath != null) {
|
if (fromClasspath != null) {
|
||||||
deleteTempFile = true;
|
deleteTempFile = true;
|
||||||
file = FileUtils.getTempFile("hint", "xml");
|
file = FileUtils.getTempFile("hint", "xml");
|
||||||
|
|||||||
@@ -17,6 +17,7 @@
|
|||||||
*/
|
*/
|
||||||
package org.owasp.dependencycheck.data.cwe;
|
package org.owasp.dependencycheck.data.cwe;
|
||||||
|
|
||||||
|
import org.owasp.dependencycheck.utils.FileUtils;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
@@ -55,7 +56,7 @@ public final class CweDB {
|
|||||||
*/
|
*/
|
||||||
private static Map<String, String> loadData() {
|
private static Map<String, String> loadData() {
|
||||||
final String filePath = "data/cwe.hashmap.serialized";
|
final String filePath = "data/cwe.hashmap.serialized";
|
||||||
try (InputStream input = CweDB.class.getClassLoader().getResourceAsStream(filePath);
|
try (InputStream input = FileUtils.getResourceAsStream(filePath);
|
||||||
ObjectInputStream oin = new ObjectInputStream(input)) {
|
ObjectInputStream oin = new ObjectInputStream(input)) {
|
||||||
|
|
||||||
final Map<String, String> ret = (HashMap<String, String>) oin.readObject();
|
final Map<String, String> ret = (HashMap<String, String>) oin.readObject();
|
||||||
|
|||||||
@@ -31,6 +31,7 @@ import org.apache.commons.io.IOUtils;
|
|||||||
import org.owasp.dependencycheck.utils.DBUtils;
|
import org.owasp.dependencycheck.utils.DBUtils;
|
||||||
import org.owasp.dependencycheck.utils.DependencyVersion;
|
import org.owasp.dependencycheck.utils.DependencyVersion;
|
||||||
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
|
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
|
||||||
|
import org.owasp.dependencycheck.utils.FileUtils;
|
||||||
import org.owasp.dependencycheck.utils.Settings;
|
import org.owasp.dependencycheck.utils.Settings;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
@@ -277,7 +278,7 @@ public final class ConnectionFactory {
|
|||||||
LOGGER.debug("Creating database structure");
|
LOGGER.debug("Creating database structure");
|
||||||
InputStream is = null;
|
InputStream is = null;
|
||||||
try {
|
try {
|
||||||
is = ConnectionFactory.class.getClassLoader().getResourceAsStream(DB_STRUCTURE_RESOURCE);
|
is = FileUtils.getResourceAsStream(DB_STRUCTURE_RESOURCE);
|
||||||
final String dbStructure = IOUtils.toString(is, "UTF-8");
|
final String dbStructure = IOUtils.toString(is, "UTF-8");
|
||||||
|
|
||||||
Statement statement = null;
|
Statement statement = null;
|
||||||
@@ -325,7 +326,7 @@ public final class ConnectionFactory {
|
|||||||
String updateFile = null;
|
String updateFile = null;
|
||||||
try {
|
try {
|
||||||
updateFile = String.format(DB_STRUCTURE_UPDATE_RESOURCE, currentDbVersion.toString());
|
updateFile = String.format(DB_STRUCTURE_UPDATE_RESOURCE, currentDbVersion.toString());
|
||||||
is = ConnectionFactory.class.getClassLoader().getResourceAsStream(updateFile);
|
is = FileUtils.getResourceAsStream(updateFile);
|
||||||
if (is == null) {
|
if (is == null) {
|
||||||
throw new DatabaseException(String.format("Unable to load update file '%s'", updateFile));
|
throw new DatabaseException(String.format("Unable to load update file '%s'", updateFile));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -203,8 +203,8 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
|
|||||||
* Attempts to delete the files that were downloaded.
|
* Attempts to delete the files that were downloaded.
|
||||||
*/
|
*/
|
||||||
public void cleanup() {
|
public void cleanup() {
|
||||||
if (first != null && first.exists() && first.delete()) {
|
if (first != null && first.exists() && !first.delete()) {
|
||||||
LOGGER.debug("Failed to delete first temporary file {}", second.toString());
|
LOGGER.debug("Failed to delete first temporary file {}", first.toString());
|
||||||
first.deleteOnExit();
|
first.deleteOnExit();
|
||||||
}
|
}
|
||||||
if (second != null && second.exists() && !second.delete()) {
|
if (second != null && second.exists() && !second.delete()) {
|
||||||
|
|||||||
@@ -46,6 +46,7 @@ import org.owasp.dependencycheck.analyzer.Analyzer;
|
|||||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
|
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
|
||||||
import org.owasp.dependencycheck.dependency.Dependency;
|
import org.owasp.dependencycheck.dependency.Dependency;
|
||||||
import org.owasp.dependencycheck.exception.ReportException;
|
import org.owasp.dependencycheck.exception.ReportException;
|
||||||
|
import org.owasp.dependencycheck.utils.FileUtils;
|
||||||
import org.owasp.dependencycheck.utils.Settings;
|
import org.owasp.dependencycheck.utils.Settings;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
@@ -339,11 +340,11 @@ public class ReportGenerator {
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
logTag = "templates/" + templateName + ".vsl";
|
logTag = "templates/" + templateName + ".vsl";
|
||||||
input = this.getClass().getClassLoader().getResourceAsStream(logTag);
|
input = FileUtils.getResourceAsStream(logTag);
|
||||||
}
|
}
|
||||||
if (input == null) {
|
if (input == null) {
|
||||||
logTag = templateName;
|
logTag = templateName;
|
||||||
input = this.getClass().getClassLoader().getResourceAsStream(templateName);
|
input = FileUtils.getResourceAsStream(templateName);
|
||||||
}
|
}
|
||||||
if (input == null) {
|
if (input == null) {
|
||||||
throw new ReportException("Template file doesn't exist: " + logTag);
|
throw new ReportException("Template file doesn't exist: " + logTag);
|
||||||
|
|||||||
@@ -26,6 +26,8 @@ import java.io.InputStreamReader;
|
|||||||
import java.io.Reader;
|
import java.io.Reader;
|
||||||
import javax.xml.parsers.ParserConfigurationException;
|
import javax.xml.parsers.ParserConfigurationException;
|
||||||
import javax.xml.parsers.SAXParser;
|
import javax.xml.parsers.SAXParser;
|
||||||
|
|
||||||
|
import org.owasp.dependencycheck.utils.FileUtils;
|
||||||
import org.owasp.dependencycheck.utils.XmlUtils;
|
import org.owasp.dependencycheck.utils.XmlUtils;
|
||||||
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
@@ -120,7 +122,7 @@ public class HintParser {
|
|||||||
* @throws SAXException thrown if the XML cannot be parsed
|
* @throws SAXException thrown if the XML cannot be parsed
|
||||||
*/
|
*/
|
||||||
private Hints parseHints(InputStream inputStream, String schema) throws HintParseException, SAXException {
|
private Hints parseHints(InputStream inputStream, String schema) throws HintParseException, SAXException {
|
||||||
try (InputStream schemaStream = this.getClass().getClassLoader().getResourceAsStream(schema)) {
|
try (InputStream schemaStream = FileUtils.getResourceAsStream(schema)) {
|
||||||
final HintHandler handler = new HintHandler();
|
final HintHandler handler = new HintHandler();
|
||||||
final SAXParser saxParser = XmlUtils.buildSecureSaxParser(schemaStream);
|
final SAXParser saxParser = XmlUtils.buildSecureSaxParser(schemaStream);
|
||||||
final XMLReader xmlReader = saxParser.getXMLReader();
|
final XMLReader xmlReader = saxParser.getXMLReader();
|
||||||
|
|||||||
@@ -27,6 +27,8 @@ import java.io.Reader;
|
|||||||
import java.util.List;
|
import java.util.List;
|
||||||
import javax.xml.parsers.ParserConfigurationException;
|
import javax.xml.parsers.ParserConfigurationException;
|
||||||
import javax.xml.parsers.SAXParser;
|
import javax.xml.parsers.SAXParser;
|
||||||
|
|
||||||
|
import org.owasp.dependencycheck.utils.FileUtils;
|
||||||
import org.owasp.dependencycheck.utils.XmlUtils;
|
import org.owasp.dependencycheck.utils.XmlUtils;
|
||||||
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
@@ -104,7 +106,7 @@ public class SuppressionParser {
|
|||||||
* @throws SAXException thrown if the XML cannot be parsed
|
* @throws SAXException thrown if the XML cannot be parsed
|
||||||
*/
|
*/
|
||||||
private List<SuppressionRule> parseSuppressionRules(InputStream inputStream, String schema) throws SuppressionParseException, SAXException {
|
private List<SuppressionRule> parseSuppressionRules(InputStream inputStream, String schema) throws SuppressionParseException, SAXException {
|
||||||
try (InputStream schemaStream = this.getClass().getClassLoader().getResourceAsStream(schema)) {
|
try (InputStream schemaStream = FileUtils.getResourceAsStream(schema)) {
|
||||||
final SuppressionHandler handler = new SuppressionHandler();
|
final SuppressionHandler handler = new SuppressionHandler();
|
||||||
final SAXParser saxParser = XmlUtils.buildSecureSaxParser(schemaStream);
|
final SAXParser saxParser = XmlUtils.buildSecureSaxParser(schemaStream);
|
||||||
final XMLReader xmlReader = saxParser.getXMLReader();
|
final XMLReader xmlReader = saxParser.getXMLReader();
|
||||||
|
|||||||
@@ -24,6 +24,7 @@ import org.slf4j.LoggerFactory;
|
|||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
import org.apache.commons.lang3.SystemUtils;
|
import org.apache.commons.lang3.SystemUtils;
|
||||||
|
|
||||||
@@ -148,4 +149,13 @@ public final class FileUtils {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets the {@link InputStream} for this resource
|
||||||
|
* @param resource path
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
public static InputStream getResourceAsStream(String resource) {
|
||||||
|
return FileUtils.class.getClassLoader()!=null?FileUtils.class.getClassLoader().getResourceAsStream(resource):ClassLoader.getSystemResourceAsStream(resource);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -29,6 +29,7 @@ import java.io.PrintWriter;
|
|||||||
import java.io.StringWriter;
|
import java.io.StringWriter;
|
||||||
import java.io.UnsupportedEncodingException;
|
import java.io.UnsupportedEncodingException;
|
||||||
import java.net.URLDecoder;
|
import java.net.URLDecoder;
|
||||||
|
import java.security.ProtectionDomain;
|
||||||
import java.util.Enumeration;
|
import java.util.Enumeration;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
|
|
||||||
@@ -448,7 +449,7 @@ public final class Settings {
|
|||||||
*/
|
*/
|
||||||
private Settings(String propertiesFilePath) {
|
private Settings(String propertiesFilePath) {
|
||||||
props = new Properties();
|
props = new Properties();
|
||||||
try (InputStream in = this.getClass().getClassLoader().getResourceAsStream(propertiesFilePath)) {
|
try (InputStream in = FileUtils.getResourceAsStream(propertiesFilePath)) {
|
||||||
props.load(in);
|
props.load(in);
|
||||||
} catch (NullPointerException ex) {
|
} catch (NullPointerException ex) {
|
||||||
LOGGER.error("Did not find settings file '{}'.", propertiesFilePath);
|
LOGGER.error("Did not find settings file '{}'.", propertiesFilePath);
|
||||||
@@ -741,8 +742,12 @@ public final class Settings {
|
|||||||
* @return a File object
|
* @return a File object
|
||||||
*/
|
*/
|
||||||
private static File getJarPath() {
|
private static File getJarPath() {
|
||||||
final String jarPath = Settings.class.getProtectionDomain().getCodeSource().getLocation().getPath();
|
|
||||||
String decodedPath = ".";
|
String decodedPath = ".";
|
||||||
|
String jarPath = "";
|
||||||
|
ProtectionDomain domain = Settings.class.getProtectionDomain();
|
||||||
|
if(domain!=null&& domain.getCodeSource()!=null && domain.getCodeSource().getLocation()!=null) {
|
||||||
|
jarPath = Settings.class.getProtectionDomain().getCodeSource().getLocation().getPath();
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
decodedPath = URLDecoder.decode(jarPath, "UTF-8");
|
decodedPath = URLDecoder.decode(jarPath, "UTF-8");
|
||||||
} catch (UnsupportedEncodingException ex) {
|
} catch (UnsupportedEncodingException ex) {
|
||||||
|
|||||||
Reference in New Issue
Block a user