mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-21 16:49:43 +01:00
version 1.4.0 documentation
This commit is contained in:
Jeremy Long
@@ -42,147 +42,154 @@
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> org.slf4j.Logger;
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> org.slf4j.LoggerFactory;
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> * Abstract base suppression analyzer that contains methods for parsing the suppression xml file.</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * @author Jeremy Long</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">abstract</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.html">AbstractSuppressionAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html">AbstractAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> * The Logger for use throughout the class</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(AbstractSuppressionAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_comment">//<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer"></em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> * Returns a list of file EXTENSIONS supported by this analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> * @return a list of file EXTENSIONS supported by this analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <strong class="jxr_keyword">public</strong> Set<String> getSupportedExtensions() {
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> }
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_comment">//</editor-fold></em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> * The initialize method loads the suppression XML file.</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment"> * @throws Exception thrown if there is an exception</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> @Override
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initialize() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">super</strong>.initialize();
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> loadSuppressionData();
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> }
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> * The list of suppression rules</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <strong class="jxr_keyword">private</strong> List<SuppressionRule> rules;
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * Get the value of rules.</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> * @return the value of rules</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <strong class="jxr_keyword">public</strong> List<SuppressionRule> getRules() {
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <strong class="jxr_keyword">return</strong> rules;
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> }
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> * Set the value of rules.</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment"> * @param rules new value of rules</em>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setRules(List<SuppressionRule> rules) {
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">this</strong>.rules = rules;
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> }
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * Loads the suppression rules file.</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> * @throws SuppressionParseException thrown if the XML cannot be parsed.</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> loadSuppressionData() <strong class="jxr_keyword">throws</strong> SuppressionParseException {
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParser.html">SuppressionParser</a> parser = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParser.html">SuppressionParser</a>();
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> File file = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> rules = parser.parseSuppressionRules(<strong class="jxr_keyword">this</strong>.getClass().getClassLoader().getResourceAsStream(<span class="jxr_string">"dependencycheck-base-suppression.xml"</span>));
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> } <strong class="jxr_keyword">catch</strong> (SuppressionParseException ex) {
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> LOGGER.debug(<span class="jxr_string">"Unable to parse the base suppression data file"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> }
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">final</strong> String suppressionFilePath = Settings.getString(Settings.KEYS.SUPPRESSION_FILE);
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">if</strong> (suppressionFilePath == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> }
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">boolean</strong> deleteTempFile = false;
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">final</strong> Pattern uriRx = Pattern.compile(<span class="jxr_string">"^(https?|file)\\:.*"</span>, Pattern.CASE_INSENSITIVE);
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">if</strong> (uriRx.matcher(suppressionFilePath).matches()) {
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> deleteTempFile = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> file = FileUtils.getTempFile(<span class="jxr_string">"suppression"</span>, <span class="jxr_string">"xml"</span>);
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <strong class="jxr_keyword">final</strong> URL url = <strong class="jxr_keyword">new</strong> URL(suppressionFilePath);
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> Downloader.fetchFile(url, file, false);
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> } <strong class="jxr_keyword">catch</strong> (DownloadFailedException ex) {
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> Downloader.fetchFile(url, file, <strong class="jxr_keyword">true</strong>);
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> }
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> file = <strong class="jxr_keyword">new</strong> File(suppressionFilePath);
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">if</strong> (!file.exists()) {
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <strong class="jxr_keyword">final</strong> InputStream suppressionsFromClasspath = <strong class="jxr_keyword">this</strong>.getClass().getClassLoader().getResourceAsStream(suppressionFilePath);
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <strong class="jxr_keyword">if</strong> (suppressionsFromClasspath != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> deleteTempFile = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> file = FileUtils.getTempFile(<span class="jxr_string">"suppression"</span>, <span class="jxr_string">"xml"</span>);
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> org.apache.commons.io.FileUtils.copyInputStreamToFile(suppressionsFromClasspath, file);
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> throwSuppressionParseException(<span class="jxr_string">"Unable to locate suppressions file in classpath"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> }
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> }
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> }
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> }
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a>
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">if</strong> (file != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_comment">//rules = parser.parseSuppressionRules(file);</em>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> rules.addAll(parser.parseSuppressionRules(file));
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> LOGGER.debug(<span class="jxr_string">"{} suppression rules were loaded."</span>, rules.size());
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> } <strong class="jxr_keyword">catch</strong> (SuppressionParseException ex) {
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> LOGGER.warn(<span class="jxr_string">"Unable to parse suppression xml file '{}'"</span>, file.getPath());
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> LOGGER.warn(ex.getMessage());
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">throw</strong> ex;
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> }
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> }
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> } <strong class="jxr_keyword">catch</strong> (DownloadFailedException ex) {
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> throwSuppressionParseException(<span class="jxr_string">"Unable to fetch the configured suppression file"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> } <strong class="jxr_keyword">catch</strong> (MalformedURLException ex) {
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> throwSuppressionParseException(<span class="jxr_string">"Configured suppression file has an invalid URL"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> throwSuppressionParseException(<span class="jxr_string">"Unable to create temp file for suppressions"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">if</strong> (deleteTempFile && file != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> FileUtils.delete(file);
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> }
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> }
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> }
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a>
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment"> * Utility method to throw parse exceptions.</em>
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment"> * @param message the exception message</em>
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_javadoccomment"> * @param exception the cause of the exception</em>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <em class="jxr_javadoccomment"> * @throws SuppressionParseException throws the generated SuppressionParseException</em>
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> throwSuppressionParseException(String message, Exception exception) <strong class="jxr_keyword">throws</strong> SuppressionParseException {
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> LOGGER.warn(message);
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> LOGGER.debug(<span class="jxr_string">""</span>, exception);
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParseException.html">SuppressionParseException</a>(message, exception);
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> }
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> }
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> org.xml.sax.SAXException;
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> * Abstract base suppression analyzer that contains methods for parsing the</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * suppression xml file.</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * @author Jeremy Long</em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">abstract</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.html">AbstractSuppressionAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html">AbstractAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * The Logger for use throughout the class</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(AbstractSuppressionAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_comment">//<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer"></em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> * Returns a list of file EXTENSIONS supported by this analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> * @return a list of file EXTENSIONS supported by this analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">public</strong> Set<String> getSupportedExtensions() {
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> }
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_comment">//</editor-fold></em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment"> * The initialize method loads the suppression XML file.</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> * @throws Exception thrown if there is an exception</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> @Override
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initialize() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">super</strong>.initialize();
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> loadSuppressionData();
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> }
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment"> * The list of suppression rules</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <strong class="jxr_keyword">private</strong> List<SuppressionRule> rules;
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> * Get the value of rules.</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> * @return the value of rules</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <strong class="jxr_keyword">public</strong> List<SuppressionRule> getRules() {
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <strong class="jxr_keyword">return</strong> rules;
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> }
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment"> * Set the value of rules.</em>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> * @param rules new value of rules</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setRules(List<SuppressionRule> rules) {
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <strong class="jxr_keyword">this</strong>.rules = rules;
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> }
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> * Loads the suppression rules file.</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment"> * @throws SuppressionParseException thrown if the XML cannot be parsed.</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> loadSuppressionData() <strong class="jxr_keyword">throws</strong> SuppressionParseException {
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParser.html">SuppressionParser</a> parser = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParser.html">SuppressionParser</a>();
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> File file = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> rules = parser.parseSuppressionRules(<strong class="jxr_keyword">this</strong>.getClass().getClassLoader().getResourceAsStream(<span class="jxr_string">"dependencycheck-base-suppression.xml"</span>));
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> } <strong class="jxr_keyword">catch</strong> (SuppressionParseException ex) {
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> LOGGER.error(<span class="jxr_string">"Unable to parse the base suppression data file"</span>);
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> LOGGER.debug(<span class="jxr_string">"Unable to parse the base suppression data file"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> } <strong class="jxr_keyword">catch</strong> (SAXException ex) {
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> LOGGER.error(<span class="jxr_string">"Unable to parse the base suppression data file"</span>);
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> LOGGER.debug(<span class="jxr_string">"Unable to parse the base suppression data file"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> }
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">final</strong> String suppressionFilePath = Settings.getString(Settings.KEYS.SUPPRESSION_FILE);
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">if</strong> (suppressionFilePath == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> }
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <strong class="jxr_keyword">boolean</strong> deleteTempFile = false;
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <strong class="jxr_keyword">final</strong> Pattern uriRx = Pattern.compile(<span class="jxr_string">"^(https?|file)\\:.*"</span>, Pattern.CASE_INSENSITIVE);
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">if</strong> (uriRx.matcher(suppressionFilePath).matches()) {
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> deleteTempFile = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> file = FileUtils.getTempFile(<span class="jxr_string">"suppression"</span>, <span class="jxr_string">"xml"</span>);
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <strong class="jxr_keyword">final</strong> URL url = <strong class="jxr_keyword">new</strong> URL(suppressionFilePath);
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> Downloader.fetchFile(url, file, false);
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> } <strong class="jxr_keyword">catch</strong> (DownloadFailedException ex) {
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> Downloader.fetchFile(url, file, <strong class="jxr_keyword">true</strong>);
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> }
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> file = <strong class="jxr_keyword">new</strong> File(suppressionFilePath);
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">if</strong> (!file.exists()) {
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">final</strong> InputStream suppressionsFromClasspath = <strong class="jxr_keyword">this</strong>.getClass().getClassLoader().getResourceAsStream(suppressionFilePath);
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <strong class="jxr_keyword">if</strong> (suppressionsFromClasspath != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> deleteTempFile = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> file = FileUtils.getTempFile(<span class="jxr_string">"suppression"</span>, <span class="jxr_string">"xml"</span>);
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> org.apache.commons.io.FileUtils.copyInputStreamToFile(suppressionsFromClasspath, file);
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> throwSuppressionParseException(<span class="jxr_string">"Unable to locate suppressions file in classpath"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> }
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> }
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> }
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> }
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <strong class="jxr_keyword">if</strong> (file != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_comment">//rules = parser.parseSuppressionRules(file);</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> rules.addAll(parser.parseSuppressionRules(file));
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> LOGGER.debug(<span class="jxr_string">"{} suppression rules were loaded."</span>, rules.size());
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> } <strong class="jxr_keyword">catch</strong> (SuppressionParseException ex) {
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> LOGGER.warn(<span class="jxr_string">"Unable to parse suppression xml file '{}'"</span>, file.getPath());
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> LOGGER.warn(ex.getMessage());
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">throw</strong> ex;
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> }
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> }
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> } <strong class="jxr_keyword">catch</strong> (DownloadFailedException ex) {
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> throwSuppressionParseException(<span class="jxr_string">"Unable to fetch the configured suppression file"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> } <strong class="jxr_keyword">catch</strong> (MalformedURLException ex) {
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> throwSuppressionParseException(<span class="jxr_string">"Configured suppression file has an invalid URL"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> throwSuppressionParseException(<span class="jxr_string">"Unable to create temp file for suppressions"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">if</strong> (deleteTempFile && file != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> FileUtils.delete(file);
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> }
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> }
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> }
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a>
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment"> * Utility method to throw parse exceptions.</em>
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment"> * @param message the exception message</em>
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_javadoccomment"> * @param exception the cause of the exception</em>
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <em class="jxr_javadoccomment"> * @throws SuppressionParseException throws the generated</em>
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <em class="jxr_javadoccomment"> * SuppressionParseException</em>
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> throwSuppressionParseException(String message, Exception exception) <strong class="jxr_keyword">throws</strong> SuppressionParseException {
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> LOGGER.warn(message);
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> LOGGER.debug(<span class="jxr_string">""</span>, exception);
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParseException.html">SuppressionParseException</a>(message, exception);
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> }
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -25,40 +25,65 @@
|
||||
<a class="jxr_linenumber" name="L17" href="#L17">17</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L18" href="#L18">18</a> <strong class="jxr_keyword">package</strong> org.owasp.dependencycheck.analyzer;
|
||||
<a class="jxr_linenumber" name="L19" href="#L19">19</a>
|
||||
<a class="jxr_linenumber" name="L20" href="#L20">20</a> <strong class="jxr_keyword">import</strong> java.util.Iterator;
|
||||
<a class="jxr_linenumber" name="L21" href="#L21">21</a> <strong class="jxr_keyword">import</strong> java.util.ServiceLoader;
|
||||
<a class="jxr_linenumber" name="L22" href="#L22">22</a>
|
||||
<a class="jxr_linenumber" name="L23" href="#L23">23</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L24" href="#L24">24</a> <em class="jxr_javadoccomment"> * The Analyzer Service Loader. This class loads all services that implement</em>
|
||||
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <em class="jxr_javadoccomment"> * org.owasp.dependencycheck.analyzer.Analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L26" href="#L26">26</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <em class="jxr_javadoccomment"> * @author Jeremy Long</em>
|
||||
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalyzerService.html">AnalyzerService</a> {
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a>
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <em class="jxr_javadoccomment"> * The service loader for analyzers.</em>
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> ServiceLoader<Analyzer> loader;
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> * Creates a new instance of AnalyzerService.</em>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> * @param classLoader the ClassLoader to use when dynamically loading Analyzer and Update services</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalyzerService.html">AnalyzerService</a>(ClassLoader classLoader) {
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> loader = ServiceLoader.load(Analyzer.<strong class="jxr_keyword">class</strong>, classLoader);
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> }
|
||||
<a class="jxr_linenumber" name="L20" href="#L20">20</a> <strong class="jxr_keyword">import</strong> java.util.ArrayList;
|
||||
<a class="jxr_linenumber" name="L21" href="#L21">21</a> <strong class="jxr_keyword">import</strong> java.util.Iterator;
|
||||
<a class="jxr_linenumber" name="L22" href="#L22">22</a> <strong class="jxr_keyword">import</strong> java.util.List;
|
||||
<a class="jxr_linenumber" name="L23" href="#L23">23</a> <strong class="jxr_keyword">import</strong> java.util.ServiceLoader;
|
||||
<a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.InvalidSettingException;
|
||||
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
|
||||
<a class="jxr_linenumber" name="L26" href="#L26">26</a> <strong class="jxr_keyword">import</strong> org.slf4j.LoggerFactory;
|
||||
<a class="jxr_linenumber" name="L27" href="#L27">27</a>
|
||||
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <em class="jxr_javadoccomment"> * The Analyzer Service Loader. This class loads all services that implement</em>
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <em class="jxr_javadoccomment"> * org.owasp.dependencycheck.analyzer.Analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <em class="jxr_javadoccomment"> * @author Jeremy Long</em>
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalyzerService.html">AnalyzerService</a> {
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment"> * The Logger for use throughout the class.</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> org.slf4j.Logger LOGGER = LoggerFactory.getLogger(AnalyzerService.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * The service loader for analyzers.</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> ServiceLoader<Analyzer> service;
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> * Returns an Iterator for all instances of the Analyzer interface.</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> * Creates a new instance of AnalyzerService.</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * @return an iterator of Analyzers.</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * @param classLoader the ClassLoader to use when dynamically loading Analyzer and Update services</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">public</strong> Iterator<Analyzer> getAnalyzers() {
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <strong class="jxr_keyword">return</strong> loader.iterator();
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalyzerService.html">AnalyzerService</a>(ClassLoader classLoader) {
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> service = ServiceLoader.load(Analyzer.<strong class="jxr_keyword">class</strong>, classLoader);
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> }
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> }
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> * Returns a list of all instances of the Analyzer interface.</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> * @return a list of Analyzers.</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <strong class="jxr_keyword">public</strong> List<Analyzer> getAnalyzers() {
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <strong class="jxr_keyword">final</strong> List<Analyzer> analyzers = <strong class="jxr_keyword">new</strong> ArrayList<Analyzer>();
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <strong class="jxr_keyword">final</strong> Iterator<Analyzer> iterator = service.iterator();
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <strong class="jxr_keyword">boolean</strong> experimentalEnabled = false;
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> experimentalEnabled = Settings.getBoolean(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, false);
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> } <strong class="jxr_keyword">catch</strong> (InvalidSettingException ex) {
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> LOGGER.error(<span class="jxr_string">"invalide experimental setting"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> }
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">while</strong> (iterator.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> a = iterator.next();
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">if</strong> (!experimentalEnabled && a.getClass().isAnnotationPresent(Experimental.<strong class="jxr_keyword">class</strong>)) {
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <strong class="jxr_keyword">continue</strong>;
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> }
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> LOGGER.debug(<span class="jxr_string">"Loaded Analyzer {}"</span>, a.getName());
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> analyzers.add(a);
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> }
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <strong class="jxr_keyword">return</strong> analyzers;
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> }
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -38,204 +38,204 @@
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> java.io.File;
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> java.io.FileFilter;
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> java.util.ArrayList;
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> java.util.List;
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> * Used to analyze Autoconf input files named configure.ac or configure.in. Files simply named "configure" are also analyzed,</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> * assuming they are generated by Autoconf, and contain certain special package descriptor variables.</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * @see <a href="https://www.gnu.org/software/autoconf/">Autoconf - GNU Project - Free Software Foundation (FSF)</a></em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.html">AutoconfAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * Autoconf output filename.</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONFIGURE = <span class="jxr_string">"configure"</span>;
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> * Autoconf input filename.</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONFIGURE_IN = <span class="jxr_string">"configure.in"</span>;
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> * Autoconf input filename.</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONFIGURE_AC = <span class="jxr_string">"configure.ac"</span>;
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Autoconf Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> * The set of file extensions supported by this analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String[] EXTENSIONS = {<span class="jxr_string">"ac"</span>, <span class="jxr_string">"in"</span>};
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * Matches AC_INIT variables in the output configure script.</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern PACKAGE_VAR = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <span class="jxr_string">"PACKAGE_(.+?)='(.*?)'"</span>, Pattern.DOTALL | Pattern.CASE_INSENSITIVE);
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> * Matches AC_INIT statement in configure.ac file.</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern AC_INIT_PATTERN;
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">static</strong> {
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_comment">// each instance of param or sep_param has a capture group</em>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <strong class="jxr_keyword">final</strong> String param = <span class="jxr_string">"\\[{0,2}(.+?)\\]{0,2}"</span>;
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">final</strong> String sepParam = <span class="jxr_string">"\\s*,\\s*"</span> + param;
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_comment">// Group 1: Package</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_comment">// Group 2: Version</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_comment">// Group 3: optional</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_comment">// Group 4: Bug report address (if it exists)</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_comment">// Group 5: optional</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_comment">// Group 6: Tarname (if it exists)</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_comment">// Group 7: optional</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_comment">// Group 8: URL (if it exists)</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> AC_INIT_PATTERN = Pattern.compile(String.format(
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <span class="jxr_string">"AC_INIT\\(%s%s(%s)?(%s)?(%s)?\\s*\\)"</span>, param, sepParam,
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> sepParam, sepParam, sepParam), Pattern.DOTALL
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> | Pattern.CASE_INSENSITIVE);
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> }
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addFilenames(CONFIGURE).addExtensions(
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> EXTENSIONS).build();
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a>
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> @Override
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <strong class="jxr_keyword">return</strong> FILTER;
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> }
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a>
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> @Override
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> }
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a>
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> @Override
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> }
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a>
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> @Override
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED;
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> }
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a>
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> @Override
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">final</strong> File actualFile = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <strong class="jxr_keyword">final</strong> String name = actualFile.getName();
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">if</strong> (name.startsWith(CONFIGURE)) {
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">final</strong> File parent = actualFile.getParentFile();
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">final</strong> String parentName = parent.getName();
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> dependency.setDisplayFileName(parentName + <span class="jxr_string">"/"</span> + name);
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> isOutputScript = CONFIGURE.equals(name);
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">if</strong> (isOutputScript || CONFIGURE_AC.equals(name)
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> || CONFIGURE_IN.equals(name)) {
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">final</strong> String contents = getFileContents(actualFile);
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">if</strong> (!contents.isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <strong class="jxr_keyword">if</strong> (isOutputScript) {
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> extractConfigureScriptEvidence(dependency, name,
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> contents);
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> gatherEvidence(dependency, name, contents);
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> }
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> }
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> }
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_comment">// copy, alter and set in case some other thread is iterating over</em>
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <strong class="jxr_keyword">final</strong> List<Dependency> dependencies = <strong class="jxr_keyword">new</strong> ArrayList<Dependency>(
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> engine.getDependencies());
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> dependencies.remove(dependency);
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> engine.setDependencies(dependencies);
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> }
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> }
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a>
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <em class="jxr_javadoccomment"> * Extracts evidence from the configuration.</em>
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment"> * @param name the name of the source of evidence</em>
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment"> * @param contents the contents to analyze for evidence</em>
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractConfigureScriptEvidence(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency,
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <strong class="jxr_keyword">final</strong> String name, <strong class="jxr_keyword">final</strong> String contents) {
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <strong class="jxr_keyword">final</strong> Matcher matcher = PACKAGE_VAR.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <strong class="jxr_keyword">while</strong> (matcher.find()) {
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">final</strong> String variable = matcher.group(1);
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">final</strong> String value = matcher.group(2);
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">if</strong> (!value.isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">if</strong> (variable.endsWith(<span class="jxr_string">"NAME"</span>)) {
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> dependency.getProductEvidence().addEvidence(name, variable,
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> value, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"VERSION"</span>.equals(variable)) {
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> dependency.getVersionEvidence().addEvidence(name, variable,
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> value, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"BUGREPORT"</span>.equals(variable)) {
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> dependency.getVendorEvidence().addEvidence(name, variable,
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> value, Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"URL"</span>.equals(variable)) {
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> dependency.getVendorEvidence().addEvidence(name, variable,
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> value, Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> }
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> }
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> }
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> }
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a>
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <em class="jxr_javadoccomment"> * Retrieves the contents of a given file.</em>
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <em class="jxr_javadoccomment"> * @param actualFile the file to read</em>
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <em class="jxr_javadoccomment"> * @return the contents of the file</em>
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an IO Exception</em>
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">private</strong> String getFileContents(<strong class="jxr_keyword">final</strong> File actualFile)
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> String contents = <span class="jxr_string">""</span>;
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> contents = FileUtils.readFileToString(actualFile).trim();
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> }
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <strong class="jxr_keyword">return</strong> contents;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> java.nio.charset.Charset;
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> java.util.ArrayList;
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> java.util.List;
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> * Used to analyze Autoconf input files named configure.ac or configure.in. Files simply named "configure" are also analyzed,</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * assuming they are generated by Autoconf, and contain certain special package descriptor variables.</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> * @see <a href="https://www.gnu.org/software/autoconf/">Autoconf - GNU Project - Free Software Foundation (FSF)</a></em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> @Experimental
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.html">AutoconfAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment"> * Autoconf output filename.</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONFIGURE = <span class="jxr_string">"configure"</span>;
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> * Autoconf input filename.</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONFIGURE_IN = <span class="jxr_string">"configure.in"</span>;
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment"> * Autoconf input filename.</em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONFIGURE_AC = <span class="jxr_string">"configure.ac"</span>;
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Autoconf Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment"> * The set of file extensions supported by this analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String[] EXTENSIONS = {<span class="jxr_string">"ac"</span>, <span class="jxr_string">"in"</span>};
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> * Matches AC_INIT variables in the output configure script.</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern PACKAGE_VAR = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <span class="jxr_string">"PACKAGE_(.+?)='(.*?)'"</span>, Pattern.DOTALL | Pattern.CASE_INSENSITIVE);
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> * Matches AC_INIT statement in configure.ac file.</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern AC_INIT_PATTERN;
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <strong class="jxr_keyword">static</strong> {
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_comment">// each instance of param or sep_param has a capture group</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">final</strong> String param = <span class="jxr_string">"\\[{0,2}(.+?)\\]{0,2}"</span>;
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <strong class="jxr_keyword">final</strong> String sepParam = <span class="jxr_string">"\\s*,\\s*"</span> + param;
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_comment">// Group 1: Package</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_comment">// Group 2: Version</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_comment">// Group 3: optional</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_comment">// Group 4: Bug report address (if it exists)</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_comment">// Group 5: optional</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_comment">// Group 6: Tarname (if it exists)</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_comment">// Group 7: optional</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_comment">// Group 8: URL (if it exists)</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> AC_INIT_PATTERN = Pattern.compile(String.format(
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <span class="jxr_string">"AC_INIT\\(%s%s(%s)?(%s)?(%s)?\\s*\\)"</span>, param, sepParam,
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> sepParam, sepParam, sepParam), Pattern.DOTALL
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> | Pattern.CASE_INSENSITIVE);
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> }
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addFilenames(CONFIGURE).addExtensions(
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> EXTENSIONS).build();
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> @Override
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">return</strong> FILTER;
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> }
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> @Override
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> }
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> @Override
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> }
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> @Override
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED;
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> }
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a>
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> @Override
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">final</strong> File actualFile = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">final</strong> String name = actualFile.getName();
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">if</strong> (name.startsWith(CONFIGURE)) {
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">final</strong> File parent = actualFile.getParentFile();
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">final</strong> String parentName = parent.getName();
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> dependency.setDisplayFileName(parentName + <span class="jxr_string">"/"</span> + name);
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> isOutputScript = CONFIGURE.equals(name);
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">if</strong> (isOutputScript || CONFIGURE_AC.equals(name)
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> || CONFIGURE_IN.equals(name)) {
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <strong class="jxr_keyword">final</strong> String contents = getFileContents(actualFile);
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">if</strong> (!contents.isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">if</strong> (isOutputScript) {
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> extractConfigureScriptEvidence(dependency, name,
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> contents);
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> gatherEvidence(dependency, name, contents);
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> }
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> }
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> }
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <em class="jxr_comment">// copy, alter and set in case some other thread is iterating over</em>
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">final</strong> List<Dependency> dependencies = <strong class="jxr_keyword">new</strong> ArrayList<Dependency>(
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> engine.getDependencies());
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> dependencies.remove(dependency);
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> engine.setDependencies(dependencies);
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> }
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> }
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a>
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <em class="jxr_javadoccomment"> * Extracts evidence from the configuration.</em>
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> * @param name the name of the source of evidence</em>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> * @param contents the contents to analyze for evidence</em>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractConfigureScriptEvidence(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency,
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <strong class="jxr_keyword">final</strong> String name, <strong class="jxr_keyword">final</strong> String contents) {
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">final</strong> Matcher matcher = PACKAGE_VAR.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">while</strong> (matcher.find()) {
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">final</strong> String variable = matcher.group(1);
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">final</strong> String value = matcher.group(2);
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <strong class="jxr_keyword">if</strong> (!value.isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <strong class="jxr_keyword">if</strong> (variable.endsWith(<span class="jxr_string">"NAME"</span>)) {
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> dependency.getProductEvidence().addEvidence(name, variable,
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> value, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"VERSION"</span>.equals(variable)) {
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> dependency.getVersionEvidence().addEvidence(name, variable,
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> value, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"BUGREPORT"</span>.equals(variable)) {
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> dependency.getVendorEvidence().addEvidence(name, variable,
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> value, Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"URL"</span>.equals(variable)) {
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> dependency.getVendorEvidence().addEvidence(name, variable,
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> value, Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> }
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> }
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> }
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> }
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a>
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <em class="jxr_javadoccomment"> * Retrieves the contents of a given file.</em>
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <em class="jxr_javadoccomment"> * @param actualFile the file to read</em>
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <em class="jxr_javadoccomment"> * @return the contents of the file</em>
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an IO Exception</em>
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <strong class="jxr_keyword">private</strong> String getFileContents(<strong class="jxr_keyword">final</strong> File actualFile)
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <strong class="jxr_keyword">return</strong> FileUtils.readFileToString(actualFile, Charset.defaultCharset()).trim();
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> }
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> }
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a>
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <em class="jxr_javadoccomment">/**</em>
|
||||
|
||||
@@ -41,208 +41,210 @@
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> java.io.FileFilter;
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> java.io.UnsupportedEncodingException;
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> java.security.MessageDigest;
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> java.security.NoSuchAlgorithmException;
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * Used to analyze CMake build files, and collect information that can be used to determine the associated CPE.</p></em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> * Note: This analyzer catches straightforward invocations of the project command, plus some other observed patterns of version</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> * inclusion in real CMake projects. Many projects make use of older versions of CMake and/or use custom "homebrew" ways to insert</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> * version information. Hopefully as the newer CMake call pattern grows in usage, this analyzer allow more CPEs to be</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * identified.</p></em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/CMakeAnalyzer.html">CMakeAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(CMakeAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment"> * Used when compiling file scanning regex patterns.</em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> REGEX_OPTIONS = Pattern.DOTALL
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> | Pattern.CASE_INSENSITIVE | Pattern.MULTILINE;
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> * Regex to extract the product information.</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern PROJECT = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <span class="jxr_string">"^ *project *\\([ \\n]*(\\w+)[ \\n]*.*?\\)"</span>, REGEX_OPTIONS);
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment"> * Regex to extract product and version information.</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> * Group 1: Product</em>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> java.nio.charset.Charset;
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> java.security.MessageDigest;
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> java.security.NoSuchAlgorithmException;
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> * Used to analyze CMake build files, and collect information that can be used to determine the associated CPE.</p></em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> * Note: This analyzer catches straightforward invocations of the project command, plus some other observed patterns of version</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> * inclusion in real CMake projects. Many projects make use of older versions of CMake and/or use custom "homebrew" ways to insert</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * version information. Hopefully as the newer CMake call pattern grows in usage, this analyzer allow more CPEs to be</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> * identified.</p></em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> @Experimental
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/CMakeAnalyzer.html">CMakeAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(CMakeAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> * Used when compiling file scanning regex patterns.</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> REGEX_OPTIONS = Pattern.DOTALL
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> | Pattern.CASE_INSENSITIVE | Pattern.MULTILINE;
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> * Regex to extract the product information.</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern PROJECT = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <span class="jxr_string">"^ *project *\\([ \\n]*(\\w+)[ \\n]*.*?\\)"</span>, REGEX_OPTIONS);
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> * Regex to extract product and version information.</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> * Group 2: Version</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern SET_VERSION = Pattern
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> .compile(
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <span class="jxr_string">"^ *set\\s*\\(\\s*(\\w+)_version\\s+\"?(\\d+(?:\\.\\d+)+)[\\s\"]?\\)"</span>,
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> REGEX_OPTIONS);
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> * Detects files that can be analyzed.</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(<span class="jxr_string">".cmake"</span>)
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> .addFilenames(<span class="jxr_string">"CMakeLists.txt"</span>).build();
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment"> * A reference to SHA1 message digest.</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> MessageDigest sha1 = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <strong class="jxr_keyword">static</strong> {
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> sha1 = MessageDigest.getInstance(<span class="jxr_string">"SHA1"</span>);
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> } <strong class="jxr_keyword">catch</strong> (NoSuchAlgorithmException e) {
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> LOGGER.error(e.getMessage());
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> }
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> }
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> * Returns the name of the CMake analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> * Group 1: Product</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * Group 2: Version</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern SET_VERSION = Pattern
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> .compile(
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <span class="jxr_string">"^ *set\\s*\\(\\s*(\\w+)_version\\s+\"?(\\d+(?:\\.\\d+)+)[\\s\"]?\\)"</span>,
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> REGEX_OPTIONS);
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> * Detects files that can be analyzed.</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(<span class="jxr_string">".cmake"</span>)
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> .addFilenames(<span class="jxr_string">"CMakeLists.txt"</span>).build();
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> * A reference to SHA1 message digest.</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> MessageDigest sha1 = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <strong class="jxr_keyword">static</strong> {
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> sha1 = MessageDigest.getInstance(<span class="jxr_string">"SHA1"</span>);
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> } <strong class="jxr_keyword">catch</strong> (NoSuchAlgorithmException e) {
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> LOGGER.error(e.getMessage());
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> }
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> }
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> * Returns the name of the CMake analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> @Override
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"CMake Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> }
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a>
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <em class="jxr_javadoccomment"> * Tell that we are used for information collection.</em>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment"> * @return INFORMATION_COLLECTION</em>
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> @Override
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> }
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a>
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_javadoccomment"> * Returns the set of supported file extensions.</em>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> * @return the set of supported file extensions</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> @Override
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <strong class="jxr_keyword">return</strong> FILTER;
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> }
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a>
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_javadoccomment"> * No-op initializer implementation.</em>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> * @throws Exception never thrown</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> @Override
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <em class="jxr_comment">// Nothing to do here.</em>
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> }
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment"> * Analyzes python packages and adds evidence to the dependency.</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> * @param engine the engine being used to perform the scan</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error analyzing the dependency</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> @Override
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">final</strong> File file = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <strong class="jxr_keyword">final</strong> String parentName = file.getParentFile().getName();
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">final</strong> String name = file.getName();
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> dependency.setDisplayFileName(String.format(<span class="jxr_string">"%s%c%s"</span>, parentName, File.separatorChar, name));
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> String contents;
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> contents = FileUtils.readFileToString(file).trim();
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> }
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a>
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(contents)) {
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <strong class="jxr_keyword">final</strong> Matcher m = PROJECT.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">int</strong> count = 0;
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">while</strong> (m.find()) {
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> count++;
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> LOGGER.debug(String.format(
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <span class="jxr_string">"Found project command match with %d groups: %s"</span>,
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> m.groupCount(), m.group(0)));
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <strong class="jxr_keyword">final</strong> String group = m.group(1);
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> LOGGER.debug(<span class="jxr_string">"Group 1: "</span> + group);
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> dependency.getProductEvidence().addEvidence(name, <span class="jxr_string">"Project"</span>,
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> group, Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> }
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> LOGGER.debug(<span class="jxr_string">"Found {} matches."</span>, count);
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> analyzeSetVersionCommand(dependency, engine, contents);
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> }
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> }
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a>
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <em class="jxr_javadoccomment"> * Extracts the version information from the contents. If more then one version is found additional dependencies are added to</em>
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <em class="jxr_javadoccomment"> * the dependency list.</em>
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment"> * @param engine the dependency-check engine</em>
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> * @param contents the version information</em>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> analyzeSetVersionCommand(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine, String contents) {
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> currentDep = dependency;
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a>
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">final</strong> Matcher m = SET_VERSION.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">int</strong> count = 0;
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">while</strong> (m.find()) {
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> count++;
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> LOGGER.debug(<span class="jxr_string">"Found project command match with {} groups: {}"</span>,
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> m.groupCount(), m.group(0));
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> String product = m.group(1);
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <strong class="jxr_keyword">final</strong> String version = m.group(2);
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> LOGGER.debug(<span class="jxr_string">"Group 1: "</span> + product);
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> LOGGER.debug(<span class="jxr_string">"Group 2: "</span> + version);
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <strong class="jxr_keyword">final</strong> String aliasPrefix = <span class="jxr_string">"ALIASOF_"</span>;
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <strong class="jxr_keyword">if</strong> (product.startsWith(aliasPrefix)) {
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> product = product.replaceFirst(aliasPrefix, <span class="jxr_string">""</span>);
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> }
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <strong class="jxr_keyword">if</strong> (count > 1) {
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <em class="jxr_comment">//TODO - refactor so we do not assign to the parameter (checkstyle)</em>
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> currentDep = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(dependency.getActualFile());
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> currentDep.setDisplayFileName(String.format(<span class="jxr_string">"%s:%s"</span>, dependency.getDisplayFileName(), product));
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <strong class="jxr_keyword">final</strong> String filePath = String.format(<span class="jxr_string">"%s:%s"</span>, dependency.getFilePath(), product);
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> currentDep.setFilePath(filePath);
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a>
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> byte[] path;
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> path = filePath.getBytes(<span class="jxr_string">"UTF-8"</span>);
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> path = filePath.getBytes();
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> }
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> currentDep.setSha1sum(Checksum.getHex(sha1.digest(path)));
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> engine.getDependencies().add(currentDep);
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> }
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">final</strong> String source = currentDep.getDisplayFileName();
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> currentDep.getProductEvidence().addEvidence(source, <span class="jxr_string">"Product"</span>,
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> product, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> currentDep.getVersionEvidence().addEvidence(source, <span class="jxr_string">"Version"</span>,
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> version, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> }
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> LOGGER.debug(String.format(<span class="jxr_string">"Found %d matches."</span>, count));
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> }
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a>
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> @Override
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_CMAKE_ENABLED;
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> }
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> }
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> @Override
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"CMake Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> }
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment"> * Tell that we are used for information collection.</em>
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment"> * @return INFORMATION_COLLECTION</em>
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> @Override
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> }
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> * Returns the set of supported file extensions.</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment"> * @return the set of supported file extensions</em>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> @Override
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">return</strong> FILTER;
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> }
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> * No-op initializer implementation.</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> * @throws Exception never thrown</em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> @Override
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_comment">// Nothing to do here.</em>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> }
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> * Analyzes python packages and adds evidence to the dependency.</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment"> * @param engine the engine being used to perform the scan</em>
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error analyzing the dependency</em>
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> @Override
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">final</strong> File file = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <strong class="jxr_keyword">final</strong> String parentName = file.getParentFile().getName();
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">final</strong> String name = file.getName();
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> dependency.setDisplayFileName(String.format(<span class="jxr_string">"%s%c%s"</span>, parentName, File.separatorChar, name));
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> String contents;
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> contents = FileUtils.readFileToString(file, Charset.defaultCharset()).trim();
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> }
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a>
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(contents)) {
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">final</strong> Matcher m = PROJECT.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <strong class="jxr_keyword">int</strong> count = 0;
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">while</strong> (m.find()) {
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> count++;
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> LOGGER.debug(String.format(
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <span class="jxr_string">"Found project command match with %d groups: %s"</span>,
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> m.groupCount(), m.group(0)));
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <strong class="jxr_keyword">final</strong> String group = m.group(1);
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> LOGGER.debug(<span class="jxr_string">"Group 1: "</span> + group);
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> dependency.getProductEvidence().addEvidence(name, <span class="jxr_string">"Project"</span>,
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> group, Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> }
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> LOGGER.debug(<span class="jxr_string">"Found {} matches."</span>, count);
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> analyzeSetVersionCommand(dependency, engine, contents);
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> }
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> }
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a>
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <em class="jxr_javadoccomment"> * Extracts the version information from the contents. If more then one version is found additional dependencies are added to</em>
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment"> * the dependency list.</em>
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> * @param engine the dependency-check engine</em>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> * @param contents the version information</em>
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> analyzeSetVersionCommand(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine, String contents) {
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> currentDep = dependency;
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a>
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">final</strong> Matcher m = SET_VERSION.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">int</strong> count = 0;
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <strong class="jxr_keyword">while</strong> (m.find()) {
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> count++;
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> LOGGER.debug(<span class="jxr_string">"Found project command match with {} groups: {}"</span>,
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> m.groupCount(), m.group(0));
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> String product = m.group(1);
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <strong class="jxr_keyword">final</strong> String version = m.group(2);
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> LOGGER.debug(<span class="jxr_string">"Group 1: "</span> + product);
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> LOGGER.debug(<span class="jxr_string">"Group 2: "</span> + version);
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <strong class="jxr_keyword">final</strong> String aliasPrefix = <span class="jxr_string">"ALIASOF_"</span>;
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <strong class="jxr_keyword">if</strong> (product.startsWith(aliasPrefix)) {
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> product = product.replaceFirst(aliasPrefix, <span class="jxr_string">""</span>);
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> }
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <strong class="jxr_keyword">if</strong> (count > 1) {
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <em class="jxr_comment">//TODO - refactor so we do not assign to the parameter (checkstyle)</em>
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> currentDep = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(dependency.getActualFile());
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> currentDep.setDisplayFileName(String.format(<span class="jxr_string">"%s:%s"</span>, dependency.getDisplayFileName(), product));
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <strong class="jxr_keyword">final</strong> String filePath = String.format(<span class="jxr_string">"%s:%s"</span>, dependency.getFilePath(), product);
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> currentDep.setFilePath(filePath);
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a>
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> byte[] path;
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> path = filePath.getBytes(<span class="jxr_string">"UTF-8"</span>);
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> path = filePath.getBytes();
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> }
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> currentDep.setSha1sum(Checksum.getHex(sha1.digest(path)));
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> engine.getDependencies().add(currentDep);
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> }
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <strong class="jxr_keyword">final</strong> String source = currentDep.getDisplayFileName();
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> currentDep.getProductEvidence().addEvidence(source, <span class="jxr_string">"Product"</span>,
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> product, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> currentDep.getVersionEvidence().addEvidence(source, <span class="jxr_string">"Version"</span>,
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> version, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> }
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> LOGGER.debug(String.format(<span class="jxr_string">"Found %d matches."</span>, count));
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> }
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a>
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> @Override
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_CMAKE_ENABLED;
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> }
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -49,125 +49,126 @@
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> * @author colezlaw</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.html">ComposerLockAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(ComposerLockAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> * The analyzer name.</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Composer.lock analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> * composer.json.</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String COMPOSER_LOCK = <span class="jxr_string">"composer.lock"</span>;
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> * The FileFilter.</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILE_FILTER = FileFilterBuilder.newInstance().addFilenames(COMPOSER_LOCK).build();
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> * Returns the FileFilter.</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> @Override
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <strong class="jxr_keyword">return</strong> FILE_FILTER;
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> }
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> * Initializes the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> * @throws Exception thrown if an exception occurs getting an instance of SHA1</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> @Override
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> sha1 = MessageDigest.getInstance(<span class="jxr_string">"SHA1"</span>);
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> }
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> * The MessageDigest for calculating a new digest for the new dependencies added.</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">private</strong> MessageDigest sha1 = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> * Entry point for the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment"> * @param engine the engine scanning</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * @throws AnalysisException if there's a failure during analysis</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> @Override
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> FileInputStream fis = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> fis = <strong class="jxr_keyword">new</strong> FileInputStream(dependency.getActualFile());
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/data/composer/ComposerLockParser.html">ComposerLockParser</a> clp = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/composer/ComposerLockParser.html">ComposerLockParser</a>(fis);
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> LOGGER.info(<span class="jxr_string">"Checking composer.lock file {}"</span>, dependency.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> clp.process();
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <strong class="jxr_keyword">for</strong> (ComposerDependency dep : clp.getDependencies()) {
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> d = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(dependency.getActualFile());
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> d.setDisplayFileName(String.format(<span class="jxr_string">"%s:%s/%s"</span>, dependency.getDisplayFileName(), dep.getGroup(), dep.getProject()));
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">final</strong> String filePath = String.format(<span class="jxr_string">"%s:%s/%s"</span>, dependency.getFilePath(), dep.getGroup(), dep.getProject());
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> d.setFilePath(filePath);
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> d.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes(Charset.defaultCharset()))));
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> d.getVendorEvidence().addEvidence(COMPOSER_LOCK, <span class="jxr_string">"vendor"</span>, dep.getGroup(), Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> d.getProductEvidence().addEvidence(COMPOSER_LOCK, <span class="jxr_string">"product"</span>, dep.getProject(), Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> d.getVersionEvidence().addEvidence(COMPOSER_LOCK, <span class="jxr_string">"version"</span>, dep.getVersion(), Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> LOGGER.info(<span class="jxr_string">"Adding dependency {}"</span>, d);
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> engine.getDependencies().add(d);
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> }
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException fnfe) {
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> LOGGER.warn(<span class="jxr_string">"Error opening dependency {}"</span>, dependency.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> } <strong class="jxr_keyword">catch</strong> (ComposerException ce) {
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> LOGGER.warn(<span class="jxr_string">"Error parsing composer.json {}"</span>, dependency.getActualFilePath(), ce);
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <strong class="jxr_keyword">if</strong> (fis != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> fis.close();
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> } <strong class="jxr_keyword">catch</strong> (Exception e) {
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> LOGGER.debug(<span class="jxr_string">"Unable to close file"</span>, e);
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> }
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> }
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> }
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> }
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a>
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_javadoccomment"> * Gets the key to determine whether the analyzer is enabled.</em>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> * @return the key specifying whether the analyzer is enabled</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> @Override
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED;
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> }
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment"> * Returns the analyzer's name.</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> * @return the analyzer's name</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> @Override
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> }
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a>
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment"> * Returns the phase this analyzer should run under.</em>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> * @return the analysis phase</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> @Override
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> }
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> }
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> @Experimental
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.html">ComposerLockAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(ComposerLockAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> * The analyzer name.</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Composer.lock analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> * composer.json.</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String COMPOSER_LOCK = <span class="jxr_string">"composer.lock"</span>;
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> * The FileFilter.</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILE_FILTER = FileFilterBuilder.newInstance().addFilenames(COMPOSER_LOCK).build();
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> * Returns the FileFilter.</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> @Override
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <strong class="jxr_keyword">return</strong> FILE_FILTER;
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> }
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * Initializes the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> * @throws Exception thrown if an exception occurs getting an instance of SHA1</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> @Override
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> sha1 = MessageDigest.getInstance(<span class="jxr_string">"SHA1"</span>);
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> }
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment"> * The MessageDigest for calculating a new digest for the new dependencies added.</em>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <strong class="jxr_keyword">private</strong> MessageDigest sha1 = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment"> * Entry point for the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * @param engine the engine scanning</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> * @throws AnalysisException if there's a failure during analysis</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> @Override
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> FileInputStream fis = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> fis = <strong class="jxr_keyword">new</strong> FileInputStream(dependency.getActualFile());
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/data/composer/ComposerLockParser.html">ComposerLockParser</a> clp = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/composer/ComposerLockParser.html">ComposerLockParser</a>(fis);
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> LOGGER.info(<span class="jxr_string">"Checking composer.lock file {}"</span>, dependency.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> clp.process();
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">for</strong> (ComposerDependency dep : clp.getDependencies()) {
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> d = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(dependency.getActualFile());
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> d.setDisplayFileName(String.format(<span class="jxr_string">"%s:%s/%s"</span>, dependency.getDisplayFileName(), dep.getGroup(), dep.getProject()));
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">final</strong> String filePath = String.format(<span class="jxr_string">"%s:%s/%s"</span>, dependency.getFilePath(), dep.getGroup(), dep.getProject());
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> d.setFilePath(filePath);
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> d.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes(Charset.defaultCharset()))));
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> d.getVendorEvidence().addEvidence(COMPOSER_LOCK, <span class="jxr_string">"vendor"</span>, dep.getGroup(), Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> d.getProductEvidence().addEvidence(COMPOSER_LOCK, <span class="jxr_string">"product"</span>, dep.getProject(), Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> d.getVersionEvidence().addEvidence(COMPOSER_LOCK, <span class="jxr_string">"version"</span>, dep.getVersion(), Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> LOGGER.info(<span class="jxr_string">"Adding dependency {}"</span>, d);
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> engine.getDependencies().add(d);
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> }
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException fnfe) {
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> LOGGER.warn(<span class="jxr_string">"Error opening dependency {}"</span>, dependency.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> } <strong class="jxr_keyword">catch</strong> (ComposerException ce) {
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> LOGGER.warn(<span class="jxr_string">"Error parsing composer.json {}"</span>, dependency.getActualFilePath(), ce);
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <strong class="jxr_keyword">if</strong> (fis != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> fis.close();
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> } <strong class="jxr_keyword">catch</strong> (Exception e) {
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> LOGGER.debug(<span class="jxr_string">"Unable to close file"</span>, e);
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> }
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> }
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> }
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> }
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment"> * Gets the key to determine whether the analyzer is enabled.</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> * @return the key specifying whether the analyzer is enabled</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> @Override
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED;
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> }
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> * Returns the analyzer's name.</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> * @return the analyzer's name</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> @Override
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> }
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a>
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> * Returns the phase this analyzer should run under.</em>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> * @return the analysis phase</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> @Override
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> }
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -43,397 +43,475 @@
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> * This analyzer ensures dependencies that should be grouped together, to remove excess noise from the report, are grouped. An</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> * example would be Spring, Spring Beans, Spring MVC, etc. If they are all for the same version and have the same relative path</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> * then these should be grouped into a single dependency under the core/main library.</p></em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> * Note, this grouping only works on dependencies with identified CVE entries</p></em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> * @author Jeremy Long</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.html">DependencyBundlingAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html">AbstractAnalyzer</a> <strong class="jxr_keyword">implements</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> {
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> * The Logger.</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(DependencyBundlingAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_comment">//<editor-fold defaultstate="collapsed" desc="Constants and Member Variables"></em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> * A pattern for obtaining the first part of a filename.</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern STARTING_TEXT_PATTERN = Pattern.compile(<span class="jxr_string">"^[a-zA-Z0-9]*"</span>);
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment"> * a flag indicating if this analyzer has run. This analyzer only runs once.</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> analyzed = false;
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_comment">//</editor-fold></em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_comment">//<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer"></em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Dependency Bundling Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.PRE_FINDING_ANALYSIS;
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> @Override
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> }
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> @Override
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> }
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_comment">//</editor-fold></em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment"> * Analyzes a set of dependencies. If they have been found to have the same base path and the same set of identifiers they are</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * likely related. The related dependencies are bundled into a single reportable item.</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> * @param ignore this analyzer ignores the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment"> * @param engine the engine that is scanning the dependencies</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment"> * @throws AnalysisException is thrown if there is an error reading the JAR file.</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> @Override
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyze(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> ignore, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <strong class="jxr_keyword">if</strong> (!analyzed) {
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> analyzed = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <strong class="jxr_keyword">final</strong> Set<Dependency> dependenciesToRemove = <strong class="jxr_keyword">new</strong> HashSet<Dependency>();
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">final</strong> ListIterator<Dependency> mainIterator = engine.getDependencies().listIterator();
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_comment">//for (Dependency nextDependency : engine.getDependencies()) {</em>
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">while</strong> (mainIterator.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency = mainIterator.next();
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">if</strong> (mainIterator.hasNext() && !dependenciesToRemove.contains(dependency)) {
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">final</strong> ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">while</strong> (subIterator.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> nextDependency = subIterator.next();
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">if</strong> (hashesMatch(dependency, nextDependency) && !containedInWar(dependency.getFilePath())
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> && !containedInWar(nextDependency.getFilePath())) {
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <strong class="jxr_keyword">if</strong> (firstPathIsShortest(dependency.getFilePath(), nextDependency.getFilePath())) {
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> mergeDependencies(dependency, nextDependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> mergeDependencies(nextDependency, dependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">break</strong>; <em class="jxr_comment">//since we merged into the next dependency - skip forward to the next in mainIterator</em>
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> }
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (isShadedJar(dependency, nextDependency)) {
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <strong class="jxr_keyword">if</strong> (dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">"pom.xml"</span>)) {
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> * This analyzer ensures dependencies that should be grouped together, to remove</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> * excess noise from the report, are grouped. An example would be Spring, Spring</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> * Beans, Spring MVC, etc. If they are all for the same version and have the</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * same relative path then these should be grouped into a single dependency</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> * under the core/main library.</p></em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> * Note, this grouping only works on dependencies with identified CVE</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> * entries</p></em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> * @author Jeremy Long</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.html">DependencyBundlingAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html">AbstractAnalyzer</a> <strong class="jxr_keyword">implements</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> {
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> * The Logger.</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(DependencyBundlingAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_comment">//<editor-fold defaultstate="collapsed" desc="Constants and Member Variables"></em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> * A pattern for obtaining the first part of a filename.</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern STARTING_TEXT_PATTERN = Pattern.compile(<span class="jxr_string">"^[a-zA-Z0-9]*"</span>);
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> * a flag indicating if this analyzer has run. This analyzer only runs once.</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> analyzed = false;
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_comment">//</editor-fold></em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_comment">//<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer"></em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Dependency Bundling Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.PRE_FINDING_ANALYSIS;
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> @Override
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> }
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> @Override
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> }
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_comment">//</editor-fold></em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> * Analyzes a set of dependencies. If they have been found to have the same</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment"> * base path and the same set of identifiers they are likely related. The</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment"> * related dependencies are bundled into a single reportable item.</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> * @param ignore this analyzer ignores the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> * @param engine the engine that is scanning the dependencies</em>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment"> * @throws AnalysisException is thrown if there is an error reading the JAR</em>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> * file.</em>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> @Override
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyze(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> ignore, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">if</strong> (!analyzed) {
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> analyzed = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">final</strong> Set<Dependency> dependenciesToRemove = <strong class="jxr_keyword">new</strong> HashSet<Dependency>();
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">final</strong> ListIterator<Dependency> mainIterator = engine.getDependencies().listIterator();
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_comment">//for (Dependency nextDependency : engine.getDependencies()) {</em>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">while</strong> (mainIterator.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency = mainIterator.next();
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <strong class="jxr_keyword">if</strong> (mainIterator.hasNext() && !dependenciesToRemove.contains(dependency)) {
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <strong class="jxr_keyword">final</strong> ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <strong class="jxr_keyword">while</strong> (subIterator.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> nextDependency = subIterator.next();
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <strong class="jxr_keyword">if</strong> (hashesMatch(dependency, nextDependency) && !containedInWar(dependency.getFilePath())
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> && !containedInWar(nextDependency.getFilePath())) {
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">if</strong> (firstPathIsShortest(dependency.getFilePath(), nextDependency.getFilePath())) {
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> mergeDependencies(dependency, nextDependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> mergeDependencies(nextDependency, dependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> nextDependency.getRelatedDependencies().remove(dependency);
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> mergeDependencies(dependency, nextDependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> dependency.getRelatedDependencies().remove(nextDependency);
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> }
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (cpeIdentifiersMatch(dependency, nextDependency)
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> && hasSameBasePath(dependency, nextDependency)
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> && fileNameMatch(dependency, nextDependency)) {
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <strong class="jxr_keyword">if</strong> (isCore(dependency, nextDependency)) {
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> mergeDependencies(dependency, nextDependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> mergeDependencies(nextDependency, dependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <strong class="jxr_keyword">break</strong>; <em class="jxr_comment">//since we merged into the next dependency - skip forward to the next in mainIterator</em>
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> }
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> }
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> }
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> }
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> }
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_comment">//removing dependencies here as ensuring correctness and avoiding ConcurrentUpdateExceptions</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_comment">// was difficult because of the inner iterator.</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> engine.getDependencies().removeAll(dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> }
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> }
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a>
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_javadoccomment"> * Adds the relatedDependency to the dependency's related dependencies.</em>
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment"> * @param dependency the main dependency</em>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> * @param relatedDependency a collection of dependencies to be removed from the main analysis loop, this is the source of</em>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> * dependencies to remove</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> * @param dependenciesToRemove a collection of dependencies that will be removed from the main analysis loop, this function</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> * adds to this collection</em>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> mergeDependencies(<strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> relatedDependency, <strong class="jxr_keyword">final</strong> Set<Dependency> dependenciesToRemove) {
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> dependency.addRelatedDependency(relatedDependency);
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">final</strong> Iterator<Dependency> i = relatedDependency.getRelatedDependencies().iterator();
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">while</strong> (i.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> dependency.addRelatedDependency(i.next());
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> i.remove();
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> }
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">if</strong> (dependency.getSha1sum().equals(relatedDependency.getSha1sum())) {
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> dependency.addAllProjectReferences(relatedDependency.getProjectReferences());
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> }
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> dependenciesToRemove.add(relatedDependency);
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> }
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a>
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment"> * Attempts to trim a maven repo to a common base path. This is typically [drive]\[repo_location]\repository\[path1]\[path2].</em>
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <em class="jxr_javadoccomment"> * @param path the path to trim</em>
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <em class="jxr_javadoccomment"> * @return a string representing the base path.</em>
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">private</strong> String getBaseRepoPath(<strong class="jxr_keyword">final</strong> String path) {
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">int</strong> pos = path.indexOf(<span class="jxr_string">"repository"</span> + File.separator) + 11;
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <strong class="jxr_keyword">if</strong> (pos < 0) {
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <strong class="jxr_keyword">return</strong> path;
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">break</strong>; <em class="jxr_comment">//since we merged into the next dependency - skip forward to the next in mainIterator</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> }
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (isShadedJar(dependency, nextDependency)) {
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">if</strong> (dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">"pom.xml"</span>)) {
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> mergeDependencies(nextDependency, dependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> nextDependency.getRelatedDependencies().remove(dependency);
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> mergeDependencies(dependency, nextDependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> dependency.getRelatedDependencies().remove(nextDependency);
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> }
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (cpeIdentifiersMatch(dependency, nextDependency)
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> && hasSameBasePath(dependency, nextDependency)
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> && fileNameMatch(dependency, nextDependency)) {
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">if</strong> (isCore(dependency, nextDependency)) {
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> mergeDependencies(dependency, nextDependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> mergeDependencies(nextDependency, dependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <strong class="jxr_keyword">break</strong>; <em class="jxr_comment">//since we merged into the next dependency - skip forward to the next in mainIterator</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> }
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (isSameRubyGem(dependency, nextDependency)) {
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> main = getMainGemspecDependency(dependency, nextDependency);
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <strong class="jxr_keyword">if</strong> (main == dependency) {
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> mergeDependencies(dependency, nextDependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> mergeDependencies(nextDependency, dependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">break</strong>; <em class="jxr_comment">//since we merged into the next dependency - skip forward to the next in mainIterator</em>
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> }
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> }
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> }
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> }
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> }
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_comment">//removing dependencies here as ensuring correctness and avoiding ConcurrentUpdateExceptions</em>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_comment">// was difficult because of the inner iterator.</em>
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> engine.getDependencies().removeAll(dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> }
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> }
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a>
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_javadoccomment"> * Adds the relatedDependency to the dependency's related dependencies.</em>
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <em class="jxr_javadoccomment"> * @param dependency the main dependency</em>
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment"> * @param relatedDependency a collection of dependencies to be removed from</em>
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_javadoccomment"> * the main analysis loop, this is the source of dependencies to remove</em>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <em class="jxr_javadoccomment"> * @param dependenciesToRemove a collection of dependencies that will be</em>
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <em class="jxr_javadoccomment"> * removed from the main analysis loop, this function adds to this</em>
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment"> * collection</em>
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> mergeDependencies(<strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> relatedDependency, <strong class="jxr_keyword">final</strong> Set<Dependency> dependenciesToRemove) {
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> dependency.addRelatedDependency(relatedDependency);
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <strong class="jxr_keyword">final</strong> Iterator<Dependency> i = relatedDependency.getRelatedDependencies().iterator();
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">while</strong> (i.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> dependency.addRelatedDependency(i.next());
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> i.remove();
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> }
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <strong class="jxr_keyword">if</strong> (dependency.getSha1sum().equals(relatedDependency.getSha1sum())) {
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> dependency.addAllProjectReferences(relatedDependency.getProjectReferences());
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> }
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <strong class="jxr_keyword">int</strong> tmp = path.indexOf(File.separator, pos);
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <strong class="jxr_keyword">if</strong> (tmp <= 0) {
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <strong class="jxr_keyword">return</strong> path;
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> }
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <strong class="jxr_keyword">if</strong> (tmp > 0) {
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> pos = tmp + 1;
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> }
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> tmp = path.indexOf(File.separator, pos);
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <strong class="jxr_keyword">if</strong> (tmp > 0) {
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> pos = tmp + 1;
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> }
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">return</strong> path.substring(0, pos);
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> }
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a>
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <em class="jxr_javadoccomment"> * Returns true if the file names (and version if it exists) of the two dependencies are sufficiently similar.</em>
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <em class="jxr_javadoccomment"> * @param dependency1 a dependency2 to compare</em>
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <em class="jxr_javadoccomment"> * @param dependency2 a dependency2 to compare</em>
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <em class="jxr_javadoccomment"> * @return true if the identifiers in the two supplied dependencies are equal</em>
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> fileNameMatch(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency1.getFileName() == <strong class="jxr_keyword">null</strong>
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> || dependency2 == <strong class="jxr_keyword">null</strong> || dependency2.getFileName() == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> dependenciesToRemove.add(relatedDependency);
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> }
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a>
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment"> * Attempts to trim a maven repo to a common base path. This is typically</em>
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> * [drive]\[repo_location]\repository\[path1]\[path2].</em>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> * @param path the path to trim</em>
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment"> * @return a string representing the base path.</em>
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">private</strong> String getBaseRepoPath(<strong class="jxr_keyword">final</strong> String path) {
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">int</strong> pos = path.indexOf(<span class="jxr_string">"repository"</span> + File.separator) + 11;
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">if</strong> (pos < 0) {
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">return</strong> path;
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> }
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <strong class="jxr_keyword">int</strong> tmp = path.indexOf(File.separator, pos);
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <strong class="jxr_keyword">if</strong> (tmp <= 0) {
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <strong class="jxr_keyword">return</strong> path;
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> }
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <strong class="jxr_keyword">if</strong> (tmp > 0) {
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> pos = tmp + 1;
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> }
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> tmp = path.indexOf(File.separator, pos);
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <strong class="jxr_keyword">if</strong> (tmp > 0) {
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> pos = tmp + 1;
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> }
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <strong class="jxr_keyword">final</strong> String fileName1 = dependency1.getActualFile().getName();
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <strong class="jxr_keyword">final</strong> String fileName2 = dependency2.getActualFile().getName();
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <strong class="jxr_keyword">return</strong> path.substring(0, pos);
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> }
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a>
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <em class="jxr_comment">//version check</em>
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/utils/DependencyVersion.html">DependencyVersion</a> version1 = DependencyVersionUtil.parseVersion(fileName1);
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/utils/DependencyVersion.html">DependencyVersion</a> version2 = DependencyVersionUtil.parseVersion(fileName2);
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <strong class="jxr_keyword">if</strong> (version1 != <strong class="jxr_keyword">null</strong> && version2 != <strong class="jxr_keyword">null</strong> && !version1.equals(version2)) {
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> }
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a>
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <em class="jxr_comment">//filename check</em>
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">final</strong> Matcher match1 = STARTING_TEXT_PATTERN.matcher(fileName1);
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <strong class="jxr_keyword">final</strong> Matcher match2 = STARTING_TEXT_PATTERN.matcher(fileName2);
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <strong class="jxr_keyword">if</strong> (match1.find() && match2.find()) {
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">return</strong> match1.group().equals(match2.group());
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> }
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a>
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> }
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <em class="jxr_javadoccomment"> * Returns true if the file names (and version if it exists) of the two</em>
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <em class="jxr_javadoccomment"> * dependencies are sufficiently similar.</em>
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <em class="jxr_javadoccomment"> * @param dependency1 a dependency2 to compare</em>
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <em class="jxr_javadoccomment"> * @param dependency2 a dependency2 to compare</em>
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <em class="jxr_javadoccomment"> * @return true if the identifiers in the two supplied dependencies are</em>
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <em class="jxr_javadoccomment"> * equal</em>
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> fileNameMatch(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency1.getFileName() == <strong class="jxr_keyword">null</strong>
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> || dependency2 == <strong class="jxr_keyword">null</strong> || dependency2.getFileName() == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> }
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> <strong class="jxr_keyword">final</strong> String fileName1 = dependency1.getActualFile().getName();
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <strong class="jxr_keyword">final</strong> String fileName2 = dependency2.getActualFile().getName();
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a>
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <em class="jxr_javadoccomment"> * Returns true if the CPE identifiers in the two supplied dependencies are equal.</em>
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <em class="jxr_javadoccomment"> * @param dependency1 a dependency2 to compare</em>
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <em class="jxr_javadoccomment"> * @param dependency2 a dependency2 to compare</em>
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <em class="jxr_javadoccomment"> * @return true if the identifiers in the two supplied dependencies are equal</em>
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> cpeIdentifiersMatch(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency1.getIdentifiers() == <strong class="jxr_keyword">null</strong>
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> || dependency2 == <strong class="jxr_keyword">null</strong> || dependency2.getIdentifiers() == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> }
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <strong class="jxr_keyword">boolean</strong> matches = false;
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <strong class="jxr_keyword">int</strong> cpeCount1 = 0;
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <strong class="jxr_keyword">int</strong> cpeCount2 = 0;
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency1.getIdentifiers()) {
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> cpeCount1 += 1;
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> }
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> }
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency2.getIdentifiers()) {
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> cpeCount2 += 1;
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> }
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> }
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <strong class="jxr_keyword">if</strong> (cpeCount1 > 0 && cpeCount1 == cpeCount2) {
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency1.getIdentifiers()) {
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> matches |= dependency2.getIdentifiers().contains(i);
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">if</strong> (!matches) {
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> }
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> }
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> }
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> }
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> LOGGER.debug(<span class="jxr_string">"IdentifiersMatch={} ({}, {})"</span>, matches, dependency1.getFileName(), dependency2.getFileName());
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> <strong class="jxr_keyword">return</strong> matches;
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> }
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a>
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <em class="jxr_javadoccomment"> * Determines if the two dependencies have the same base path.</em>
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_javadoccomment"> * @param dependency1 a Dependency object</em>
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <em class="jxr_javadoccomment"> * @param dependency2 a Dependency object</em>
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <em class="jxr_javadoccomment"> * @return true if the base paths of the dependencies are identical</em>
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> hasSameBasePath(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency2 == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> }
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <strong class="jxr_keyword">final</strong> File lFile = <strong class="jxr_keyword">new</strong> File(dependency1.getFilePath());
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> String left = lFile.getParent();
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <strong class="jxr_keyword">final</strong> File rFile = <strong class="jxr_keyword">new</strong> File(dependency2.getFilePath());
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> String right = rFile.getParent();
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> <strong class="jxr_keyword">if</strong> (left == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> <strong class="jxr_keyword">return</strong> right == <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> }
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <strong class="jxr_keyword">if</strong> (left.equalsIgnoreCase(right)) {
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> }
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <strong class="jxr_keyword">if</strong> (left.matches(<span class="jxr_string">".*[/\\\\]repository[/\\\\].*"</span>) && right.matches(<span class="jxr_string">".*[/\\\\]repository[/\\\\].*"</span>)) {
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> left = getBaseRepoPath(left);
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> right = getBaseRepoPath(right);
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> }
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <strong class="jxr_keyword">if</strong> (left.equalsIgnoreCase(right)) {
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> }
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_comment">//new code</em>
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <strong class="jxr_keyword">for</strong> (Dependency child : dependency2.getRelatedDependencies()) {
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <strong class="jxr_keyword">if</strong> (hasSameBasePath(dependency1, child)) {
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> }
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> }
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> }
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a>
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <em class="jxr_javadoccomment"> * This is likely a very broken attempt at determining if the 'left' dependency is the 'core' library in comparison to the</em>
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <em class="jxr_javadoccomment"> * 'right' library.</em>
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> <em class="jxr_javadoccomment"> * @param left the dependency to test</em>
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> <em class="jxr_javadoccomment"> * @param right the dependency to test against</em>
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <em class="jxr_javadoccomment"> * @return a boolean indicating whether or not the left dependency should be considered the "core" version.</em>
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> <strong class="jxr_keyword">boolean</strong> isCore(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> left, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> right) {
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> <strong class="jxr_keyword">final</strong> String leftName = left.getFileName().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <strong class="jxr_keyword">final</strong> String rightName = right.getFileName().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a>
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> returnVal;
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <strong class="jxr_keyword">if</strong> (!rightName.matches(<span class="jxr_string">".*\\.(tar|tgz|gz|zip|ear|war).+"</span>) && leftName.matches(<span class="jxr_string">".*\\.(tar|tgz|gz|zip|ear|war).+"</span>)
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> || rightName.contains(<span class="jxr_string">"core"</span>) && !leftName.contains(<span class="jxr_string">"core"</span>)
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> || rightName.contains(<span class="jxr_string">"kernel"</span>) && !leftName.contains(<span class="jxr_string">"kernel"</span>)) {
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> returnVal = false;
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (rightName.matches(<span class="jxr_string">".*\\.(tar|tgz|gz|zip|ear|war).+"</span>) && !leftName.matches(<span class="jxr_string">".*\\.(tar|tgz|gz|zip|ear|war).+"</span>)
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> || !rightName.contains(<span class="jxr_string">"core"</span>) && leftName.contains(<span class="jxr_string">"core"</span>)
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> || !rightName.contains(<span class="jxr_string">"kernel"</span>) && leftName.contains(<span class="jxr_string">"kernel"</span>)) {
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> returnVal = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> <em class="jxr_comment">// } else if (leftName.matches(".*struts2\\-core.*") && rightName.matches(".*xwork\\-core.*")) {</em>
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a> <em class="jxr_comment">// returnVal = true;</em>
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a> <em class="jxr_comment">// } else if (rightName.matches(".*struts2\\-core.*") && leftName.matches(".*xwork\\-core.*")) {</em>
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> <em class="jxr_comment">// returnVal = false;</em>
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> <em class="jxr_comment">/*</em>
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> <em class="jxr_comment"> * considered splitting the names up and comparing the components,</em>
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> <em class="jxr_comment"> * but decided that the file name length should be sufficient as the</em>
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a> <em class="jxr_comment"> * "core" component, if this follows a normal naming protocol should</em>
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> <em class="jxr_comment"> * be shorter:</em>
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a> <em class="jxr_comment"> * axis2-saaj-1.4.1.jar</em>
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> <em class="jxr_comment"> * axis2-1.4.1.jar <-----</em>
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a> <em class="jxr_comment"> * axis2-kernel-1.4.1.jar</em>
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> returnVal = leftName.length() <= rightName.length();
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <em class="jxr_comment">//version check</em>
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/utils/DependencyVersion.html">DependencyVersion</a> version1 = DependencyVersionUtil.parseVersion(fileName1);
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/utils/DependencyVersion.html">DependencyVersion</a> version2 = DependencyVersionUtil.parseVersion(fileName2);
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <strong class="jxr_keyword">if</strong> (version1 != <strong class="jxr_keyword">null</strong> && version2 != <strong class="jxr_keyword">null</strong> && !version1.equals(version2)) {
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> }
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a>
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <em class="jxr_comment">//filename check</em>
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <strong class="jxr_keyword">final</strong> Matcher match1 = STARTING_TEXT_PATTERN.matcher(fileName1);
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">final</strong> Matcher match2 = STARTING_TEXT_PATTERN.matcher(fileName2);
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <strong class="jxr_keyword">if</strong> (match1.find() && match2.find()) {
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <strong class="jxr_keyword">return</strong> match1.group().equals(match2.group());
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> }
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a>
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> }
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a>
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <em class="jxr_javadoccomment"> * Returns true if the CPE identifiers in the two supplied dependencies are</em>
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> <em class="jxr_javadoccomment"> * equal.</em>
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <em class="jxr_javadoccomment"> * @param dependency1 a dependency2 to compare</em>
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <em class="jxr_javadoccomment"> * @param dependency2 a dependency2 to compare</em>
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <em class="jxr_javadoccomment"> * @return true if the identifiers in the two supplied dependencies are</em>
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <em class="jxr_javadoccomment"> * equal</em>
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> cpeIdentifiersMatch(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency1.getIdentifiers() == <strong class="jxr_keyword">null</strong>
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> || dependency2 == <strong class="jxr_keyword">null</strong> || dependency2.getIdentifiers() == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> }
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <strong class="jxr_keyword">boolean</strong> matches = false;
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> <strong class="jxr_keyword">int</strong> cpeCount1 = 0;
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <strong class="jxr_keyword">int</strong> cpeCount2 = 0;
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency1.getIdentifiers()) {
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> cpeCount1 += 1;
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> }
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> }
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency2.getIdentifiers()) {
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> cpeCount2 += 1;
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> }
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> }
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <strong class="jxr_keyword">if</strong> (cpeCount1 > 0 && cpeCount1 == cpeCount2) {
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency1.getIdentifiers()) {
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> matches |= dependency2.getIdentifiers().contains(i);
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <strong class="jxr_keyword">if</strong> (!matches) {
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> }
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> }
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> }
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> }
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> LOGGER.debug(<span class="jxr_string">"IdentifiersMatch={} ({}, {})"</span>, matches, dependency1.getFileName(), dependency2.getFileName());
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> <strong class="jxr_keyword">return</strong> matches;
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> }
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a>
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <em class="jxr_javadoccomment"> * Determines if the two dependencies have the same base path.</em>
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <em class="jxr_javadoccomment"> * @param dependency1 a Dependency object</em>
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <em class="jxr_javadoccomment"> * @param dependency2 a Dependency object</em>
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <em class="jxr_javadoccomment"> * @return true if the base paths of the dependencies are identical</em>
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> hasSameBasePath(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency2 == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> }
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <strong class="jxr_keyword">final</strong> File lFile = <strong class="jxr_keyword">new</strong> File(dependency1.getFilePath());
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> String left = lFile.getParent();
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <strong class="jxr_keyword">final</strong> File rFile = <strong class="jxr_keyword">new</strong> File(dependency2.getFilePath());
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> String right = rFile.getParent();
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <strong class="jxr_keyword">if</strong> (left == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <strong class="jxr_keyword">return</strong> right == <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> }
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <strong class="jxr_keyword">if</strong> (left.equalsIgnoreCase(right)) {
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> }
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <strong class="jxr_keyword">if</strong> (left.matches(<span class="jxr_string">".*[/\\\\]repository[/\\\\].*"</span>) && right.matches(<span class="jxr_string">".*[/\\\\]repository[/\\\\].*"</span>)) {
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> left = getBaseRepoPath(left);
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> right = getBaseRepoPath(right);
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> }
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <strong class="jxr_keyword">if</strong> (left.equalsIgnoreCase(right)) {
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> }
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <em class="jxr_comment">//new code</em>
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <strong class="jxr_keyword">for</strong> (Dependency child : dependency2.getRelatedDependencies()) {
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <strong class="jxr_keyword">if</strong> (hasSameBasePath(dependency1, child)) {
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> }
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> }
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> }
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a>
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> <em class="jxr_javadoccomment"> * Bundling Ruby gems that are identified from different .gemspec files but</em>
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> <em class="jxr_javadoccomment"> * denote the same package path. This happens when Ruby bundler installs an</em>
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a> <em class="jxr_javadoccomment"> * application's dependencies by running "bundle install".</em>
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> <em class="jxr_javadoccomment"> * @param dependency1 dependency to compare</em>
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a> <em class="jxr_javadoccomment"> * @param dependency2 dependency to compare</em>
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> <em class="jxr_javadoccomment"> * @return true if the the dependencies being analyzed appear to be the</em>
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> <em class="jxr_javadoccomment"> * same; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isSameRubyGem(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency2 == <strong class="jxr_keyword">null</strong>
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a> || !dependency1.getFileName().endsWith(<span class="jxr_string">".gemspec"</span>)
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> || !dependency2.getFileName().endsWith(<span class="jxr_string">".gemspec"</span>)
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a> || dependency1.getPackagePath() == <strong class="jxr_keyword">null</strong>
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> || dependency2.getPackagePath() == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L342" href="#L342">342</a> }
|
||||
<a class="jxr_linenumber" name="L343" href="#L343">343</a> LOGGER.debug(<span class="jxr_string">"IsCore={} ({}, {})"</span>, returnVal, left.getFileName(), right.getFileName());
|
||||
<a class="jxr_linenumber" name="L344" href="#L344">344</a> <strong class="jxr_keyword">return</strong> returnVal;
|
||||
<a class="jxr_linenumber" name="L345" href="#L345">345</a> }
|
||||
<a class="jxr_linenumber" name="L343" href="#L343">343</a> <strong class="jxr_keyword">if</strong> (dependency1.getPackagePath().equalsIgnoreCase(dependency2.getPackagePath())) {
|
||||
<a class="jxr_linenumber" name="L344" href="#L344">344</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L345" href="#L345">345</a> }
|
||||
<a class="jxr_linenumber" name="L346" href="#L346">346</a>
|
||||
<a class="jxr_linenumber" name="L347" href="#L347">347</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L348" href="#L348">348</a> <em class="jxr_javadoccomment"> * Compares the SHA1 hashes of two dependencies to determine if they are equal.</em>
|
||||
<a class="jxr_linenumber" name="L349" href="#L349">349</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L350" href="#L350">350</a> <em class="jxr_javadoccomment"> * @param dependency1 a dependency object to compare</em>
|
||||
<a class="jxr_linenumber" name="L351" href="#L351">351</a> <em class="jxr_javadoccomment"> * @param dependency2 a dependency object to compare</em>
|
||||
<a class="jxr_linenumber" name="L352" href="#L352">352</a> <em class="jxr_javadoccomment"> * @return true if the sha1 hashes of the two dependencies match; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L353" href="#L353">353</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> hashesMatch(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
|
||||
<a class="jxr_linenumber" name="L355" href="#L355">355</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency2 == <strong class="jxr_keyword">null</strong> || dependency1.getSha1sum() == <strong class="jxr_keyword">null</strong> || dependency2.getSha1sum() == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L356" href="#L356">356</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L357" href="#L357">357</a> }
|
||||
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <strong class="jxr_keyword">return</strong> dependency1.getSha1sum().equals(dependency2.getSha1sum());
|
||||
<a class="jxr_linenumber" name="L359" href="#L359">359</a> }
|
||||
<a class="jxr_linenumber" name="L360" href="#L360">360</a>
|
||||
<a class="jxr_linenumber" name="L361" href="#L361">361</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L362" href="#L362">362</a> <em class="jxr_javadoccomment"> * Determines if the jar is shaded and the created pom.xml identified the same CPE as the jar - if so, the pom.xml dependency</em>
|
||||
<a class="jxr_linenumber" name="L363" href="#L363">363</a> <em class="jxr_javadoccomment"> * should be removed.</em>
|
||||
<a class="jxr_linenumber" name="L364" href="#L364">364</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L365" href="#L365">365</a> <em class="jxr_javadoccomment"> * @param dependency a dependency to check</em>
|
||||
<a class="jxr_linenumber" name="L366" href="#L366">366</a> <em class="jxr_javadoccomment"> * @param nextDependency another dependency to check</em>
|
||||
<a class="jxr_linenumber" name="L367" href="#L367">367</a> <em class="jxr_javadoccomment"> * @return true if on of the dependencies is a pom.xml and the identifiers between the two collections match; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L368" href="#L368">368</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L369" href="#L369">369</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isShadedJar(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> nextDependency) {
|
||||
<a class="jxr_linenumber" name="L370" href="#L370">370</a> <strong class="jxr_keyword">final</strong> String mainName = dependency.getFileName().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L371" href="#L371">371</a> <strong class="jxr_keyword">final</strong> String nextName = nextDependency.getFileName().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L372" href="#L372">372</a> <strong class="jxr_keyword">if</strong> (mainName.endsWith(<span class="jxr_string">".jar"</span>) && nextName.endsWith(<span class="jxr_string">"pom.xml"</span>)) {
|
||||
<a class="jxr_linenumber" name="L373" href="#L373">373</a> <strong class="jxr_keyword">return</strong> dependency.getIdentifiers().containsAll(nextDependency.getIdentifiers());
|
||||
<a class="jxr_linenumber" name="L374" href="#L374">374</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextName.endsWith(<span class="jxr_string">".jar"</span>) && mainName.endsWith(<span class="jxr_string">"pom.xml"</span>)) {
|
||||
<a class="jxr_linenumber" name="L375" href="#L375">375</a> <strong class="jxr_keyword">return</strong> nextDependency.getIdentifiers().containsAll(dependency.getIdentifiers());
|
||||
<a class="jxr_linenumber" name="L376" href="#L376">376</a> }
|
||||
<a class="jxr_linenumber" name="L377" href="#L377">377</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L378" href="#L378">378</a> }
|
||||
<a class="jxr_linenumber" name="L379" href="#L379">379</a>
|
||||
<a class="jxr_linenumber" name="L380" href="#L380">380</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L381" href="#L381">381</a> <em class="jxr_javadoccomment"> * Determines which path is shortest; if path lengths are equal then we use compareTo of the string method to determine if the</em>
|
||||
<a class="jxr_linenumber" name="L382" href="#L382">382</a> <em class="jxr_javadoccomment"> * first path is smaller.</em>
|
||||
<a class="jxr_linenumber" name="L383" href="#L383">383</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L384" href="#L384">384</a> <em class="jxr_javadoccomment"> * @param left the first path to compare</em>
|
||||
<a class="jxr_linenumber" name="L385" href="#L385">385</a> <em class="jxr_javadoccomment"> * @param right the second path to compare</em>
|
||||
<a class="jxr_linenumber" name="L386" href="#L386">386</a> <em class="jxr_javadoccomment"> * @return <code>true</code> if the leftPath is the shortest; otherwise <code>false</code></em>
|
||||
<a class="jxr_linenumber" name="L347" href="#L347">347</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L348" href="#L348">348</a> }
|
||||
<a class="jxr_linenumber" name="L349" href="#L349">349</a>
|
||||
<a class="jxr_linenumber" name="L350" href="#L350">350</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L351" href="#L351">351</a> <em class="jxr_javadoccomment"> * Ruby gems installed by "bundle install" can have zero or more *.gemspec</em>
|
||||
<a class="jxr_linenumber" name="L352" href="#L352">352</a> <em class="jxr_javadoccomment"> * files, all of which have the same packagePath and should be grouped. If</em>
|
||||
<a class="jxr_linenumber" name="L353" href="#L353">353</a> <em class="jxr_javadoccomment"> * one of these gemspec is from <parent>/specifications/*.gemspec, because</em>
|
||||
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <em class="jxr_javadoccomment"> * it is a stub with fully resolved gem meta-data created by Ruby bundler,</em>
|
||||
<a class="jxr_linenumber" name="L355" href="#L355">355</a> <em class="jxr_javadoccomment"> * this dependency should be the main one. Otherwise, use dependency2 as</em>
|
||||
<a class="jxr_linenumber" name="L356" href="#L356">356</a> <em class="jxr_javadoccomment"> * main.</em>
|
||||
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <em class="jxr_javadoccomment"> * This method returns null if any dependency is not from *.gemspec, or the</em>
|
||||
<a class="jxr_linenumber" name="L359" href="#L359">359</a> <em class="jxr_javadoccomment"> * two do not have the same packagePath. In this case, they should not be</em>
|
||||
<a class="jxr_linenumber" name="L360" href="#L360">360</a> <em class="jxr_javadoccomment"> * grouped.</em>
|
||||
<a class="jxr_linenumber" name="L361" href="#L361">361</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L362" href="#L362">362</a> <em class="jxr_javadoccomment"> * @param dependency1 dependency to compare</em>
|
||||
<a class="jxr_linenumber" name="L363" href="#L363">363</a> <em class="jxr_javadoccomment"> * @param dependency2 dependency to compare</em>
|
||||
<a class="jxr_linenumber" name="L364" href="#L364">364</a> <em class="jxr_javadoccomment"> * @return the main dependency; or null if a gemspec is not included in the</em>
|
||||
<a class="jxr_linenumber" name="L365" href="#L365">365</a> <em class="jxr_javadoccomment"> * analysis</em>
|
||||
<a class="jxr_linenumber" name="L366" href="#L366">366</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L367" href="#L367">367</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> getMainGemspecDependency(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
|
||||
<a class="jxr_linenumber" name="L368" href="#L368">368</a> <strong class="jxr_keyword">if</strong> (isSameRubyGem(dependency1, dependency2)) {
|
||||
<a class="jxr_linenumber" name="L369" href="#L369">369</a> <strong class="jxr_keyword">final</strong> File lFile = dependency1.getActualFile();
|
||||
<a class="jxr_linenumber" name="L370" href="#L370">370</a> <strong class="jxr_keyword">final</strong> File left = lFile.getParentFile();
|
||||
<a class="jxr_linenumber" name="L371" href="#L371">371</a> <strong class="jxr_keyword">if</strong> (left != <strong class="jxr_keyword">null</strong> && left.getName().equalsIgnoreCase(<span class="jxr_string">"specifications"</span>)) {
|
||||
<a class="jxr_linenumber" name="L372" href="#L372">372</a> <strong class="jxr_keyword">return</strong> dependency1;
|
||||
<a class="jxr_linenumber" name="L373" href="#L373">373</a> }
|
||||
<a class="jxr_linenumber" name="L374" href="#L374">374</a> <strong class="jxr_keyword">return</strong> dependency2;
|
||||
<a class="jxr_linenumber" name="L375" href="#L375">375</a> }
|
||||
<a class="jxr_linenumber" name="L376" href="#L376">376</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L377" href="#L377">377</a> }
|
||||
<a class="jxr_linenumber" name="L378" href="#L378">378</a>
|
||||
<a class="jxr_linenumber" name="L379" href="#L379">379</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L380" href="#L380">380</a> <em class="jxr_javadoccomment"> * This is likely a very broken attempt at determining if the 'left'</em>
|
||||
<a class="jxr_linenumber" name="L381" href="#L381">381</a> <em class="jxr_javadoccomment"> * dependency is the 'core' library in comparison to the 'right' library.</em>
|
||||
<a class="jxr_linenumber" name="L382" href="#L382">382</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L383" href="#L383">383</a> <em class="jxr_javadoccomment"> * @param left the dependency to test</em>
|
||||
<a class="jxr_linenumber" name="L384" href="#L384">384</a> <em class="jxr_javadoccomment"> * @param right the dependency to test against</em>
|
||||
<a class="jxr_linenumber" name="L385" href="#L385">385</a> <em class="jxr_javadoccomment"> * @return a boolean indicating whether or not the left dependency should be</em>
|
||||
<a class="jxr_linenumber" name="L386" href="#L386">386</a> <em class="jxr_javadoccomment"> * considered the "core" version.</em>
|
||||
<a class="jxr_linenumber" name="L387" href="#L387">387</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L388" href="#L388">388</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">boolean</strong> firstPathIsShortest(String left, String right) {
|
||||
<a class="jxr_linenumber" name="L389" href="#L389">389</a> <strong class="jxr_keyword">final</strong> String leftPath = left.replace('\\', '/');
|
||||
<a class="jxr_linenumber" name="L390" href="#L390">390</a> <strong class="jxr_keyword">final</strong> String rightPath = right.replace('\\', '/');
|
||||
<a class="jxr_linenumber" name="L388" href="#L388">388</a> <strong class="jxr_keyword">boolean</strong> isCore(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> left, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> right) {
|
||||
<a class="jxr_linenumber" name="L389" href="#L389">389</a> <strong class="jxr_keyword">final</strong> String leftName = left.getFileName().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L390" href="#L390">390</a> <strong class="jxr_keyword">final</strong> String rightName = right.getFileName().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L391" href="#L391">391</a>
|
||||
<a class="jxr_linenumber" name="L392" href="#L392">392</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> leftCount = countChar(leftPath, '/');
|
||||
<a class="jxr_linenumber" name="L393" href="#L393">393</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> rightCount = countChar(rightPath, '/');
|
||||
<a class="jxr_linenumber" name="L394" href="#L394">394</a> <strong class="jxr_keyword">if</strong> (leftCount == rightCount) {
|
||||
<a class="jxr_linenumber" name="L395" href="#L395">395</a> <strong class="jxr_keyword">return</strong> leftPath.compareTo(rightPath) <= 0;
|
||||
<a class="jxr_linenumber" name="L396" href="#L396">396</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L397" href="#L397">397</a> <strong class="jxr_keyword">return</strong> leftCount < rightCount;
|
||||
<a class="jxr_linenumber" name="L398" href="#L398">398</a> }
|
||||
<a class="jxr_linenumber" name="L399" href="#L399">399</a> }
|
||||
<a class="jxr_linenumber" name="L400" href="#L400">400</a>
|
||||
<a class="jxr_linenumber" name="L401" href="#L401">401</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L402" href="#L402">402</a> <em class="jxr_javadoccomment"> * Counts the number of times the character is present in the string.</em>
|
||||
<a class="jxr_linenumber" name="L403" href="#L403">403</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L404" href="#L404">404</a> <em class="jxr_javadoccomment"> * @param string the string to count the characters in</em>
|
||||
<a class="jxr_linenumber" name="L405" href="#L405">405</a> <em class="jxr_javadoccomment"> * @param c the character to count</em>
|
||||
<a class="jxr_linenumber" name="L406" href="#L406">406</a> <em class="jxr_javadoccomment"> * @return the number of times the character is present in the string</em>
|
||||
<a class="jxr_linenumber" name="L407" href="#L407">407</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L408" href="#L408">408</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">int</strong> countChar(String string, <strong class="jxr_keyword">char</strong> c) {
|
||||
<a class="jxr_linenumber" name="L409" href="#L409">409</a> <strong class="jxr_keyword">int</strong> count = 0;
|
||||
<a class="jxr_linenumber" name="L410" href="#L410">410</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> max = string.length();
|
||||
<a class="jxr_linenumber" name="L411" href="#L411">411</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> i = 0; i < max; i++) {
|
||||
<a class="jxr_linenumber" name="L412" href="#L412">412</a> <strong class="jxr_keyword">if</strong> (c == string.charAt(i)) {
|
||||
<a class="jxr_linenumber" name="L413" href="#L413">413</a> count++;
|
||||
<a class="jxr_linenumber" name="L414" href="#L414">414</a> }
|
||||
<a class="jxr_linenumber" name="L415" href="#L415">415</a> }
|
||||
<a class="jxr_linenumber" name="L416" href="#L416">416</a> <strong class="jxr_keyword">return</strong> count;
|
||||
<a class="jxr_linenumber" name="L417" href="#L417">417</a> }
|
||||
<a class="jxr_linenumber" name="L418" href="#L418">418</a>
|
||||
<a class="jxr_linenumber" name="L419" href="#L419">419</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L420" href="#L420">420</a> <em class="jxr_javadoccomment"> * Checks if the given file path is contained within a war or ear file.</em>
|
||||
<a class="jxr_linenumber" name="L421" href="#L421">421</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L422" href="#L422">422</a> <em class="jxr_javadoccomment"> * @param filePath the file path to check</em>
|
||||
<a class="jxr_linenumber" name="L423" href="#L423">423</a> <em class="jxr_javadoccomment"> * @return true if the path contains '.war\' or '.ear\'.</em>
|
||||
<a class="jxr_linenumber" name="L424" href="#L424">424</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L425" href="#L425">425</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> containedInWar(String filePath) {
|
||||
<a class="jxr_linenumber" name="L426" href="#L426">426</a> <strong class="jxr_keyword">return</strong> filePath == <strong class="jxr_keyword">null</strong> ? false : filePath.matches(<span class="jxr_string">".*\\.(ear|war)[\\\\/].*"</span>);
|
||||
<a class="jxr_linenumber" name="L427" href="#L427">427</a> }
|
||||
<a class="jxr_linenumber" name="L428" href="#L428">428</a> }
|
||||
<a class="jxr_linenumber" name="L392" href="#L392">392</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> returnVal;
|
||||
<a class="jxr_linenumber" name="L393" href="#L393">393</a> <strong class="jxr_keyword">if</strong> (!rightName.matches(<span class="jxr_string">".*\\.(tar|tgz|gz|zip|ear|war).+"</span>) && leftName.matches(<span class="jxr_string">".*\\.(tar|tgz|gz|zip|ear|war).+"</span>)
|
||||
<a class="jxr_linenumber" name="L394" href="#L394">394</a> || rightName.contains(<span class="jxr_string">"core"</span>) && !leftName.contains(<span class="jxr_string">"core"</span>)
|
||||
<a class="jxr_linenumber" name="L395" href="#L395">395</a> || rightName.contains(<span class="jxr_string">"kernel"</span>) && !leftName.contains(<span class="jxr_string">"kernel"</span>)) {
|
||||
<a class="jxr_linenumber" name="L396" href="#L396">396</a> returnVal = false;
|
||||
<a class="jxr_linenumber" name="L397" href="#L397">397</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (rightName.matches(<span class="jxr_string">".*\\.(tar|tgz|gz|zip|ear|war).+"</span>) && !leftName.matches(<span class="jxr_string">".*\\.(tar|tgz|gz|zip|ear|war).+"</span>)
|
||||
<a class="jxr_linenumber" name="L398" href="#L398">398</a> || !rightName.contains(<span class="jxr_string">"core"</span>) && leftName.contains(<span class="jxr_string">"core"</span>)
|
||||
<a class="jxr_linenumber" name="L399" href="#L399">399</a> || !rightName.contains(<span class="jxr_string">"kernel"</span>) && leftName.contains(<span class="jxr_string">"kernel"</span>)) {
|
||||
<a class="jxr_linenumber" name="L400" href="#L400">400</a> returnVal = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L401" href="#L401">401</a> <em class="jxr_comment">// } else if (leftName.matches(".*struts2\\-core.*") && rightName.matches(".*xwork\\-core.*")) {</em>
|
||||
<a class="jxr_linenumber" name="L402" href="#L402">402</a> <em class="jxr_comment">// returnVal = true;</em>
|
||||
<a class="jxr_linenumber" name="L403" href="#L403">403</a> <em class="jxr_comment">// } else if (rightName.matches(".*struts2\\-core.*") && leftName.matches(".*xwork\\-core.*")) {</em>
|
||||
<a class="jxr_linenumber" name="L404" href="#L404">404</a> <em class="jxr_comment">// returnVal = false;</em>
|
||||
<a class="jxr_linenumber" name="L405" href="#L405">405</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L406" href="#L406">406</a> <em class="jxr_comment">/*</em>
|
||||
<a class="jxr_linenumber" name="L407" href="#L407">407</a> <em class="jxr_comment"> * considered splitting the names up and comparing the components,</em>
|
||||
<a class="jxr_linenumber" name="L408" href="#L408">408</a> <em class="jxr_comment"> * but decided that the file name length should be sufficient as the</em>
|
||||
<a class="jxr_linenumber" name="L409" href="#L409">409</a> <em class="jxr_comment"> * "core" component, if this follows a normal naming protocol should</em>
|
||||
<a class="jxr_linenumber" name="L410" href="#L410">410</a> <em class="jxr_comment"> * be shorter:</em>
|
||||
<a class="jxr_linenumber" name="L411" href="#L411">411</a> <em class="jxr_comment"> * axis2-saaj-1.4.1.jar</em>
|
||||
<a class="jxr_linenumber" name="L412" href="#L412">412</a> <em class="jxr_comment"> * axis2-1.4.1.jar <-----</em>
|
||||
<a class="jxr_linenumber" name="L413" href="#L413">413</a> <em class="jxr_comment"> * axis2-kernel-1.4.1.jar</em>
|
||||
<a class="jxr_linenumber" name="L414" href="#L414">414</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L415" href="#L415">415</a> returnVal = leftName.length() <= rightName.length();
|
||||
<a class="jxr_linenumber" name="L416" href="#L416">416</a> }
|
||||
<a class="jxr_linenumber" name="L417" href="#L417">417</a> LOGGER.debug(<span class="jxr_string">"IsCore={} ({}, {})"</span>, returnVal, left.getFileName(), right.getFileName());
|
||||
<a class="jxr_linenumber" name="L418" href="#L418">418</a> <strong class="jxr_keyword">return</strong> returnVal;
|
||||
<a class="jxr_linenumber" name="L419" href="#L419">419</a> }
|
||||
<a class="jxr_linenumber" name="L420" href="#L420">420</a>
|
||||
<a class="jxr_linenumber" name="L421" href="#L421">421</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L422" href="#L422">422</a> <em class="jxr_javadoccomment"> * Compares the SHA1 hashes of two dependencies to determine if they are</em>
|
||||
<a class="jxr_linenumber" name="L423" href="#L423">423</a> <em class="jxr_javadoccomment"> * equal.</em>
|
||||
<a class="jxr_linenumber" name="L424" href="#L424">424</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L425" href="#L425">425</a> <em class="jxr_javadoccomment"> * @param dependency1 a dependency object to compare</em>
|
||||
<a class="jxr_linenumber" name="L426" href="#L426">426</a> <em class="jxr_javadoccomment"> * @param dependency2 a dependency object to compare</em>
|
||||
<a class="jxr_linenumber" name="L427" href="#L427">427</a> <em class="jxr_javadoccomment"> * @return true if the sha1 hashes of the two dependencies match; otherwise</em>
|
||||
<a class="jxr_linenumber" name="L428" href="#L428">428</a> <em class="jxr_javadoccomment"> * false</em>
|
||||
<a class="jxr_linenumber" name="L429" href="#L429">429</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L430" href="#L430">430</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> hashesMatch(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency1, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency2) {
|
||||
<a class="jxr_linenumber" name="L431" href="#L431">431</a> <strong class="jxr_keyword">if</strong> (dependency1 == <strong class="jxr_keyword">null</strong> || dependency2 == <strong class="jxr_keyword">null</strong> || dependency1.getSha1sum() == <strong class="jxr_keyword">null</strong> || dependency2.getSha1sum() == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L432" href="#L432">432</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L433" href="#L433">433</a> }
|
||||
<a class="jxr_linenumber" name="L434" href="#L434">434</a> <strong class="jxr_keyword">return</strong> dependency1.getSha1sum().equals(dependency2.getSha1sum());
|
||||
<a class="jxr_linenumber" name="L435" href="#L435">435</a> }
|
||||
<a class="jxr_linenumber" name="L436" href="#L436">436</a>
|
||||
<a class="jxr_linenumber" name="L437" href="#L437">437</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L438" href="#L438">438</a> <em class="jxr_javadoccomment"> * Determines if the jar is shaded and the created pom.xml identified the</em>
|
||||
<a class="jxr_linenumber" name="L439" href="#L439">439</a> <em class="jxr_javadoccomment"> * same CPE as the jar - if so, the pom.xml dependency should be removed.</em>
|
||||
<a class="jxr_linenumber" name="L440" href="#L440">440</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L441" href="#L441">441</a> <em class="jxr_javadoccomment"> * @param dependency a dependency to check</em>
|
||||
<a class="jxr_linenumber" name="L442" href="#L442">442</a> <em class="jxr_javadoccomment"> * @param nextDependency another dependency to check</em>
|
||||
<a class="jxr_linenumber" name="L443" href="#L443">443</a> <em class="jxr_javadoccomment"> * @return true if on of the dependencies is a pom.xml and the identifiers</em>
|
||||
<a class="jxr_linenumber" name="L444" href="#L444">444</a> <em class="jxr_javadoccomment"> * between the two collections match; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L445" href="#L445">445</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L446" href="#L446">446</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isShadedJar(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> nextDependency) {
|
||||
<a class="jxr_linenumber" name="L447" href="#L447">447</a> <strong class="jxr_keyword">final</strong> String mainName = dependency.getFileName().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L448" href="#L448">448</a> <strong class="jxr_keyword">final</strong> String nextName = nextDependency.getFileName().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L449" href="#L449">449</a> <strong class="jxr_keyword">if</strong> (mainName.endsWith(<span class="jxr_string">".jar"</span>) && nextName.endsWith(<span class="jxr_string">"pom.xml"</span>)) {
|
||||
<a class="jxr_linenumber" name="L450" href="#L450">450</a> <strong class="jxr_keyword">return</strong> dependency.getIdentifiers().containsAll(nextDependency.getIdentifiers());
|
||||
<a class="jxr_linenumber" name="L451" href="#L451">451</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextName.endsWith(<span class="jxr_string">".jar"</span>) && mainName.endsWith(<span class="jxr_string">"pom.xml"</span>)) {
|
||||
<a class="jxr_linenumber" name="L452" href="#L452">452</a> <strong class="jxr_keyword">return</strong> nextDependency.getIdentifiers().containsAll(dependency.getIdentifiers());
|
||||
<a class="jxr_linenumber" name="L453" href="#L453">453</a> }
|
||||
<a class="jxr_linenumber" name="L454" href="#L454">454</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L455" href="#L455">455</a> }
|
||||
<a class="jxr_linenumber" name="L456" href="#L456">456</a>
|
||||
<a class="jxr_linenumber" name="L457" href="#L457">457</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L458" href="#L458">458</a> <em class="jxr_javadoccomment"> * Determines which path is shortest; if path lengths are equal then we use</em>
|
||||
<a class="jxr_linenumber" name="L459" href="#L459">459</a> <em class="jxr_javadoccomment"> * compareTo of the string method to determine if the first path is smaller.</em>
|
||||
<a class="jxr_linenumber" name="L460" href="#L460">460</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L461" href="#L461">461</a> <em class="jxr_javadoccomment"> * @param left the first path to compare</em>
|
||||
<a class="jxr_linenumber" name="L462" href="#L462">462</a> <em class="jxr_javadoccomment"> * @param right the second path to compare</em>
|
||||
<a class="jxr_linenumber" name="L463" href="#L463">463</a> <em class="jxr_javadoccomment"> * @return <code>true</code> if the leftPath is the shortest; otherwise</em>
|
||||
<a class="jxr_linenumber" name="L464" href="#L464">464</a> <em class="jxr_javadoccomment"> * <code>false</code></em>
|
||||
<a class="jxr_linenumber" name="L465" href="#L465">465</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L466" href="#L466">466</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">boolean</strong> firstPathIsShortest(String left, String right) {
|
||||
<a class="jxr_linenumber" name="L467" href="#L467">467</a> <strong class="jxr_keyword">final</strong> String leftPath = left.replace('\\', '/');
|
||||
<a class="jxr_linenumber" name="L468" href="#L468">468</a> <strong class="jxr_keyword">final</strong> String rightPath = right.replace('\\', '/');
|
||||
<a class="jxr_linenumber" name="L469" href="#L469">469</a>
|
||||
<a class="jxr_linenumber" name="L470" href="#L470">470</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> leftCount = countChar(leftPath, '/');
|
||||
<a class="jxr_linenumber" name="L471" href="#L471">471</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> rightCount = countChar(rightPath, '/');
|
||||
<a class="jxr_linenumber" name="L472" href="#L472">472</a> <strong class="jxr_keyword">if</strong> (leftCount == rightCount) {
|
||||
<a class="jxr_linenumber" name="L473" href="#L473">473</a> <strong class="jxr_keyword">return</strong> leftPath.compareTo(rightPath) <= 0;
|
||||
<a class="jxr_linenumber" name="L474" href="#L474">474</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L475" href="#L475">475</a> <strong class="jxr_keyword">return</strong> leftCount < rightCount;
|
||||
<a class="jxr_linenumber" name="L476" href="#L476">476</a> }
|
||||
<a class="jxr_linenumber" name="L477" href="#L477">477</a> }
|
||||
<a class="jxr_linenumber" name="L478" href="#L478">478</a>
|
||||
<a class="jxr_linenumber" name="L479" href="#L479">479</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L480" href="#L480">480</a> <em class="jxr_javadoccomment"> * Counts the number of times the character is present in the string.</em>
|
||||
<a class="jxr_linenumber" name="L481" href="#L481">481</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L482" href="#L482">482</a> <em class="jxr_javadoccomment"> * @param string the string to count the characters in</em>
|
||||
<a class="jxr_linenumber" name="L483" href="#L483">483</a> <em class="jxr_javadoccomment"> * @param c the character to count</em>
|
||||
<a class="jxr_linenumber" name="L484" href="#L484">484</a> <em class="jxr_javadoccomment"> * @return the number of times the character is present in the string</em>
|
||||
<a class="jxr_linenumber" name="L485" href="#L485">485</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L486" href="#L486">486</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">int</strong> countChar(String string, <strong class="jxr_keyword">char</strong> c) {
|
||||
<a class="jxr_linenumber" name="L487" href="#L487">487</a> <strong class="jxr_keyword">int</strong> count = 0;
|
||||
<a class="jxr_linenumber" name="L488" href="#L488">488</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> max = string.length();
|
||||
<a class="jxr_linenumber" name="L489" href="#L489">489</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> i = 0; i < max; i++) {
|
||||
<a class="jxr_linenumber" name="L490" href="#L490">490</a> <strong class="jxr_keyword">if</strong> (c == string.charAt(i)) {
|
||||
<a class="jxr_linenumber" name="L491" href="#L491">491</a> count++;
|
||||
<a class="jxr_linenumber" name="L492" href="#L492">492</a> }
|
||||
<a class="jxr_linenumber" name="L493" href="#L493">493</a> }
|
||||
<a class="jxr_linenumber" name="L494" href="#L494">494</a> <strong class="jxr_keyword">return</strong> count;
|
||||
<a class="jxr_linenumber" name="L495" href="#L495">495</a> }
|
||||
<a class="jxr_linenumber" name="L496" href="#L496">496</a>
|
||||
<a class="jxr_linenumber" name="L497" href="#L497">497</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L498" href="#L498">498</a> <em class="jxr_javadoccomment"> * Checks if the given file path is contained within a war or ear file.</em>
|
||||
<a class="jxr_linenumber" name="L499" href="#L499">499</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L500" href="#L500">500</a> <em class="jxr_javadoccomment"> * @param filePath the file path to check</em>
|
||||
<a class="jxr_linenumber" name="L501" href="#L501">501</a> <em class="jxr_javadoccomment"> * @return true if the path contains '.war\' or '.ear\'.</em>
|
||||
<a class="jxr_linenumber" name="L502" href="#L502">502</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L503" href="#L503">503</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> containedInWar(String filePath) {
|
||||
<a class="jxr_linenumber" name="L504" href="#L504">504</a> <strong class="jxr_keyword">return</strong> filePath == <strong class="jxr_keyword">null</strong> ? false : filePath.matches(<span class="jxr_string">".*\\.(ear|war)[\\\\/].*"</span>);
|
||||
<a class="jxr_linenumber" name="L505" href="#L505">505</a> }
|
||||
<a class="jxr_linenumber" name="L506" href="#L506">506</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
47
xref/org/owasp/dependencycheck/analyzer/Experimental.html
Normal file
47
xref/org/owasp/dependencycheck/analyzer/Experimental.html
Normal file
@@ -0,0 +1,47 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head><meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Experimental xref</title>
|
||||
<link type="text/css" rel="stylesheet" href="../../../../stylesheet.css" />
|
||||
</head>
|
||||
<body>
|
||||
<div id="overview"><a href="../../../../../apidocs/org/owasp/dependencycheck/analyzer/Experimental.html">View Javadoc</a></div><pre>
|
||||
<a class="jxr_linenumber" name="L1" href="#L1">1</a> <em class="jxr_comment">/*</em>
|
||||
<a class="jxr_linenumber" name="L2" href="#L2">2</a> <em class="jxr_comment"> * This file is part of dependency-check-core.</em>
|
||||
<a class="jxr_linenumber" name="L3" href="#L3">3</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L4" href="#L4">4</a> <em class="jxr_comment"> * Licensed under the Apache License, Version 2.0 (the "License");</em>
|
||||
<a class="jxr_linenumber" name="L5" href="#L5">5</a> <em class="jxr_comment"> * you may not use this file except in compliance with the License.</em>
|
||||
<a class="jxr_linenumber" name="L6" href="#L6">6</a> <em class="jxr_comment"> * You may obtain a copy of the License at</em>
|
||||
<a class="jxr_linenumber" name="L7" href="#L7">7</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L8" href="#L8">8</a> <em class="jxr_comment"> * <a href="http://www.apache.org/licenses/LICENSE-2." target="alexandria_uri">http://www.apache.org/licenses/LICENSE-2.</a>0</em>
|
||||
<a class="jxr_linenumber" name="L9" href="#L9">9</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L10" href="#L10">10</a> <em class="jxr_comment"> * Unless required by applicable law or agreed to in writing, software</em>
|
||||
<a class="jxr_linenumber" name="L11" href="#L11">11</a> <em class="jxr_comment"> * distributed under the License is distributed on an "AS IS" BASIS,</em>
|
||||
<a class="jxr_linenumber" name="L12" href="#L12">12</a> <em class="jxr_comment"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</em>
|
||||
<a class="jxr_linenumber" name="L13" href="#L13">13</a> <em class="jxr_comment"> * See the License for the specific language governing permissions and</em>
|
||||
<a class="jxr_linenumber" name="L14" href="#L14">14</a> <em class="jxr_comment"> * limitations under the License.</em>
|
||||
<a class="jxr_linenumber" name="L15" href="#L15">15</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L16" href="#L16">16</a> <em class="jxr_comment"> * Copyright (c) 2016 Jeremy Long. All Rights Reserved.</em>
|
||||
<a class="jxr_linenumber" name="L17" href="#L17">17</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L18" href="#L18">18</a> <strong class="jxr_keyword">package</strong> org.owasp.dependencycheck.analyzer;
|
||||
<a class="jxr_linenumber" name="L19" href="#L19">19</a>
|
||||
<a class="jxr_linenumber" name="L20" href="#L20">20</a> <strong class="jxr_keyword">import</strong> java.lang.annotation.ElementType;
|
||||
<a class="jxr_linenumber" name="L21" href="#L21">21</a> <strong class="jxr_keyword">import</strong> java.lang.annotation.Retention;
|
||||
<a class="jxr_linenumber" name="L22" href="#L22">22</a> <strong class="jxr_keyword">import</strong> java.lang.annotation.RetentionPolicy;
|
||||
<a class="jxr_linenumber" name="L23" href="#L23">23</a> <strong class="jxr_keyword">import</strong> java.lang.annotation.Target;
|
||||
<a class="jxr_linenumber" name="L24" href="#L24">24</a>
|
||||
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L26" href="#L26">26</a> <em class="jxr_javadoccomment"> * Annotation used to flag an analyzer as experimental.</em>
|
||||
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <em class="jxr_javadoccomment"> * @author jeremy long</em>
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> @Retention(RetentionPolicy.RUNTIME)
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> @Target(ElementType.TYPE)
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">public</strong> @<strong class="jxr_keyword">interface</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/Experimental.html">Experimental</a> {
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a>
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
</body>
|
||||
</html>
|
||||
@@ -75,58 +75,55 @@
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> }
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_comment">//</editor-fold></em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_comment">// Python init files</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> NameFileFilter IGNORED_FILES = <strong class="jxr_keyword">new</strong> NameFileFilter(<strong class="jxr_keyword">new</strong> String[] {
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <span class="jxr_string">"__init__.py"</span>,
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <span class="jxr_string">"__init__.pyc"</span>,
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <span class="jxr_string">"__init__.pyo"</span>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> });
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * Collects information about the file name.</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze.</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * @param engine the engine that is scanning the dependencies</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> * @throws AnalysisException is thrown if there is an error reading the JAR file.</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> @Override
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyze(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_comment">//strip any path information that may get added by ArchiveAnalyzer, etc.</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">final</strong> File f = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">final</strong> String fileName = FilenameUtils.removeExtension(f.getName());
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_comment">//add version evidence</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/utils/DependencyVersion.html">DependencyVersion</a> version = DependencyVersionUtil.parseVersion(fileName);
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <strong class="jxr_keyword">if</strong> (version != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_comment">// If the version number is just a number like 2 or 23, reduce the confidence</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_comment">// a shade. This should hopefully correct for cases like log4j.jar or</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_comment">// struts2-core.jar</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <strong class="jxr_keyword">if</strong> (version.getVersionParts() == <strong class="jxr_keyword">null</strong> || version.getVersionParts().size() < 2) {
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> dependency.getVersionEvidence().addEvidence(<span class="jxr_string">"file"</span>, <span class="jxr_string">"name"</span>,
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> version.toString(), Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> * Python init files</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> NameFileFilter IGNORED_FILES = <strong class="jxr_keyword">new</strong> NameFileFilter(<strong class="jxr_keyword">new</strong> String[]{
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <span class="jxr_string">"__init__.py"</span>,
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <span class="jxr_string">"__init__.pyc"</span>,
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <span class="jxr_string">"__init__.pyo"</span>,
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> });
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> * Collects information about the file name.</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze.</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> * @param engine the engine that is scanning the dependencies</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> * @throws AnalysisException is thrown if there is an error reading the JAR</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> * file.</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> @Override
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyze(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_comment">//strip any path information that may get added by ArchiveAnalyzer, etc.</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">final</strong> File f = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">final</strong> String fileName = FilenameUtils.removeExtension(f.getName());
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_comment">//add version evidence</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/utils/DependencyVersion.html">DependencyVersion</a> version = DependencyVersionUtil.parseVersion(fileName);
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <strong class="jxr_keyword">if</strong> (version != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_comment">// If the version number is just a number like 2 or 23, reduce the confidence</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_comment">// a shade. This should hopefully correct for cases like log4j.jar or</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_comment">// struts2-core.jar</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <strong class="jxr_keyword">if</strong> (version.getVersionParts() == <strong class="jxr_keyword">null</strong> || version.getVersionParts().size() < 2) {
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> dependency.getVersionEvidence().addEvidence(<span class="jxr_string">"file"</span>, <span class="jxr_string">"name"</span>,
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> version.toString(), Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> }
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> dependency.getVersionEvidence().addEvidence(<span class="jxr_string">"file"</span>, <span class="jxr_string">"name"</span>,
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> fileName, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> }
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_comment">//add as vendor and product evidence</em>
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">if</strong> (fileName.contains(<span class="jxr_string">"-"</span>)) {
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> dependency.getProductEvidence().addEvidence(<span class="jxr_string">"file"</span>, <span class="jxr_string">"name"</span>,
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> fileName, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> dependency.getVendorEvidence().addEvidence(<span class="jxr_string">"file"</span>, <span class="jxr_string">"name"</span>,
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> fileName, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (!IGNORED_FILES.accept(f)) {
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> dependency.getProductEvidence().addEvidence(<span class="jxr_string">"file"</span>, <span class="jxr_string">"name"</span>,
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> fileName, Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> dependency.getVendorEvidence().addEvidence(<span class="jxr_string">"file"</span>, <span class="jxr_string">"name"</span>,
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> fileName, Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> }
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> }
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> }
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> version.toString(), Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> dependency.getVersionEvidence().addEvidence(<span class="jxr_string">"file"</span>, <span class="jxr_string">"version"</span>,
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> version.toString(), Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> }
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> dependency.getVersionEvidence().addEvidence(<span class="jxr_string">"file"</span>, <span class="jxr_string">"name"</span>,
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> fileName, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> }
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a>
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">if</strong> (!IGNORED_FILES.accept(f)) {
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> dependency.getProductEvidence().addEvidence(<span class="jxr_string">"file"</span>, <span class="jxr_string">"name"</span>,
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> fileName, Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> dependency.getVendorEvidence().addEvidence(<span class="jxr_string">"file"</span>, <span class="jxr_string">"name"</span>,
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> fileName, Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> }
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> }
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -53,146 +53,147 @@
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.html">NodePackageAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(NodePackageAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Node.js Package Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> * The file name to scan.</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String PACKAGE_JSON = <span class="jxr_string">"package.json"</span>;
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> * Filter that detects files named "package.json".</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter PACKAGE_JSON_FILTER = FileFilterBuilder.newInstance()
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> .addFilenames(PACKAGE_JSON).build();
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> @Override
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <strong class="jxr_keyword">return</strong> PACKAGE_JSON_FILTER;
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> }
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> @Override
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_comment">// NO-OP</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> }
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> @Override
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> }
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> @Override
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> }
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a>
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> @Override
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED;
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> }
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a>
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> @Override
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <strong class="jxr_keyword">final</strong> File file = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> JsonReader jsonReader;
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> jsonReader = Json.createReader(FileUtils.openInputStream(file));
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> }
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">final</strong> JsonObject json = jsonReader.readObject();
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> productEvidence = dependency.getProductEvidence();
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendorEvidence = dependency.getVendorEvidence();
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <strong class="jxr_keyword">if</strong> (json.containsKey(<span class="jxr_string">"name"</span>)) {
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <strong class="jxr_keyword">final</strong> Object value = json.get(<span class="jxr_string">"name"</span>);
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <strong class="jxr_keyword">if</strong> (value instanceof JsonString) {
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <strong class="jxr_keyword">final</strong> String valueString = ((JsonString) value).getString();
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> productEvidence.addEvidence(PACKAGE_JSON, <span class="jxr_string">"name"</span>, valueString, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> vendorEvidence.addEvidence(PACKAGE_JSON, <span class="jxr_string">"name_project"</span>, String.format(<span class="jxr_string">"%s_project"</span>, valueString), Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> LOGGER.warn(<span class="jxr_string">"JSON value not string as expected: {}"</span>, value);
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> }
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> }
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> addToEvidence(json, productEvidence, <span class="jxr_string">"description"</span>);
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> addToEvidence(json, vendorEvidence, <span class="jxr_string">"author"</span>);
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> addToEvidence(json, dependency.getVersionEvidence(), <span class="jxr_string">"version"</span>);
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> dependency.setDisplayFileName(String.format(<span class="jxr_string">"%s/%s"</span>, file.getParentFile().getName(), file.getName()));
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> } <strong class="jxr_keyword">catch</strong> (JsonException e) {
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> LOGGER.warn(<span class="jxr_string">"Failed to parse package.json file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> jsonReader.close();
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> }
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> }
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> * Adds information to an evidence collection from the node json configuration.</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_javadoccomment"> * @param json information from node.js</em>
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <em class="jxr_javadoccomment"> * @param collection a set of evidence about a dependency</em>
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <em class="jxr_javadoccomment"> * @param key the key to obtain the data from the json information</em>
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addToEvidence(JsonObject json, <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> collection, String key) {
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">if</strong> (json.containsKey(key)) {
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">final</strong> JsonValue value = json.get(key);
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <strong class="jxr_keyword">if</strong> (value instanceof JsonString) {
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> collection.addEvidence(PACKAGE_JSON, key, ((JsonString) value).getString(), Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (value instanceof JsonObject) {
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <strong class="jxr_keyword">final</strong> JsonObject jsonObject = (JsonObject) value;
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">final</strong> Map.Entry<String, JsonValue> entry : jsonObject.entrySet()) {
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">final</strong> String property = entry.getKey();
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">final</strong> JsonValue subValue = entry.getValue();
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <strong class="jxr_keyword">if</strong> (subValue instanceof JsonString) {
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> collection.addEvidence(PACKAGE_JSON,
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> String.format(<span class="jxr_string">"%s.%s"</span>, key, property),
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> ((JsonString) subValue).getString(),
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> LOGGER.warn(<span class="jxr_string">"JSON sub-value not string as expected: {}"</span>, subValue);
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> }
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> }
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> LOGGER.warn(<span class="jxr_string">"JSON value not string or JSON object as expected: {}"</span>, value);
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> }
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> }
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> }
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> }
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> @Experimental
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.html">NodePackageAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(NodePackageAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Node.js Package Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> * The file name to scan.</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String PACKAGE_JSON = <span class="jxr_string">"package.json"</span>;
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> * Filter that detects files named "package.json".</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter PACKAGE_JSON_FILTER = FileFilterBuilder.newInstance()
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> .addFilenames(PACKAGE_JSON).build();
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> @Override
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <strong class="jxr_keyword">return</strong> PACKAGE_JSON_FILTER;
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> }
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> @Override
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_comment">// NO-OP</em>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> }
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> @Override
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> }
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> @Override
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> }
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a>
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> @Override
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED;
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> }
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a>
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> @Override
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <strong class="jxr_keyword">final</strong> File file = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> JsonReader jsonReader;
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> jsonReader = Json.createReader(FileUtils.openInputStream(file));
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> }
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">final</strong> JsonObject json = jsonReader.readObject();
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> productEvidence = dependency.getProductEvidence();
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendorEvidence = dependency.getVendorEvidence();
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <strong class="jxr_keyword">if</strong> (json.containsKey(<span class="jxr_string">"name"</span>)) {
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <strong class="jxr_keyword">final</strong> Object value = json.get(<span class="jxr_string">"name"</span>);
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <strong class="jxr_keyword">if</strong> (value instanceof JsonString) {
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <strong class="jxr_keyword">final</strong> String valueString = ((JsonString) value).getString();
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> productEvidence.addEvidence(PACKAGE_JSON, <span class="jxr_string">"name"</span>, valueString, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> vendorEvidence.addEvidence(PACKAGE_JSON, <span class="jxr_string">"name_project"</span>, String.format(<span class="jxr_string">"%s_project"</span>, valueString), Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> LOGGER.warn(<span class="jxr_string">"JSON value not string as expected: {}"</span>, value);
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> }
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> }
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> addToEvidence(json, productEvidence, <span class="jxr_string">"description"</span>);
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> addToEvidence(json, vendorEvidence, <span class="jxr_string">"author"</span>);
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> addToEvidence(json, dependency.getVersionEvidence(), <span class="jxr_string">"version"</span>);
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> dependency.setDisplayFileName(String.format(<span class="jxr_string">"%s/%s"</span>, file.getParentFile().getName(), file.getName()));
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> } <strong class="jxr_keyword">catch</strong> (JsonException e) {
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> LOGGER.warn(<span class="jxr_string">"Failed to parse package.json file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> jsonReader.close();
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> }
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> }
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> * Adds information to an evidence collection from the node json configuration.</em>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <em class="jxr_javadoccomment"> * @param json information from node.js</em>
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <em class="jxr_javadoccomment"> * @param collection a set of evidence about a dependency</em>
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <em class="jxr_javadoccomment"> * @param key the key to obtain the data from the json information</em>
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addToEvidence(JsonObject json, <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> collection, String key) {
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">if</strong> (json.containsKey(key)) {
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <strong class="jxr_keyword">final</strong> JsonValue value = json.get(key);
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">if</strong> (value instanceof JsonString) {
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> collection.addEvidence(PACKAGE_JSON, key, ((JsonString) value).getString(), Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (value instanceof JsonObject) {
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">final</strong> JsonObject jsonObject = (JsonObject) value;
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">final</strong> Map.Entry<String, JsonValue> entry : jsonObject.entrySet()) {
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">final</strong> String property = entry.getKey();
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <strong class="jxr_keyword">final</strong> JsonValue subValue = entry.getValue();
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <strong class="jxr_keyword">if</strong> (subValue instanceof JsonString) {
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> collection.addEvidence(PACKAGE_JSON,
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> String.format(<span class="jxr_string">"%s.%s"</span>, key, property),
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> ((JsonString) subValue).getString(),
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> LOGGER.warn(<span class="jxr_string">"JSON sub-value not string as expected: {}"</span>, subValue);
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> }
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> }
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> LOGGER.warn(<span class="jxr_string">"JSON value not string or JSON object as expected: {}"</span>, value);
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> }
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> }
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> }
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -36,151 +36,189 @@
|
||||
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <strong class="jxr_keyword">import</strong> java.io.File;
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> java.io.FileFilter;
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a>
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <em class="jxr_javadoccomment"> * Used to analyze OpenSSL source code present in the file system.</em>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.html">OpenSSLAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> HEXADECIMAL = 16;
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> java.nio.charset.Charset;
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a>
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment"> * Used to analyze OpenSSL source code present in the file system.</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.html">OpenSSLAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * Filename to analyze. All other .h files get removed from consideration.</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * Hexadecimal.</em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String OPENSSLV_H = <span class="jxr_string">"opensslv.h"</span>;
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * Filter that detects files named "__init__.py".</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter OPENSSLV_FILTER = FileFilterBuilder.newInstance().addFilenames(OPENSSLV_H).build();
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern VERSION_PATTERN = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <span class="jxr_string">"define\\s+OPENSSL_VERSION_NUMBER\\s+0x([0-9a-zA-Z]{8})L"</span>, Pattern.DOTALL
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> | Pattern.CASE_INSENSITIVE);
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> MAJOR_OFFSET = 28;
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> MINOR_MASK = 0x0ff00000L;
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> MINOR_OFFSET = 20;
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> FIX_MASK = 0x000ff000L;
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> FIX_OFFSET = 12;
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> PATCH_MASK = 0x00000ff0L;
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> PATCH_OFFSET = 4;
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> NUM_LETTERS = 26;
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> STATUS_MASK = 0x0000000f;
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment"> * Returns the open SSL version as a string.</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> * @param openSSLVersionConstant The open SSL version</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> * @return the version of openssl</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">static</strong> String getOpenSSLVersion(<strong class="jxr_keyword">long</strong> openSSLVersionConstant) {
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> major = openSSLVersionConstant >>> MAJOR_OFFSET;
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> minor = (openSSLVersionConstant & MINOR_MASK) >>> MINOR_OFFSET;
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> fix = (openSSLVersionConstant & FIX_MASK) >>> FIX_OFFSET;
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> patchLevel = (openSSLVersionConstant & PATCH_MASK) >>> PATCH_OFFSET;
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <strong class="jxr_keyword">final</strong> String patch = 0 == patchLevel || patchLevel > NUM_LETTERS ? <span class="jxr_string">""</span> : String.valueOf((<strong class="jxr_keyword">char</strong>) (patchLevel + 'a' - 1));
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> statusCode = (<strong class="jxr_keyword">int</strong>) (openSSLVersionConstant & STATUS_MASK);
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <strong class="jxr_keyword">final</strong> String status = 0xf == statusCode ? <span class="jxr_string">""</span> : (0 == statusCode ? <span class="jxr_string">"-dev"</span> : <span class="jxr_string">"-beta"</span> + statusCode);
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">return</strong> String.format(<span class="jxr_string">"%d.%d.%d%s%s"</span>, major, minor, fix, patch, status);
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> }
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> HEXADECIMAL = 16;
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> * Filename to analyze. All other .h files get removed from consideration.</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String OPENSSLV_H = <span class="jxr_string">"opensslv.h"</span>;
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> * Filter that detects files named "__init__.py".</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter OPENSSLV_FILTER = FileFilterBuilder.newInstance().addFilenames(OPENSSLV_H).build();
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> * Open SSL Version number pattern.</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern VERSION_PATTERN = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <span class="jxr_string">"define\\s+OPENSSL_VERSION_NUMBER\\s+0x([0-9a-zA-Z]{8})L"</span>, Pattern.DOTALL
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> | Pattern.CASE_INSENSITIVE);
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> * The offset of the major version number.</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> MAJOR_OFFSET = 28;
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> * The mask for the minor version number.</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> MINOR_MASK = 0x0ff00000L;
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> * The offset of the minor version number.</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> MINOR_OFFSET = 20;
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> * The max for the fix version.</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> FIX_MASK = 0x000ff000L;
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * The offset for the fix version.</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> FIX_OFFSET = 12;
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> * Returns the name of the Python Package Analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> @Override
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"OpenSSL Source Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> }
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> * Tell that we are used for information collection.</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> * @return INFORMATION_COLLECTION</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> * The mask for the patch version.</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> PATCH_MASK = 0x00000ff0L;
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> * The offset for the patch version.</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> PATCH_OFFSET = 4;
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment"> * Number of letters.</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> NUM_LETTERS = 26;
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> * The status mask.</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> @Override
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> }
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> * Returns the set of supported file extensions.</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment"> * @return the set of supported file extensions</em>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> @Override
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">return</strong> OPENSSLV_FILTER;
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> }
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a>
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> * No-op initializer implementation.</em>
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <em class="jxr_javadoccomment"> * @throws Exception never thrown</em>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> @Override
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_comment">// Nothing to do here.</em>
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> }
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a>
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <em class="jxr_javadoccomment"> * Analyzes python packages and adds evidence to the dependency.</em>
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment"> * @param engine the engine being used to perform the scan</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error analyzing the dependency</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> @Override
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <strong class="jxr_keyword">final</strong> File file = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">final</strong> String parentName = file.getParentFile().getName();
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">boolean</strong> found = false;
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <strong class="jxr_keyword">final</strong> String contents = getFileContents(file);
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <strong class="jxr_keyword">if</strong> (!contents.isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <strong class="jxr_keyword">final</strong> Matcher matcher = VERSION_PATTERN.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <strong class="jxr_keyword">if</strong> (matcher.find()) {
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> dependency.getVersionEvidence().addEvidence(OPENSSLV_H, <span class="jxr_string">"Version Constant"</span>,
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> getOpenSSLVersion(Long.parseLong(matcher.group(1), HEXADECIMAL)), Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> found = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> }
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> }
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <strong class="jxr_keyword">if</strong> (found) {
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> dependency.setDisplayFileName(parentName + File.separatorChar + OPENSSLV_H);
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> dependency.getVendorEvidence().addEvidence(OPENSSLV_H, <span class="jxr_string">"Vendor"</span>, <span class="jxr_string">"OpenSSL"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> dependency.getProductEvidence().addEvidence(OPENSSLV_H, <span class="jxr_string">"Product"</span>, <span class="jxr_string">"OpenSSL"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> engine.getDependencies().remove(dependency);
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> }
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> }
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a>
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <em class="jxr_javadoccomment"> * Retrieves the contents of a given file.</em>
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> * @param actualFile the file to read</em>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> * @return the contents of the file</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an IO Exception</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">private</strong> String getFileContents(<strong class="jxr_keyword">final</strong> File actualFile)
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> String contents;
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> contents = FileUtils.readFileToString(actualFile).trim();
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> }
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">return</strong> contents;
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> }
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a>
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> @Override
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_OPENSSL_ENABLED;
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> }
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> }
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> STATUS_MASK = 0x0000000f;
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment"> * Returns the open SSL version as a string.</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> * @param openSSLVersionConstant The open SSL version</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> * @return the version of openssl</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <strong class="jxr_keyword">static</strong> String getOpenSSLVersion(<strong class="jxr_keyword">long</strong> openSSLVersionConstant) {
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> major = openSSLVersionConstant >>> MAJOR_OFFSET;
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> minor = (openSSLVersionConstant & MINOR_MASK) >>> MINOR_OFFSET;
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> fix = (openSSLVersionConstant & FIX_MASK) >>> FIX_OFFSET;
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> patchLevel = (openSSLVersionConstant & PATCH_MASK) >>> PATCH_OFFSET;
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">final</strong> String patch = 0 == patchLevel || patchLevel > NUM_LETTERS ? <span class="jxr_string">""</span> : String.valueOf((<strong class="jxr_keyword">char</strong>) (patchLevel + 'a' - 1));
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> statusCode = (<strong class="jxr_keyword">int</strong>) (openSSLVersionConstant & STATUS_MASK);
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">final</strong> String status = 0xf == statusCode ? <span class="jxr_string">""</span> : (0 == statusCode ? <span class="jxr_string">"-dev"</span> : <span class="jxr_string">"-beta"</span> + statusCode);
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">return</strong> String.format(<span class="jxr_string">"%d.%d.%d%s%s"</span>, major, minor, fix, patch, status);
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> }
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment"> * Returns the name of the Python Package Analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> @Override
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"OpenSSL Source Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> }
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> * Tell that we are used for information collection.</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment"> * @return INFORMATION_COLLECTION</em>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> @Override
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> }
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> * Returns the set of supported file extensions.</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> * @return the set of supported file extensions</em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> @Override
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <strong class="jxr_keyword">return</strong> OPENSSLV_FILTER;
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> }
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> * No-op initializer implementation.</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> * @throws Exception never thrown</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> @Override
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_comment">// Nothing to do here.</em>
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> }
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> * Analyzes python packages and adds evidence to the dependency.</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_javadoccomment"> * @param engine the engine being used to perform the scan</em>
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error</em>
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <em class="jxr_javadoccomment"> * analyzing the dependency</em>
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> @Override
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <strong class="jxr_keyword">final</strong> File file = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">final</strong> String parentName = file.getParentFile().getName();
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">boolean</strong> found = false;
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <strong class="jxr_keyword">final</strong> String contents = getFileContents(file);
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">if</strong> (!contents.isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">final</strong> Matcher matcher = VERSION_PATTERN.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">if</strong> (matcher.find()) {
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> dependency.getVersionEvidence().addEvidence(OPENSSLV_H, <span class="jxr_string">"Version Constant"</span>,
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> getOpenSSLVersion(Long.parseLong(matcher.group(1), HEXADECIMAL)), Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> found = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> }
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> }
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">if</strong> (found) {
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> dependency.setDisplayFileName(parentName + File.separatorChar + OPENSSLV_H);
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> dependency.getVendorEvidence().addEvidence(OPENSSLV_H, <span class="jxr_string">"Vendor"</span>, <span class="jxr_string">"OpenSSL"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> dependency.getProductEvidence().addEvidence(OPENSSLV_H, <span class="jxr_string">"Product"</span>, <span class="jxr_string">"OpenSSL"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> engine.getDependencies().remove(dependency);
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> }
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> }
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a>
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment"> * Retrieves the contents of a given file.</em>
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> * @param actualFile the file to read</em>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> * @return the contents of the file</em>
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an IO Exception</em>
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">private</strong> String getFileContents(<strong class="jxr_keyword">final</strong> File actualFile)
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">return</strong> FileUtils.readFileToString(actualFile, Charset.defaultCharset()).trim();
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> }
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> }
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a>
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <em class="jxr_javadoccomment"> * Returns the setting for the analyzer enabled setting key.</em>
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <em class="jxr_javadoccomment"> * @return the setting for the analyzer enabled setting key</em>
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> @Override
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_OPENSSL_ENABLED;
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> }
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -58,328 +58,329 @@
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.html">PythonDistributionAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> * Name of egg metadata files to analyze.</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String PKG_INFO = <span class="jxr_string">"PKG-INFO"</span>;
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> * Name of wheel metadata files to analyze.</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String METADATA = <span class="jxr_string">"METADATA"</span>;
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> .getLogger(PythonDistributionAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment"> * The count of directories created during analysis. This is used for creating temporary directories.</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">int</strong> dirCount = 0;
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Python Distribution Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> * The set of file extensions supported by this analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String[] EXTENSIONS = {<span class="jxr_string">"whl"</span>, <span class="jxr_string">"egg"</span>, <span class="jxr_string">"zip"</span>};
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> * Used to match on egg archive candidate extensions.</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter EGG_OR_ZIP = FileFilterBuilder.newInstance().addExtensions(<span class="jxr_string">"egg"</span>, <span class="jxr_string">"zip"</span>).build();
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * Used to detect files with a .whl extension.</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter WHL_FILTER = FileFilterBuilder.newInstance().addExtensions(<span class="jxr_string">"whl"</span>).build();
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> * The parent directory for the individual directories per archive.</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <strong class="jxr_keyword">private</strong> File tempFileLocation;
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> * Filter that detects *.dist-info files (but doesn't verify they are directories.</em>
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FilenameFilter DIST_INFO_FILTER = <strong class="jxr_keyword">new</strong> SuffixFileFilter(
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <span class="jxr_string">".dist-info"</span>);
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a>
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> * Filter that detects files named "METADATA".</em>
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FilenameFilter EGG_INFO_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <span class="jxr_string">"EGG-INFO"</span>);
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a>
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment"> * Filter that detects files named "METADATA".</em>
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> NameFileFilter METADATA_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> METADATA);
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a>
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_javadoccomment"> * Filter that detects files named "PKG-INFO".</em>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> NameFileFilter PKG_INFO_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> PKG_INFO);
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addFileFilters(
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> METADATA_FILTER, PKG_INFO_FILTER).addExtensions(EXTENSIONS).build();
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> @Override
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <strong class="jxr_keyword">return</strong> FILTER;
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> }
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> @Override
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> }
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> @Override
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> }
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a>
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> @Override
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED;
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> }
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a>
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> @Override
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">final</strong> File actualFile = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">if</strong> (WHL_FILTER.accept(actualFile)) {
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> collectMetadataFromArchiveFormat(dependency, DIST_INFO_FILTER,
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> METADATA_FILTER);
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (EGG_OR_ZIP.accept(actualFile)) {
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> collectMetadataFromArchiveFormat(dependency, EGG_INFO_FILTER,
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> PKG_INFO_FILTER);
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <strong class="jxr_keyword">final</strong> String name = actualFile.getName();
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> metadata = METADATA.equals(name);
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <strong class="jxr_keyword">if</strong> (metadata || PKG_INFO.equals(name)) {
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <strong class="jxr_keyword">final</strong> File parent = actualFile.getParentFile();
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <strong class="jxr_keyword">final</strong> String parentName = parent.getName();
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> dependency.setDisplayFileName(parentName + <span class="jxr_string">"/"</span> + name);
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <strong class="jxr_keyword">if</strong> (parent.isDirectory()
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> && (metadata && parentName.endsWith(<span class="jxr_string">".dist-info"</span>)
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> || parentName.endsWith(<span class="jxr_string">".egg-info"</span>) || <span class="jxr_string">"EGG-INFO"</span>
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> .equals(parentName))) {
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> collectWheelMetadata(dependency, actualFile);
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> }
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> }
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> }
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> }
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a>
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <em class="jxr_javadoccomment"> * Collects the meta data from an archive.</em>
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <em class="jxr_javadoccomment"> * @param dependency the archive being scanned</em>
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_javadoccomment"> * @param folderFilter the filter to apply to the folder</em>
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <em class="jxr_javadoccomment"> * @param metadataFilter the filter to apply to the meta data</em>
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown when there is a problem analyzing the dependency</em>
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> collectMetadataFromArchiveFormat(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency,
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> FilenameFilter folderFilter, FilenameFilter metadataFilter)
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <strong class="jxr_keyword">final</strong> File temp = getNextTempDirectory();
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> LOGGER.debug(<span class="jxr_string">"{} exists? {}"</span>, temp, temp.exists());
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> ExtractionUtil.extractFilesUsingFilter(
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <strong class="jxr_keyword">new</strong> File(dependency.getActualFilePath()), temp,
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> metadataFilter);
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> } <strong class="jxr_keyword">catch</strong> (ExtractionException ex) {
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(ex);
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> }
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a>
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> collectWheelMetadata(
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> dependency,
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> getMatchingFile(getMatchingFile(temp, folderFilter),
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> metadataFilter));
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> }
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a>
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <em class="jxr_javadoccomment"> * Makes sure a usable temporary directory is available.</em>
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <em class="jxr_javadoccomment"> * @throws Exception an AnalyzeException is thrown when the temp directory cannot be created</em>
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> @Override
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <strong class="jxr_keyword">final</strong> File baseDir = Settings.getTempDirectory();
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> tempFileLocation = File.createTempFile(<span class="jxr_string">"check"</span>, <span class="jxr_string">"tmp"</span>, baseDir);
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.delete()) {
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">final</strong> String msg = String.format(
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <span class="jxr_string">"Unable to delete temporary file '%s'."</span>,
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> tempFileLocation.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> }
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <strong class="jxr_keyword">final</strong> String msg = String.format(
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <span class="jxr_string">"Unable to create directory '%s'."</span>,
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> tempFileLocation.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> }
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> }
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a>
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <em class="jxr_javadoccomment"> * Deletes any files extracted from the Wheel during analysis.</em>
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> @Override
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() {
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <strong class="jxr_keyword">if</strong> (tempFileLocation != <strong class="jxr_keyword">null</strong> && tempFileLocation.exists()) {
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> LOGGER.debug(<span class="jxr_string">"Attempting to delete temporary files"</span>);
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> success = FileUtils.delete(tempFileLocation);
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <strong class="jxr_keyword">if</strong> (!success) {
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> LOGGER.warn(
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> <span class="jxr_string">"Failed to delete some temporary files, see the log for more details"</span>);
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> }
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> }
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> }
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a>
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> <em class="jxr_javadoccomment"> * Gathers evidence from the METADATA file.</em>
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <em class="jxr_javadoccomment"> * @param file a reference to the manifest/properties file</em>
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> collectWheelMetadata(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, File file) {
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <strong class="jxr_keyword">final</strong> InternetHeaders headers = getManifestProperties(file);
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> addPropertyToEvidence(headers, dependency.getVersionEvidence(),
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <span class="jxr_string">"Version"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> addPropertyToEvidence(headers, dependency.getProductEvidence(), <span class="jxr_string">"Name"</span>,
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <strong class="jxr_keyword">final</strong> String url = headers.getHeader(<span class="jxr_string">"Home-page"</span>, <strong class="jxr_keyword">null</strong>);
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendorEvidence = dependency
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> .getVendorEvidence();
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(url)) {
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> <strong class="jxr_keyword">if</strong> (UrlStringUtils.isUrl(url)) {
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> vendorEvidence.addEvidence(METADATA, <span class="jxr_string">"vendor"</span>, url,
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> }
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> }
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> addPropertyToEvidence(headers, vendorEvidence, <span class="jxr_string">"Author"</span>, Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <strong class="jxr_keyword">final</strong> String summary = headers.getHeader(<span class="jxr_string">"Summary"</span>, <strong class="jxr_keyword">null</strong>);
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(summary)) {
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <a href="../../../../org/owasp/dependencycheck/analyzer/JarAnalyzer.html">JarAnalyzer</a>
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> .addDescription(dependency, summary, METADATA, <span class="jxr_string">"summary"</span>);
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> }
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> }
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a>
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_javadoccomment"> * Adds a value to the evidence collection.</em>
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <em class="jxr_javadoccomment"> * @param headers the properties collection</em>
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <em class="jxr_javadoccomment"> * @param evidence the evidence collection to add the value</em>
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <em class="jxr_javadoccomment"> * @param property the property name</em>
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <em class="jxr_javadoccomment"> * @param confidence the confidence of the evidence</em>
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> addPropertyToEvidence(InternetHeaders headers,
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence, String property, <a href="../../../../org/owasp/dependencycheck/dependency/Confidence.html">Confidence</a> confidence) {
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <strong class="jxr_keyword">final</strong> String value = headers.getHeader(property, <strong class="jxr_keyword">null</strong>);
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> LOGGER.debug(<span class="jxr_string">"Property: {}, Value: {}"</span>, property, value);
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(value)) {
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> evidence.addEvidence(METADATA, property, value, confidence);
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> }
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> }
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a>
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> <em class="jxr_javadoccomment"> * Returns a list of files that match the given filter, this does not recursively scan the directory.</em>
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <em class="jxr_javadoccomment"> * @param folder the folder to filter</em>
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <em class="jxr_javadoccomment"> * @param filter the filter to apply to the files in the directory</em>
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <em class="jxr_javadoccomment"> * @return the list of Files in the directory that match the provided filter</em>
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> File getMatchingFile(File folder, FilenameFilter filter) {
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> File result = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <strong class="jxr_keyword">final</strong> File[] matches = folder.listFiles(filter);
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != matches && 1 == matches.length) {
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> result = matches[0];
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> }
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> <strong class="jxr_keyword">return</strong> result;
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> }
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a>
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> <em class="jxr_javadoccomment"> * Reads the manifest entries from the provided file.</em>
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> <em class="jxr_javadoccomment"> * @param manifest the manifest</em>
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> <em class="jxr_javadoccomment"> * @return the manifest entries</em>
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> InternetHeaders getManifestProperties(File manifest) {
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> <strong class="jxr_keyword">final</strong> InternetHeaders result = <strong class="jxr_keyword">new</strong> InternetHeaders();
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> == manifest) {
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> LOGGER.debug(<span class="jxr_string">"Manifest file not found."</span>);
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> result.load(<strong class="jxr_keyword">new</strong> AutoCloseInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(
|
||||
<a class="jxr_linenumber" name="L342" href="#L342">342</a> <strong class="jxr_keyword">new</strong> FileInputStream(manifest))));
|
||||
<a class="jxr_linenumber" name="L343" href="#L343">343</a> } <strong class="jxr_keyword">catch</strong> (MessagingException e) {
|
||||
<a class="jxr_linenumber" name="L344" href="#L344">344</a> LOGGER.warn(e.getMessage(), e);
|
||||
<a class="jxr_linenumber" name="L345" href="#L345">345</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException e) {
|
||||
<a class="jxr_linenumber" name="L346" href="#L346">346</a> LOGGER.warn(e.getMessage(), e);
|
||||
<a class="jxr_linenumber" name="L347" href="#L347">347</a> }
|
||||
<a class="jxr_linenumber" name="L348" href="#L348">348</a> }
|
||||
<a class="jxr_linenumber" name="L349" href="#L349">349</a> <strong class="jxr_keyword">return</strong> result;
|
||||
<a class="jxr_linenumber" name="L350" href="#L350">350</a> }
|
||||
<a class="jxr_linenumber" name="L351" href="#L351">351</a>
|
||||
<a class="jxr_linenumber" name="L352" href="#L352">352</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L353" href="#L353">353</a> <em class="jxr_javadoccomment"> * Retrieves the next temporary destination directory for extracting an archive.</em>
|
||||
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L355" href="#L355">355</a> <em class="jxr_javadoccomment"> * @return a directory</em>
|
||||
<a class="jxr_linenumber" name="L356" href="#L356">356</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if unable to create temporary directory</em>
|
||||
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <strong class="jxr_keyword">private</strong> File getNextTempDirectory() <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L359" href="#L359">359</a> File directory;
|
||||
<a class="jxr_linenumber" name="L360" href="#L360">360</a>
|
||||
<a class="jxr_linenumber" name="L361" href="#L361">361</a> <em class="jxr_comment">// getting an exception for some directories not being able to be</em>
|
||||
<a class="jxr_linenumber" name="L362" href="#L362">362</a> <em class="jxr_comment">// created; might be because the directory already exists?</em>
|
||||
<a class="jxr_linenumber" name="L363" href="#L363">363</a> <strong class="jxr_keyword">do</strong> {
|
||||
<a class="jxr_linenumber" name="L364" href="#L364">364</a> dirCount += 1;
|
||||
<a class="jxr_linenumber" name="L365" href="#L365">365</a> directory = <strong class="jxr_keyword">new</strong> File(tempFileLocation, String.valueOf(dirCount));
|
||||
<a class="jxr_linenumber" name="L366" href="#L366">366</a> } <strong class="jxr_keyword">while</strong> (directory.exists());
|
||||
<a class="jxr_linenumber" name="L367" href="#L367">367</a> <strong class="jxr_keyword">if</strong> (!directory.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L368" href="#L368">368</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(String.format(
|
||||
<a class="jxr_linenumber" name="L369" href="#L369">369</a> <span class="jxr_string">"Unable to create temp directory '%s'."</span>,
|
||||
<a class="jxr_linenumber" name="L370" href="#L370">370</a> directory.getAbsolutePath()));
|
||||
<a class="jxr_linenumber" name="L371" href="#L371">371</a> }
|
||||
<a class="jxr_linenumber" name="L372" href="#L372">372</a> <strong class="jxr_keyword">return</strong> directory;
|
||||
<a class="jxr_linenumber" name="L373" href="#L373">373</a> }
|
||||
<a class="jxr_linenumber" name="L374" href="#L374">374</a> }
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> @Experimental
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.html">PythonDistributionAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> * Name of egg metadata files to analyze.</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String PKG_INFO = <span class="jxr_string">"PKG-INFO"</span>;
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> * Name of wheel metadata files to analyze.</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String METADATA = <span class="jxr_string">"METADATA"</span>;
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> .getLogger(PythonDistributionAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> * The count of directories created during analysis. This is used for creating temporary directories.</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">int</strong> dirCount = 0;
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Python Distribution Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> * The set of file extensions supported by this analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String[] EXTENSIONS = {<span class="jxr_string">"whl"</span>, <span class="jxr_string">"egg"</span>, <span class="jxr_string">"zip"</span>};
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> * Used to match on egg archive candidate extensions.</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter EGG_OR_ZIP = FileFilterBuilder.newInstance().addExtensions(<span class="jxr_string">"egg"</span>, <span class="jxr_string">"zip"</span>).build();
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> * Used to detect files with a .whl extension.</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter WHL_FILTER = FileFilterBuilder.newInstance().addExtensions(<span class="jxr_string">"whl"</span>).build();
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> * The parent directory for the individual directories per archive.</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <strong class="jxr_keyword">private</strong> File tempFileLocation;
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> * Filter that detects *.dist-info files (but doesn't verify they are directories.</em>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FilenameFilter DIST_INFO_FILTER = <strong class="jxr_keyword">new</strong> SuffixFileFilter(
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <span class="jxr_string">".dist-info"</span>);
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a>
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> * Filter that detects files named "METADATA".</em>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FilenameFilter EGG_INFO_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <span class="jxr_string">"EGG-INFO"</span>);
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a>
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> * Filter that detects files named "METADATA".</em>
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> NameFileFilter METADATA_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> METADATA);
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment"> * Filter that detects files named "PKG-INFO".</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> NameFileFilter PKG_INFO_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> PKG_INFO);
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a>
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addFileFilters(
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> METADATA_FILTER, PKG_INFO_FILTER).addExtensions(EXTENSIONS).build();
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> @Override
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <strong class="jxr_keyword">return</strong> FILTER;
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> }
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> @Override
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> }
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> @Override
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> }
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a>
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> @Override
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED;
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> }
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a>
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> @Override
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">final</strong> File actualFile = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">if</strong> (WHL_FILTER.accept(actualFile)) {
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> collectMetadataFromArchiveFormat(dependency, DIST_INFO_FILTER,
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> METADATA_FILTER);
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (EGG_OR_ZIP.accept(actualFile)) {
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> collectMetadataFromArchiveFormat(dependency, EGG_INFO_FILTER,
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> PKG_INFO_FILTER);
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <strong class="jxr_keyword">final</strong> String name = actualFile.getName();
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> metadata = METADATA.equals(name);
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <strong class="jxr_keyword">if</strong> (metadata || PKG_INFO.equals(name)) {
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <strong class="jxr_keyword">final</strong> File parent = actualFile.getParentFile();
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <strong class="jxr_keyword">final</strong> String parentName = parent.getName();
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> dependency.setDisplayFileName(parentName + <span class="jxr_string">"/"</span> + name);
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <strong class="jxr_keyword">if</strong> (parent.isDirectory()
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> && (metadata && parentName.endsWith(<span class="jxr_string">".dist-info"</span>)
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> || parentName.endsWith(<span class="jxr_string">".egg-info"</span>) || <span class="jxr_string">"EGG-INFO"</span>
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> .equals(parentName))) {
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> collectWheelMetadata(dependency, actualFile);
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> }
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> }
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> }
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> }
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a>
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_javadoccomment"> * Collects the meta data from an archive.</em>
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_javadoccomment"> * @param dependency the archive being scanned</em>
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <em class="jxr_javadoccomment"> * @param folderFilter the filter to apply to the folder</em>
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <em class="jxr_javadoccomment"> * @param metadataFilter the filter to apply to the meta data</em>
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown when there is a problem analyzing the dependency</em>
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> collectMetadataFromArchiveFormat(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency,
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> FilenameFilter folderFilter, FilenameFilter metadataFilter)
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <strong class="jxr_keyword">final</strong> File temp = getNextTempDirectory();
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> LOGGER.debug(<span class="jxr_string">"{} exists? {}"</span>, temp, temp.exists());
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> ExtractionUtil.extractFilesUsingFilter(
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">new</strong> File(dependency.getActualFilePath()), temp,
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> metadataFilter);
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> } <strong class="jxr_keyword">catch</strong> (ExtractionException ex) {
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(ex);
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> }
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a>
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> collectWheelMetadata(
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> dependency,
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> getMatchingFile(getMatchingFile(temp, folderFilter),
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> metadataFilter));
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> }
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a>
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <em class="jxr_javadoccomment"> * Makes sure a usable temporary directory is available.</em>
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <em class="jxr_javadoccomment"> * @throws Exception an AnalyzeException is thrown when the temp directory cannot be created</em>
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> @Override
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <strong class="jxr_keyword">final</strong> File baseDir = Settings.getTempDirectory();
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> tempFileLocation = File.createTempFile(<span class="jxr_string">"check"</span>, <span class="jxr_string">"tmp"</span>, baseDir);
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.delete()) {
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <strong class="jxr_keyword">final</strong> String msg = String.format(
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <span class="jxr_string">"Unable to delete temporary file '%s'."</span>,
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> tempFileLocation.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> }
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <strong class="jxr_keyword">final</strong> String msg = String.format(
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <span class="jxr_string">"Unable to create directory '%s'."</span>,
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> tempFileLocation.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> }
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> }
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a>
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <em class="jxr_javadoccomment"> * Deletes any files extracted from the Wheel during analysis.</em>
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> @Override
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() {
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <strong class="jxr_keyword">if</strong> (tempFileLocation != <strong class="jxr_keyword">null</strong> && tempFileLocation.exists()) {
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> LOGGER.debug(<span class="jxr_string">"Attempting to delete temporary files"</span>);
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> success = FileUtils.delete(tempFileLocation);
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <strong class="jxr_keyword">if</strong> (!success) {
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> LOGGER.warn(
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <span class="jxr_string">"Failed to delete some temporary files, see the log for more details"</span>);
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> }
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> }
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> }
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a>
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <em class="jxr_javadoccomment"> * Gathers evidence from the METADATA file.</em>
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_javadoccomment"> * @param file a reference to the manifest/properties file</em>
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> collectWheelMetadata(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, File file) {
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <strong class="jxr_keyword">final</strong> InternetHeaders headers = getManifestProperties(file);
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> addPropertyToEvidence(headers, dependency.getVersionEvidence(),
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <span class="jxr_string">"Version"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> addPropertyToEvidence(headers, dependency.getProductEvidence(), <span class="jxr_string">"Name"</span>,
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <strong class="jxr_keyword">final</strong> String url = headers.getHeader(<span class="jxr_string">"Home-page"</span>, <strong class="jxr_keyword">null</strong>);
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendorEvidence = dependency
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> .getVendorEvidence();
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(url)) {
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> <strong class="jxr_keyword">if</strong> (UrlStringUtils.isUrl(url)) {
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> vendorEvidence.addEvidence(METADATA, <span class="jxr_string">"vendor"</span>, url,
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> }
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> }
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> addPropertyToEvidence(headers, vendorEvidence, <span class="jxr_string">"Author"</span>, Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <strong class="jxr_keyword">final</strong> String summary = headers.getHeader(<span class="jxr_string">"Summary"</span>, <strong class="jxr_keyword">null</strong>);
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(summary)) {
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <a href="../../../../org/owasp/dependencycheck/analyzer/JarAnalyzer.html">JarAnalyzer</a>
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> .addDescription(dependency, summary, METADATA, <span class="jxr_string">"summary"</span>);
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> }
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> }
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a>
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <em class="jxr_javadoccomment"> * Adds a value to the evidence collection.</em>
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <em class="jxr_javadoccomment"> * @param headers the properties collection</em>
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <em class="jxr_javadoccomment"> * @param evidence the evidence collection to add the value</em>
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <em class="jxr_javadoccomment"> * @param property the property name</em>
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <em class="jxr_javadoccomment"> * @param confidence the confidence of the evidence</em>
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> addPropertyToEvidence(InternetHeaders headers,
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence, String property, <a href="../../../../org/owasp/dependencycheck/dependency/Confidence.html">Confidence</a> confidence) {
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <strong class="jxr_keyword">final</strong> String value = headers.getHeader(property, <strong class="jxr_keyword">null</strong>);
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> LOGGER.debug(<span class="jxr_string">"Property: {}, Value: {}"</span>, property, value);
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(value)) {
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> evidence.addEvidence(METADATA, property, value, confidence);
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> }
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> }
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a>
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> <em class="jxr_javadoccomment"> * Returns a list of files that match the given filter, this does not recursively scan the directory.</em>
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <em class="jxr_javadoccomment"> * @param folder the folder to filter</em>
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <em class="jxr_javadoccomment"> * @param filter the filter to apply to the files in the directory</em>
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <em class="jxr_javadoccomment"> * @return the list of Files in the directory that match the provided filter</em>
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> File getMatchingFile(File folder, FilenameFilter filter) {
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> File result = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <strong class="jxr_keyword">final</strong> File[] matches = folder.listFiles(filter);
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != matches && 1 == matches.length) {
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> result = matches[0];
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> }
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> <strong class="jxr_keyword">return</strong> result;
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a> }
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a>
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a> <em class="jxr_javadoccomment"> * Reads the manifest entries from the provided file.</em>
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> <em class="jxr_javadoccomment"> * @param manifest the manifest</em>
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> <em class="jxr_javadoccomment"> * @return the manifest entries</em>
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> InternetHeaders getManifestProperties(File manifest) {
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a> <strong class="jxr_keyword">final</strong> InternetHeaders result = <strong class="jxr_keyword">new</strong> InternetHeaders();
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> == manifest) {
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a> LOGGER.debug(<span class="jxr_string">"Manifest file not found."</span>);
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L342" href="#L342">342</a> result.load(<strong class="jxr_keyword">new</strong> AutoCloseInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(
|
||||
<a class="jxr_linenumber" name="L343" href="#L343">343</a> <strong class="jxr_keyword">new</strong> FileInputStream(manifest))));
|
||||
<a class="jxr_linenumber" name="L344" href="#L344">344</a> } <strong class="jxr_keyword">catch</strong> (MessagingException e) {
|
||||
<a class="jxr_linenumber" name="L345" href="#L345">345</a> LOGGER.warn(e.getMessage(), e);
|
||||
<a class="jxr_linenumber" name="L346" href="#L346">346</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException e) {
|
||||
<a class="jxr_linenumber" name="L347" href="#L347">347</a> LOGGER.warn(e.getMessage(), e);
|
||||
<a class="jxr_linenumber" name="L348" href="#L348">348</a> }
|
||||
<a class="jxr_linenumber" name="L349" href="#L349">349</a> }
|
||||
<a class="jxr_linenumber" name="L350" href="#L350">350</a> <strong class="jxr_keyword">return</strong> result;
|
||||
<a class="jxr_linenumber" name="L351" href="#L351">351</a> }
|
||||
<a class="jxr_linenumber" name="L352" href="#L352">352</a>
|
||||
<a class="jxr_linenumber" name="L353" href="#L353">353</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <em class="jxr_javadoccomment"> * Retrieves the next temporary destination directory for extracting an archive.</em>
|
||||
<a class="jxr_linenumber" name="L355" href="#L355">355</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L356" href="#L356">356</a> <em class="jxr_javadoccomment"> * @return a directory</em>
|
||||
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if unable to create temporary directory</em>
|
||||
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L359" href="#L359">359</a> <strong class="jxr_keyword">private</strong> File getNextTempDirectory() <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L360" href="#L360">360</a> File directory;
|
||||
<a class="jxr_linenumber" name="L361" href="#L361">361</a>
|
||||
<a class="jxr_linenumber" name="L362" href="#L362">362</a> <em class="jxr_comment">// getting an exception for some directories not being able to be</em>
|
||||
<a class="jxr_linenumber" name="L363" href="#L363">363</a> <em class="jxr_comment">// created; might be because the directory already exists?</em>
|
||||
<a class="jxr_linenumber" name="L364" href="#L364">364</a> <strong class="jxr_keyword">do</strong> {
|
||||
<a class="jxr_linenumber" name="L365" href="#L365">365</a> dirCount += 1;
|
||||
<a class="jxr_linenumber" name="L366" href="#L366">366</a> directory = <strong class="jxr_keyword">new</strong> File(tempFileLocation, String.valueOf(dirCount));
|
||||
<a class="jxr_linenumber" name="L367" href="#L367">367</a> } <strong class="jxr_keyword">while</strong> (directory.exists());
|
||||
<a class="jxr_linenumber" name="L368" href="#L368">368</a> <strong class="jxr_keyword">if</strong> (!directory.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L369" href="#L369">369</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(String.format(
|
||||
<a class="jxr_linenumber" name="L370" href="#L370">370</a> <span class="jxr_string">"Unable to create temp directory '%s'."</span>,
|
||||
<a class="jxr_linenumber" name="L371" href="#L371">371</a> directory.getAbsolutePath()));
|
||||
<a class="jxr_linenumber" name="L372" href="#L372">372</a> }
|
||||
<a class="jxr_linenumber" name="L373" href="#L373">373</a> <strong class="jxr_keyword">return</strong> directory;
|
||||
<a class="jxr_linenumber" name="L374" href="#L374">374</a> }
|
||||
<a class="jxr_linenumber" name="L375" href="#L375">375</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -40,288 +40,295 @@
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> java.io.File;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> java.io.FileFilter;
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> java.util.ArrayList;
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> java.util.List;
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * Used to analyze a Python package, and collect information that can be used to determine the associated CPE.</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.html">PythonPackageAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * Used when compiling file scanning regex patterns.</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> REGEX_OPTIONS = Pattern.DOTALL
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> | Pattern.CASE_INSENSITIVE;
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> * Filename extensions for files to be analyzed.</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String EXTENSIONS = <span class="jxr_string">"py"</span>;
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment"> * Pattern for matching the module docstring in a source file.</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern MODULE_DOCSTRING = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <span class="jxr_string">"^(['\\\"]{3})(.*?)\\1"</span>, REGEX_OPTIONS);
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment"> * Matches assignments to version variables in Python source code.</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern VERSION_PATTERN = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <span class="jxr_string">"\\b(__)?version(__)? *= *(['\"]+)(\\d+\\.\\d+.*?)\\3"</span>,
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> REGEX_OPTIONS);
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment"> * Matches assignments to title variables in Python source code.</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern TITLE_PATTERN = compileAssignPattern(<span class="jxr_string">"title"</span>);
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> * Matches assignments to summary variables in Python source code.</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern SUMMARY_PATTERN = compileAssignPattern(<span class="jxr_string">"summary"</span>);
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> * Matches assignments to URL/URL variables in Python source code.</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern URI_PATTERN = compileAssignPattern(<span class="jxr_string">"ur[il]"</span>);
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> * Matches assignments to home page variables in Python source code.</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern HOMEPAGE_PATTERN = compileAssignPattern(<span class="jxr_string">"home_?page"</span>);
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> * Matches assignments to author variables in Python source code.</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern AUTHOR_PATTERN = compileAssignPattern(<span class="jxr_string">"author"</span>);
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> * Filter that detects files named "__init__.py".</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter INIT_PY_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(<span class="jxr_string">"__init__.py"</span>);
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> * The file filter for python files.</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter PY_FILTER = <strong class="jxr_keyword">new</strong> SuffixFileFilter(<span class="jxr_string">".py"</span>);
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> * Returns the name of the Python Package Analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> @Override
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"Python Package Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> }
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment"> * Tell that we are used for information collection.</em>
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> * @return INFORMATION_COLLECTION</em>
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> @Override
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> }
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a>
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> @Override
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <strong class="jxr_keyword">return</strong> FILTER;
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> }
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a>
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_javadoccomment"> * No-op initializer implementation.</em>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment"> * @throws Exception never thrown</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> @Override
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_comment">// Nothing to do here.</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> }
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a>
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_javadoccomment"> * Utility function to create a regex pattern matcher.</em>
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment"> * @param name the value to use when constructing the assignment pattern</em>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> * @return the compiled Pattern</em>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> Pattern compileAssignPattern(String name) {
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">return</strong> Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> String.format(<span class="jxr_string">"\\b(__)?%s(__)?\\b *= *(['\"]+)(.*?)\\3"</span>, name),
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> REGEX_OPTIONS);
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> }
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a>
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <em class="jxr_javadoccomment"> * Analyzes python packages and adds evidence to the dependency.</em>
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <em class="jxr_javadoccomment"> * @param engine the engine being used to perform the scan</em>
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error analyzing the dependency</em>
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> @Override
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <strong class="jxr_keyword">final</strong> File file = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <strong class="jxr_keyword">final</strong> File parent = file.getParentFile();
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <strong class="jxr_keyword">final</strong> String parentName = parent.getName();
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <strong class="jxr_keyword">boolean</strong> found = false;
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">if</strong> (INIT_PY_FILTER.accept(file)) {
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">final</strong> File[] fileList = parent.listFiles(PY_FILTER);
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">if</strong> (fileList != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">final</strong> File sourceFile : fileList) {
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> found |= analyzeFileContents(dependency, sourceFile);
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> }
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> }
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> }
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <strong class="jxr_keyword">if</strong> (found) {
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> dependency.setDisplayFileName(parentName + <span class="jxr_string">"/__init__.py"</span>);
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> dependency.getProductEvidence().addEvidence(file.getName(),
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <span class="jxr_string">"PackageName"</span>, parentName, Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_comment">// copy, alter and set in case some other thread is iterating over</em>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <strong class="jxr_keyword">final</strong> List<Dependency> dependencies = <strong class="jxr_keyword">new</strong> ArrayList<Dependency>(
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> engine.getDependencies());
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> dependencies.remove(dependency);
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> engine.setDependencies(dependencies);
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> }
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> }
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a>
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <em class="jxr_javadoccomment"> * This should gather information from leading docstrings, file comments, and assignments to __version__, __title__,</em>
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <em class="jxr_javadoccomment"> * __summary__, __uri__, __url__, __home*page__, __author__, and their all caps equivalents.</em>
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <em class="jxr_javadoccomment"> * @param file the file name to analyze</em>
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_javadoccomment"> * @return whether evidence was found</em>
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error</em>
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> analyzeFileContents(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, File file)
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> String contents;
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> contents = FileUtils.readFileToString(file).trim();
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> }
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <strong class="jxr_keyword">boolean</strong> found = false;
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <strong class="jxr_keyword">if</strong> (!contents.isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">final</strong> String source = file.getName();
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> found = gatherEvidence(VERSION_PATTERN, contents, source,
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> dependency.getVersionEvidence(), <span class="jxr_string">"SourceVersion"</span>,
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> found |= addSummaryInfo(dependency, SUMMARY_PATTERN, 4, contents,
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> source, <span class="jxr_string">"summary"</span>);
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">if</strong> (INIT_PY_FILTER.accept(file)) {
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> found |= addSummaryInfo(dependency, MODULE_DOCSTRING, 2,
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> contents, source, <span class="jxr_string">"docstring"</span>);
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> }
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> found |= gatherEvidence(TITLE_PATTERN, contents, source,
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> dependency.getProductEvidence(), <span class="jxr_string">"SourceTitle"</span>,
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendorEvidence = dependency
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> .getVendorEvidence();
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> found |= gatherEvidence(AUTHOR_PATTERN, contents, source,
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> vendorEvidence, <span class="jxr_string">"SourceAuthor"</span>, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> found |= gatherHomePageEvidence(URI_PATTERN, vendorEvidence,
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> source, <span class="jxr_string">"URL"</span>, contents);
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> found |= gatherHomePageEvidence(HOMEPAGE_PATTERN,
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> vendorEvidence, source, <span class="jxr_string">"HomePage"</span>, contents);
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> }
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <strong class="jxr_keyword">return</strong> found;
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> }
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a>
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <em class="jxr_javadoccomment"> * Adds summary information to the dependency</em>
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <em class="jxr_javadoccomment"> * @param pattern the pattern used to perform analysis</em>
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <em class="jxr_javadoccomment"> * @param group the group from the pattern that indicates the data to use</em>
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> <em class="jxr_javadoccomment"> * @param contents the data being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <em class="jxr_javadoccomment"> * @param source the source name to use when recording the evidence</em>
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <em class="jxr_javadoccomment"> * @param key the key name to use when recording the evidence</em>
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <em class="jxr_javadoccomment"> * @return true if evidence was collected; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> addSummaryInfo(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, Pattern pattern,
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <strong class="jxr_keyword">int</strong> group, String contents, String source, String key) {
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <strong class="jxr_keyword">final</strong> Matcher matcher = pattern.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> found = matcher.find();
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <strong class="jxr_keyword">if</strong> (found) {
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> JarAnalyzer.addDescription(dependency, matcher.group(group),
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> source, key);
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> }
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> <strong class="jxr_keyword">return</strong> found;
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> }
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a>
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> <em class="jxr_javadoccomment"> * Collects evidence from the home page URL.</em>
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> <em class="jxr_javadoccomment"> * @param pattern the pattern to match</em>
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <em class="jxr_javadoccomment"> * @param evidence the evidence collection to add the evidence to</em>
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <em class="jxr_javadoccomment"> * @param source the source of the evidence</em>
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <em class="jxr_javadoccomment"> * @param name the name of the evidence</em>
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_javadoccomment"> * @param contents the home page URL</em>
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <em class="jxr_javadoccomment"> * @return true if evidence was collected; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> gatherHomePageEvidence(Pattern pattern,
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence, String source, String name,
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> String contents) {
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <strong class="jxr_keyword">final</strong> Matcher matcher = pattern.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <strong class="jxr_keyword">boolean</strong> found = false;
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <strong class="jxr_keyword">if</strong> (matcher.find()) {
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <strong class="jxr_keyword">final</strong> String url = matcher.group(4);
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <strong class="jxr_keyword">if</strong> (UrlStringUtils.isUrl(url)) {
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> found = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> evidence.addEvidence(source, name, url, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> }
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> }
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <strong class="jxr_keyword">return</strong> found;
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> }
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a>
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <em class="jxr_javadoccomment"> * Gather evidence from a Python source file using the given string assignment regex pattern.</em>
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <em class="jxr_javadoccomment"> * @param pattern to scan contents with</em>
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <em class="jxr_javadoccomment"> * @param contents of Python source file</em>
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <em class="jxr_javadoccomment"> * @param source for storing evidence</em>
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <em class="jxr_javadoccomment"> * @param evidence to store evidence in</em>
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_javadoccomment"> * @param name of evidence</em>
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <em class="jxr_javadoccomment"> * @param confidence in evidence</em>
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <em class="jxr_javadoccomment"> * @return whether evidence was found</em>
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> gatherEvidence(Pattern pattern, String contents,
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> String source, <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence, String name,
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <a href="../../../../org/owasp/dependencycheck/dependency/Confidence.html">Confidence</a> confidence) {
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <strong class="jxr_keyword">final</strong> Matcher matcher = pattern.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> found = matcher.find();
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <strong class="jxr_keyword">if</strong> (found) {
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> evidence.addEvidence(source, name, matcher.group(4), confidence);
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> }
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <strong class="jxr_keyword">return</strong> found;
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> }
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a>
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> @Override
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED;
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> }
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> }
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> java.nio.charset.Charset;
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> java.util.ArrayList;
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> java.util.List;
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> * Used to analyze a Python package, and collect information that can be used to</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * determine the associated CPE.</em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> @Experimental
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.html">PythonPackageAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> * Used when compiling file scanning regex patterns.</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> REGEX_OPTIONS = Pattern.DOTALL
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> | Pattern.CASE_INSENSITIVE;
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> * Filename extensions for files to be analyzed.</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String EXTENSIONS = <span class="jxr_string">"py"</span>;
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> * Pattern for matching the module docstring in a source file.</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern MODULE_DOCSTRING = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <span class="jxr_string">"^(['\\\"]{3})(.*?)\\1"</span>, REGEX_OPTIONS);
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> * Matches assignments to version variables in Python source code.</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern VERSION_PATTERN = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <span class="jxr_string">"\\b(__)?version(__)? *= *(['\"]+)(\\d+\\.\\d+.*?)\\3"</span>,
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> REGEX_OPTIONS);
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment"> * Matches assignments to title variables in Python source code.</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern TITLE_PATTERN = compileAssignPattern(<span class="jxr_string">"title"</span>);
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> * Matches assignments to summary variables in Python source code.</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern SUMMARY_PATTERN = compileAssignPattern(<span class="jxr_string">"summary"</span>);
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> * Matches assignments to URL/URL variables in Python source code.</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern URI_PATTERN = compileAssignPattern(<span class="jxr_string">"ur[il]"</span>);
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment"> * Matches assignments to home page variables in Python source code.</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern HOMEPAGE_PATTERN = compileAssignPattern(<span class="jxr_string">"home_?page"</span>);
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment"> * Matches assignments to author variables in Python source code.</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern AUTHOR_PATTERN = compileAssignPattern(<span class="jxr_string">"author"</span>);
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment"> * Filter that detects files named "__init__.py".</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter INIT_PY_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(<span class="jxr_string">"__init__.py"</span>);
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> * The file filter for python files.</em>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter PY_FILTER = <strong class="jxr_keyword">new</strong> SuffixFileFilter(<span class="jxr_string">".py"</span>);
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a>
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment"> * Returns the name of the Python Package Analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> @Override
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"Python Package Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> }
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a>
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <em class="jxr_javadoccomment"> * Tell that we are used for information collection.</em>
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <em class="jxr_javadoccomment"> * @return INFORMATION_COLLECTION</em>
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> @Override
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> }
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> @Override
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">return</strong> FILTER;
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> }
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> * No-op initializer implementation.</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> * @throws Exception never thrown</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> @Override
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <em class="jxr_comment">// Nothing to do here.</em>
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> }
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a>
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> * Utility function to create a regex pattern matcher.</em>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> * @param name the value to use when constructing the assignment pattern</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> * @return the compiled Pattern</em>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> Pattern compileAssignPattern(String name) {
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">return</strong> Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> String.format(<span class="jxr_string">"\\b(__)?%s(__)?\\b *= *(['\"]+)(.*?)\\3"</span>, name),
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> REGEX_OPTIONS);
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> }
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a>
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <em class="jxr_javadoccomment"> * Analyzes python packages and adds evidence to the dependency.</em>
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <em class="jxr_javadoccomment"> * @param engine the engine being used to perform the scan</em>
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error</em>
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment"> * analyzing the dependency</em>
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> @Override
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">final</strong> File file = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">final</strong> File parent = file.getParentFile();
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">final</strong> String parentName = parent.getName();
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">if</strong> (INIT_PY_FILTER.accept(file)) {
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <em class="jxr_comment">//by definition, the containing folder of __init__.py is considered the package, even the file is empty:</em>
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <em class="jxr_comment">//"The __init__.py files are required to make Python treat the directories as containing packages"</em>
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <em class="jxr_comment">//see section "6.4 Packages" from https://docs.python.org/2/tutorial/modules.html;</em>
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> dependency.setDisplayFileName(parentName + <span class="jxr_string">"/__init__.py"</span>);
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> dependency.getProductEvidence().addEvidence(file.getName(),
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <span class="jxr_string">"PackageName"</span>, parentName, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a>
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <strong class="jxr_keyword">final</strong> File[] fileList = parent.listFiles(PY_FILTER);
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <strong class="jxr_keyword">if</strong> (fileList != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">final</strong> File sourceFile : fileList) {
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> analyzeFileContents(dependency, sourceFile);
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> }
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> }
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <em class="jxr_comment">// copy, alter and set in case some other thread is iterating over</em>
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">final</strong> List<Dependency> dependencies = <strong class="jxr_keyword">new</strong> ArrayList<Dependency>(
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> engine.getDependencies());
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> dependencies.remove(dependency);
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> engine.setDependencies(dependencies);
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> }
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> }
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a>
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_javadoccomment"> * This should gather information from leading docstrings, file comments,</em>
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <em class="jxr_javadoccomment"> * and assignments to __version__, __title__, __summary__, __uri__, __url__,</em>
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_javadoccomment"> * __home*page__, __author__, and their all caps equivalents.</em>
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <em class="jxr_javadoccomment"> * @param file the file name to analyze</em>
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <em class="jxr_javadoccomment"> * @return whether evidence was found</em>
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error</em>
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> analyzeFileContents(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, File file)
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> String contents;
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> contents = FileUtils.readFileToString(file, Charset.defaultCharset()).trim();
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> }
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <strong class="jxr_keyword">boolean</strong> found = false;
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <strong class="jxr_keyword">if</strong> (!contents.isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">final</strong> String source = file.getName();
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> found = gatherEvidence(VERSION_PATTERN, contents, source,
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> dependency.getVersionEvidence(), <span class="jxr_string">"SourceVersion"</span>,
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> found |= addSummaryInfo(dependency, SUMMARY_PATTERN, 4, contents,
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> source, <span class="jxr_string">"summary"</span>);
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <strong class="jxr_keyword">if</strong> (INIT_PY_FILTER.accept(file)) {
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> found |= addSummaryInfo(dependency, MODULE_DOCSTRING, 2,
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> contents, source, <span class="jxr_string">"docstring"</span>);
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> }
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> found |= gatherEvidence(TITLE_PATTERN, contents, source,
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> dependency.getProductEvidence(), <span class="jxr_string">"SourceTitle"</span>,
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendorEvidence = dependency
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> .getVendorEvidence();
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> found |= gatherEvidence(AUTHOR_PATTERN, contents, source,
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> vendorEvidence, <span class="jxr_string">"SourceAuthor"</span>, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> found |= gatherHomePageEvidence(URI_PATTERN, vendorEvidence,
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> source, <span class="jxr_string">"URL"</span>, contents);
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> found |= gatherHomePageEvidence(HOMEPAGE_PATTERN,
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> vendorEvidence, source, <span class="jxr_string">"HomePage"</span>, contents);
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> }
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <strong class="jxr_keyword">return</strong> found;
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> }
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a>
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <em class="jxr_javadoccomment"> * Adds summary information to the dependency</em>
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <em class="jxr_javadoccomment"> * @param pattern the pattern used to perform analysis</em>
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <em class="jxr_javadoccomment"> * @param group the group from the pattern that indicates the data to use</em>
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <em class="jxr_javadoccomment"> * @param contents the data being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <em class="jxr_javadoccomment"> * @param source the source name to use when recording the evidence</em>
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <em class="jxr_javadoccomment"> * @param key the key name to use when recording the evidence</em>
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <em class="jxr_javadoccomment"> * @return true if evidence was collected; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> addSummaryInfo(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, Pattern pattern,
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <strong class="jxr_keyword">int</strong> group, String contents, String source, String key) {
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> <strong class="jxr_keyword">final</strong> Matcher matcher = pattern.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> found = matcher.find();
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> <strong class="jxr_keyword">if</strong> (found) {
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> JarAnalyzer.addDescription(dependency, matcher.group(group),
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> source, key);
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> }
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> <strong class="jxr_keyword">return</strong> found;
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> }
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a>
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_javadoccomment"> * Collects evidence from the home page URL.</em>
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <em class="jxr_javadoccomment"> * @param pattern the pattern to match</em>
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <em class="jxr_javadoccomment"> * @param evidence the evidence collection to add the evidence to</em>
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <em class="jxr_javadoccomment"> * @param source the source of the evidence</em>
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <em class="jxr_javadoccomment"> * @param name the name of the evidence</em>
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <em class="jxr_javadoccomment"> * @param contents the home page URL</em>
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <em class="jxr_javadoccomment"> * @return true if evidence was collected; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> gatherHomePageEvidence(Pattern pattern,
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence, String source, String name,
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> String contents) {
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> <strong class="jxr_keyword">final</strong> Matcher matcher = pattern.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> <strong class="jxr_keyword">boolean</strong> found = false;
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <strong class="jxr_keyword">if</strong> (matcher.find()) {
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <strong class="jxr_keyword">final</strong> String url = matcher.group(4);
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <strong class="jxr_keyword">if</strong> (UrlStringUtils.isUrl(url)) {
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> found = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> evidence.addEvidence(source, name, url, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> }
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> }
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <strong class="jxr_keyword">return</strong> found;
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> }
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a>
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_javadoccomment"> * Gather evidence from a Python source file using the given string</em>
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <em class="jxr_javadoccomment"> * assignment regex pattern.</em>
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <em class="jxr_javadoccomment"> * @param pattern to scan contents with</em>
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <em class="jxr_javadoccomment"> * @param contents of Python source file</em>
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <em class="jxr_javadoccomment"> * @param source for storing evidence</em>
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <em class="jxr_javadoccomment"> * @param evidence to store evidence in</em>
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <em class="jxr_javadoccomment"> * @param name of evidence</em>
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <em class="jxr_javadoccomment"> * @param confidence in evidence</em>
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <em class="jxr_javadoccomment"> * @return whether evidence was found</em>
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> gatherEvidence(Pattern pattern, String contents,
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> String source, <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence, String name,
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> <a href="../../../../org/owasp/dependencycheck/dependency/Confidence.html">Confidence</a> confidence) {
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> <strong class="jxr_keyword">final</strong> Matcher matcher = pattern.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> found = matcher.find();
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <strong class="jxr_keyword">if</strong> (found) {
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> evidence.addEvidence(source, name, matcher.group(4), confidence);
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> }
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <strong class="jxr_keyword">return</strong> found;
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> }
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a>
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> @Override
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED;
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> }
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -25,329 +25,458 @@
|
||||
<a class="jxr_linenumber" name="L17" href="#L17">17</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L18" href="#L18">18</a> <strong class="jxr_keyword">package</strong> org.owasp.dependencycheck.analyzer;
|
||||
<a class="jxr_linenumber" name="L19" href="#L19">19</a>
|
||||
<a class="jxr_linenumber" name="L20" href="#L20">20</a> <strong class="jxr_keyword">import</strong> org.apache.commons.io.FileUtils;
|
||||
<a class="jxr_linenumber" name="L21" href="#L21">21</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.Engine;
|
||||
<a class="jxr_linenumber" name="L22" href="#L22">22</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||
<a class="jxr_linenumber" name="L23" href="#L23">23</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Confidence;
|
||||
<a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
|
||||
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Reference;
|
||||
<a class="jxr_linenumber" name="L26" href="#L26">26</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Vulnerability;
|
||||
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.FileFilterBuilder;
|
||||
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> org.slf4j.Logger;
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> org.slf4j.LoggerFactory;
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a>
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> java.io.*;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> java.util.*;
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a>
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment"> * Used to analyze Ruby Bundler Gemspec.lock files utilizing the 3rd party bundle-audit tool.</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.html">RubyBundleAuditAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L20" href="#L20">20</a> <strong class="jxr_keyword">import</strong> java.io.BufferedReader;
|
||||
<a class="jxr_linenumber" name="L21" href="#L21">21</a> <strong class="jxr_keyword">import</strong> java.io.File;
|
||||
<a class="jxr_linenumber" name="L22" href="#L22">22</a> <strong class="jxr_keyword">import</strong> java.io.FileFilter;
|
||||
<a class="jxr_linenumber" name="L23" href="#L23">23</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
|
||||
<a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> java.io.InputStreamReader;
|
||||
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> java.util.ArrayList;
|
||||
<a class="jxr_linenumber" name="L26" href="#L26">26</a> <strong class="jxr_keyword">import</strong> java.util.HashMap;
|
||||
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> java.util.List;
|
||||
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <strong class="jxr_keyword">import</strong> java.util.Map;
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> java.nio.charset.Charset;
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> org.apache.commons.io.FileUtils;
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.Engine;
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Confidence;
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Reference;
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Vulnerability;
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.FileFilterBuilder;
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <strong class="jxr_keyword">import</strong> org.slf4j.Logger;
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <strong class="jxr_keyword">import</strong> org.slf4j.LoggerFactory;
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Ruby Bundle Audit Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.PRE_INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> = FileFilterBuilder.newInstance().addFilenames(<span class="jxr_string">"Gemfile.lock"</span>).build();
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String NAME = <span class="jxr_string">"Name: "</span>;
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String VERSION = <span class="jxr_string">"Version: "</span>;
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ADVISORY = <span class="jxr_string">"Advisory: "</span>;
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CRITICALITY = <span class="jxr_string">"Criticality: "</span>;
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> * @return a filter that accepts files named Gemfile.lock</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> @Override
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <strong class="jxr_keyword">return</strong> FILTER;
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> }
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> * Launch bundle-audit.</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment"> * @return a handle to the process</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <strong class="jxr_keyword">private</strong> Process launchBundleAudit(File folder) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <strong class="jxr_keyword">if</strong> (!folder.isDirectory()) {
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(String.format(<span class="jxr_string">"%s should have been a directory."</span>, folder.getAbsolutePath()));
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> }
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">final</strong> List<String> args = <strong class="jxr_keyword">new</strong> ArrayList<String>();
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <strong class="jxr_keyword">final</strong> String bundleAuditPath = Settings.getString(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH);
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> args.add(<strong class="jxr_keyword">null</strong> == bundleAuditPath ? <span class="jxr_string">"bundle-audit"</span> : bundleAuditPath);
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> args.add(<span class="jxr_string">"check"</span>);
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> args.add(<span class="jxr_string">"--verbose"</span>);
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <strong class="jxr_keyword">final</strong> ProcessBuilder builder = <strong class="jxr_keyword">new</strong> ProcessBuilder(args);
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> builder.directory(folder);
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> LOGGER.info(<span class="jxr_string">"Launching: "</span> + args + <span class="jxr_string">" from "</span> + folder);
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">return</strong> builder.start();
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"bundle-audit failure"</span>, ioe);
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> }
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> }
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> * Initialize the analyzer. In this case, extract GrokAssembly.exe to a temporary location.</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * @throws Exception if anything goes wrong</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> @Override
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_comment">// Now, need to see if bundle-audit actually runs from this location.</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> Process process = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> process = launchBundleAudit(Settings.getTempDirectory());
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> }
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <strong class="jxr_keyword">catch</strong>(<a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> ae) {
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> LOGGER.warn(<span class="jxr_string">"Exception from bundle-audit process: {}. Disabling {}"</span>, ae.getCause(), ANALYZER_NAME);
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">throw</strong> ae;
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> }
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a>
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">int</strong> exitValue = process.waitFor();
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">if</strong> (0 == exitValue) {
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> LOGGER.warn(<span class="jxr_string">"Unexpected exit code from bundle-audit process. Disabling {}: {}"</span>, ANALYZER_NAME, exitValue);
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Unexpected exit code from bundle-audit process."</span>);
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> BufferedReader reader = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> reader = <strong class="jxr_keyword">new</strong> BufferedReader(<strong class="jxr_keyword">new</strong> InputStreamReader(process.getErrorStream(), <span class="jxr_string">"UTF-8"</span>));
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <strong class="jxr_keyword">if</strong> (!reader.ready()) {
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> LOGGER.warn(<span class="jxr_string">"Bundle-audit error stream unexpectedly not ready. Disabling "</span> + ANALYZER_NAME);
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Bundle-audit error stream unexpectedly not ready."</span>);
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <strong class="jxr_keyword">final</strong> String line = reader.readLine();
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">if</strong> (line == <strong class="jxr_keyword">null</strong> || !line.contains(<span class="jxr_string">"Errno::ENOENT"</span>)) {
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> LOGGER.warn(<span class="jxr_string">"Unexpected bundle-audit output. Disabling {}: {}"</span>, ANALYZER_NAME, line);
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Unexpected bundle-audit output."</span>);
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> }
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> }
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != reader) {
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> reader.close();
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> }
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> }
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> }
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <strong class="jxr_keyword">if</strong> (isEnabled()) {
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> LOGGER.info(ANALYZER_NAME + <span class="jxr_string">" is enabled. It is necessary to manually run \"bundle-audit update\" "</span>
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> + <span class="jxr_string">"occasionally to keep its database up to date."</span>);
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> }
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> }
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> @Override
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> }
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> @Override
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> }
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a>
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> @Override
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED;
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> }
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a>
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <em class="jxr_javadoccomment"> * If {@link #analyzeFileType(Dependency, Engine)} is called, then we have successfully initialized, and it will be necessary</em>
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <em class="jxr_javadoccomment"> * to disable {@link RubyGemspecAnalyzer}.</em>
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> needToDisableGemspecAnalyzer = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a>
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> @Override
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <strong class="jxr_keyword">if</strong> (needToDisableGemspecAnalyzer) {
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <strong class="jxr_keyword">boolean</strong> failed = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <strong class="jxr_keyword">final</strong> String className = RubyGemspecAnalyzer.<strong class="jxr_keyword">class</strong>.getName();
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <strong class="jxr_keyword">for</strong> (FileTypeAnalyzer analyzer : engine.getFileTypeAnalyzers()) {
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <strong class="jxr_keyword">if</strong> (analyzer instanceof RubyGemspecAnalyzer) {
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> ((<a href="../../../../org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.html">RubyGemspecAnalyzer</a>) analyzer).setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> LOGGER.info(<span class="jxr_string">"Disabled "</span> + className + <span class="jxr_string">" to avoid noisy duplicate results."</span>);
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> failed = false;
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> }
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> }
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">if</strong> (failed) {
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> LOGGER.warn(<span class="jxr_string">"Did not find"</span> + className + '.');
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> }
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> needToDisableGemspecAnalyzer = false;
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> }
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <strong class="jxr_keyword">final</strong> File parentFile = dependency.getActualFile().getParentFile();
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <strong class="jxr_keyword">final</strong> Process process = launchBundleAudit(parentFile);
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> process.waitFor();
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> } <strong class="jxr_keyword">catch</strong> (InterruptedException ie) {
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"bundle-audit process interrupted"</span>, ie);
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> }
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> BufferedReader rdr = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> BufferedReader errReader = <strong class="jxr_keyword">new</strong> BufferedReader(<strong class="jxr_keyword">new</strong> InputStreamReader(process.getErrorStream(), <span class="jxr_string">"UTF-8"</span>));
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <strong class="jxr_keyword">while</strong>(errReader.ready()) {
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> String error = errReader.readLine();
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> LOGGER.warn(error);
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> }
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> rdr = <strong class="jxr_keyword">new</strong> BufferedReader(<strong class="jxr_keyword">new</strong> InputStreamReader(process.getInputStream(), <span class="jxr_string">"UTF-8"</span>));
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> processBundlerAuditOutput(dependency, engine, rdr);
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> LOGGER.warn(<span class="jxr_string">"bundle-audit failure"</span>, ioe);
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != rdr) {
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> rdr.close();
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> LOGGER.warn(<span class="jxr_string">"bundle-audit close failure"</span>, ioe);
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> }
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> }
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> }
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a>
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> }
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a>
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> processBundlerAuditOutput(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> original, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine, BufferedReader rdr) <strong class="jxr_keyword">throws</strong> IOException {
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <strong class="jxr_keyword">final</strong> String parentName = original.getActualFile().getParentFile().getName();
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <strong class="jxr_keyword">final</strong> String fileName = original.getFileName();
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> vulnerability = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> String gem = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <strong class="jxr_keyword">final</strong> Map<String, Dependency> map = <strong class="jxr_keyword">new</strong> HashMap<String, Dependency>();
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <strong class="jxr_keyword">boolean</strong> appendToDescription = false;
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <strong class="jxr_keyword">while</strong> (rdr.ready()) {
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <strong class="jxr_keyword">final</strong> String nextLine = rdr.readLine();
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> == nextLine) {
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextLine.startsWith(NAME)) {
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> appendToDescription = false;
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> gem = nextLine.substring(NAME.length());
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <strong class="jxr_keyword">if</strong> (!map.containsKey(gem)) {
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> map.put(gem, createDependencyForGem(engine, parentName, fileName, gem));
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> }
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> dependency = map.get(gem);
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> LOGGER.debug(String.format(<span class="jxr_string">"bundle-audit (%s): %s"</span>, parentName, nextLine));
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextLine.startsWith(VERSION)) {
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> vulnerability = createVulnerability(parentName, dependency, vulnerability, gem, nextLine);
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextLine.startsWith(ADVISORY)) {
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> setVulnerabilityName(parentName, dependency, vulnerability, nextLine);
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextLine.startsWith(CRITICALITY)) {
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> addCriticalityToVulnerability(parentName, vulnerability, nextLine);
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextLine.startsWith(<span class="jxr_string">"URL: "</span>)) {
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> addReferenceToVulnerability(parentName, vulnerability, nextLine);
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextLine.startsWith(<span class="jxr_string">"Description:"</span>)) {
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> appendToDescription = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != vulnerability) {
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> vulnerability.setDescription(<span class="jxr_string">"*** Vulnerability obtained from bundle-audit verbose report. Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0 indicates unknown). See link below for full details. *** "</span>);
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> }
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (appendToDescription) {
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != vulnerability) {
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> vulnerability.setDescription(vulnerability.getDescription() + nextLine + <span class="jxr_string">"\n"</span>);
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> }
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> }
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> }
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> }
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a>
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> setVulnerabilityName(String parentName, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> vulnerability, String nextLine) {
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <strong class="jxr_keyword">final</strong> String advisory = nextLine.substring((ADVISORY.length()));
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != vulnerability) {
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> vulnerability.setName(advisory);
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> }
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != dependency) {
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> dependency.getVulnerabilities().add(vulnerability); <em class="jxr_comment">// needed to wait for vulnerability name to avoid NPE</em>
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> }
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> LOGGER.debug(String.format(<span class="jxr_string">"bundle-audit (%s): %s"</span>, parentName, nextLine));
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> }
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a>
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addReferenceToVulnerability(String parentName, <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> vulnerability, String nextLine) {
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <strong class="jxr_keyword">final</strong> String url = nextLine.substring((<span class="jxr_string">"URL: "</span>).length());
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != vulnerability) {
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> <a href="../../../../org/owasp/dependencycheck/dependency/Reference.html">Reference</a> ref = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Reference.html">Reference</a>();
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> ref.setName(vulnerability.getName());
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> ref.setSource(<span class="jxr_string">"bundle-audit"</span>);
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> ref.setUrl(url);
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> vulnerability.getReferences().add(ref);
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> }
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> LOGGER.debug(String.format(<span class="jxr_string">"bundle-audit (%s): %s"</span>, parentName, nextLine));
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> }
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a>
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addCriticalityToVulnerability(String parentName, <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> vulnerability, String nextLine) {
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != vulnerability) {
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <strong class="jxr_keyword">final</strong> String criticality = nextLine.substring(CRITICALITY.length()).trim();
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"High"</span>.equals(criticality)) {
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> vulnerability.setCvssScore(8.5f);
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"Medium"</span>.equals(criticality)) {
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> vulnerability.setCvssScore(5.5f);
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"Low"</span>.equals(criticality)) {
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> vulnerability.setCvssScore(2.0f);
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> vulnerability.setCvssScore(-1.0f);
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> }
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> }
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> LOGGER.debug(String.format(<span class="jxr_string">"bundle-audit (%s): %s"</span>, parentName, nextLine));
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> }
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a>
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> createVulnerability(String parentName, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> vulnerability, String gem, String nextLine) {
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != dependency) {
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> <strong class="jxr_keyword">final</strong> String version = nextLine.substring(VERSION.length());
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> dependency.getVersionEvidence().addEvidence(
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <span class="jxr_string">"bundler-audit"</span>,
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> <span class="jxr_string">"Version"</span>,
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> version,
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> vulnerability = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a>(); <em class="jxr_comment">// don't add to dependency until we have name set later</em>
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> vulnerability.setMatchedCPE(
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> String.format(<span class="jxr_string">"cpe:/a:%1$s_project:%1$s:%2$s::~~~ruby~~"</span>, gem, version),
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> <strong class="jxr_keyword">null</strong>);
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> vulnerability.setCvssAccessVector(<span class="jxr_string">"-"</span>);
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> vulnerability.setCvssAccessComplexity(<span class="jxr_string">"-"</span>);
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> vulnerability.setCvssAuthentication(<span class="jxr_string">"-"</span>);
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> vulnerability.setCvssAvailabilityImpact(<span class="jxr_string">"-"</span>);
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> vulnerability.setCvssConfidentialityImpact(<span class="jxr_string">"-"</span>);
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> vulnerability.setCvssIntegrityImpact(<span class="jxr_string">"-"</span>);
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> }
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a> LOGGER.debug(String.format(<span class="jxr_string">"bundle-audit (%s): %s"</span>, parentName, nextLine));
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a> <strong class="jxr_keyword">return</strong> vulnerability;
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> }
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a>
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> createDependencyForGem(<a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine, String parentName, String fileName, String gem) <strong class="jxr_keyword">throws</strong> IOException {
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> <strong class="jxr_keyword">final</strong> File tempFile = File.createTempFile(<span class="jxr_string">"Gemfile-"</span> + gem, <span class="jxr_string">".lock"</span>, Settings.getTempDirectory());
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> <strong class="jxr_keyword">final</strong> String displayFileName = String.format(<span class="jxr_string">"%s%c%s:%s"</span>, parentName, File.separatorChar, fileName, gem);
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a> FileUtils.write(tempFile, displayFileName); <em class="jxr_comment">// unique contents to avoid dependency bundling</em>
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(tempFile);
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a> dependency.getProductEvidence().addEvidence(<span class="jxr_string">"bundler-audit"</span>, <span class="jxr_string">"Name"</span>, gem, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> dependency.setDisplayFileName(displayFileName);
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a> engine.getDependencies().add(dependency);
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> <strong class="jxr_keyword">return</strong> dependency;
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> }
|
||||
<a class="jxr_linenumber" name="L342" href="#L342">342</a> }
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> * Used to analyze Ruby Bundler Gemspec.lock files utilizing the 3rd party</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> * bundle-audit tool.</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> @Experimental
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.html">RubyBundleAuditAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Ruby Bundle Audit Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.PRE_INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment"> * The filter defining which files will be analyzed.</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addFilenames(<span class="jxr_string">"Gemfile.lock"</span>).build();
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> * Name.</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String NAME = <span class="jxr_string">"Name: "</span>;
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> * Version.</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String VERSION = <span class="jxr_string">"Version: "</span>;
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> * Advisory.</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ADVISORY = <span class="jxr_string">"Advisory: "</span>;
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * Criticality.</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CRITICALITY = <span class="jxr_string">"Criticality: "</span>;
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> * The DAL.</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a> cvedb;
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> * @return a filter that accepts files named Gemfile.lock</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> @Override
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <strong class="jxr_keyword">return</strong> FILTER;
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> }
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment"> * Launch bundle-audit.</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> * @param folder directory that contains bundle audit</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> * @return a handle to the process</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown when there is an issue launching bundle</em>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment"> * audit</em>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <strong class="jxr_keyword">private</strong> Process launchBundleAudit(File folder) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">if</strong> (!folder.isDirectory()) {
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(String.format(<span class="jxr_string">"%s should have been a directory."</span>, folder.getAbsolutePath()));
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> }
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">final</strong> List<String> args = <strong class="jxr_keyword">new</strong> ArrayList<String>();
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">final</strong> String bundleAuditPath = Settings.getString(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH);
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> args.add(<strong class="jxr_keyword">null</strong> == bundleAuditPath ? <span class="jxr_string">"bundle-audit"</span> : bundleAuditPath);
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> args.add(<span class="jxr_string">"check"</span>);
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> args.add(<span class="jxr_string">"--verbose"</span>);
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">final</strong> ProcessBuilder builder = <strong class="jxr_keyword">new</strong> ProcessBuilder(args);
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> builder.directory(folder);
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> LOGGER.info(<span class="jxr_string">"Launching: "</span> + args + <span class="jxr_string">" from "</span> + folder);
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <strong class="jxr_keyword">return</strong> builder.start();
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"bundle-audit failure"</span>, ioe);
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> }
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> }
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> * Initialize the analyzer. In this case, extract GrokAssembly.exe to a</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> * temporary location.</em>
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment"> * @throws Exception if anything goes wrong</em>
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> @Override
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> cvedb = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a>();
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> cvedb.open();
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> LOGGER.warn(<span class="jxr_string">"Exception opening the database"</span>);
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> LOGGER.debug(<span class="jxr_string">"error"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">throw</strong> ex;
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> }
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_comment">// Now, need to see if bundle-audit actually runs from this location.</em>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> Process process = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> process = launchBundleAudit(Settings.getTempDirectory());
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> } <strong class="jxr_keyword">catch</strong> (AnalysisException ae) {
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> LOGGER.warn(<span class="jxr_string">"Exception from bundle-audit process: {}. Disabling {}"</span>, ae.getCause(), ANALYZER_NAME);
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> cvedb.close();
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> cvedb = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">throw</strong> ae;
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> }
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a>
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> exitValue = process.waitFor();
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">if</strong> (0 == exitValue) {
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> LOGGER.warn(<span class="jxr_string">"Unexpected exit code from bundle-audit process. Disabling {}: {}"</span>, ANALYZER_NAME, exitValue);
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Unexpected exit code from bundle-audit process."</span>);
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> BufferedReader reader = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> reader = <strong class="jxr_keyword">new</strong> BufferedReader(<strong class="jxr_keyword">new</strong> InputStreamReader(process.getErrorStream(), <span class="jxr_string">"UTF-8"</span>));
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">if</strong> (!reader.ready()) {
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> LOGGER.warn(<span class="jxr_string">"Bundle-audit error stream unexpectedly not ready. Disabling "</span> + ANALYZER_NAME);
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Bundle-audit error stream unexpectedly not ready."</span>);
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">final</strong> String line = reader.readLine();
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <strong class="jxr_keyword">if</strong> (line == <strong class="jxr_keyword">null</strong> || !line.contains(<span class="jxr_string">"Errno::ENOENT"</span>)) {
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> LOGGER.warn(<span class="jxr_string">"Unexpected bundle-audit output. Disabling {}: {}"</span>, ANALYZER_NAME, line);
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Unexpected bundle-audit output."</span>);
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> }
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> }
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != reader) {
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> reader.close();
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> }
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> }
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> }
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a>
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <strong class="jxr_keyword">if</strong> (isEnabled()) {
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> LOGGER.info(ANALYZER_NAME + <span class="jxr_string">" is enabled. It is necessary to manually run \"bundle-audit update\" "</span>
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> + <span class="jxr_string">"occasionally to keep its database up to date."</span>);
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> }
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> }
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a>
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> @Override
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> }
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a>
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> @Override
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> }
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a>
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's</em>
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <em class="jxr_javadoccomment"> * enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> @Override
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED;
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> }
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a>
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <em class="jxr_javadoccomment"> * If {@link #analyzeFileType(Dependency, Engine)} is called, then we have</em>
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <em class="jxr_javadoccomment"> * successfully initialized, and it will be necessary to disable</em>
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <em class="jxr_javadoccomment"> * {@link RubyGemspecAnalyzer}.</em>
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> needToDisableGemspecAnalyzer = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a>
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> <em class="jxr_javadoccomment"> * Determines if the analyzer can analyze the given file type.</em>
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to determine if it can analyze</em>
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <em class="jxr_javadoccomment"> * @param engine the dependency-check engine</em>
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an analysis exception.</em>
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> @Override
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <strong class="jxr_keyword">if</strong> (needToDisableGemspecAnalyzer) {
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <strong class="jxr_keyword">boolean</strong> failed = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <strong class="jxr_keyword">final</strong> String className = RubyGemspecAnalyzer.<strong class="jxr_keyword">class</strong>.getName();
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">for</strong> (FileTypeAnalyzer analyzer : engine.getFileTypeAnalyzers()) {
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <strong class="jxr_keyword">if</strong> (analyzer instanceof RubyBundlerAnalyzer) {
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> ((<a href="../../../../org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzer.html">RubyBundlerAnalyzer</a>) analyzer).setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> LOGGER.info(<span class="jxr_string">"Disabled "</span> + RubyBundlerAnalyzer.<strong class="jxr_keyword">class</strong>.getName() + <span class="jxr_string">" to avoid noisy duplicate results."</span>);
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (analyzer instanceof RubyGemspecAnalyzer) {
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> ((<a href="../../../../org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.html">RubyGemspecAnalyzer</a>) analyzer).setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> LOGGER.info(<span class="jxr_string">"Disabled "</span> + className + <span class="jxr_string">" to avoid noisy duplicate results."</span>);
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> failed = false;
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> }
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> }
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> <strong class="jxr_keyword">if</strong> (failed) {
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> LOGGER.warn(<span class="jxr_string">"Did not find "</span> + className + '.');
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> }
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> needToDisableGemspecAnalyzer = false;
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> }
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <strong class="jxr_keyword">final</strong> File parentFile = dependency.getActualFile().getParentFile();
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <strong class="jxr_keyword">final</strong> Process process = launchBundleAudit(parentFile);
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> process.waitFor();
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> } <strong class="jxr_keyword">catch</strong> (InterruptedException ie) {
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"bundle-audit process interrupted"</span>, ie);
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> }
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> BufferedReader rdr = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> BufferedReader errReader = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> errReader = <strong class="jxr_keyword">new</strong> BufferedReader(<strong class="jxr_keyword">new</strong> InputStreamReader(process.getErrorStream(), <span class="jxr_string">"UTF-8"</span>));
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> <strong class="jxr_keyword">while</strong> (errReader.ready()) {
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> <strong class="jxr_keyword">final</strong> String error = errReader.readLine();
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> LOGGER.warn(error);
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> }
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> rdr = <strong class="jxr_keyword">new</strong> BufferedReader(<strong class="jxr_keyword">new</strong> InputStreamReader(process.getInputStream(), <span class="jxr_string">"UTF-8"</span>));
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> processBundlerAuditOutput(dependency, engine, rdr);
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> LOGGER.warn(<span class="jxr_string">"bundle-audit failure"</span>, ioe);
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <strong class="jxr_keyword">if</strong> (errReader != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> errReader.close();
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> LOGGER.warn(<span class="jxr_string">"bundle-audit close failure"</span>, ioe);
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> }
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> }
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != rdr) {
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> rdr.close();
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> LOGGER.warn(<span class="jxr_string">"bundle-audit close failure"</span>, ioe);
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> }
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> }
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> }
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a>
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> }
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a>
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <em class="jxr_javadoccomment"> * Processes the bundler audit output.</em>
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <em class="jxr_javadoccomment"> * @param original the dependency</em>
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <em class="jxr_javadoccomment"> * @param engine the dependency-check engine</em>
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_javadoccomment"> * @param rdr the reader of the report</em>
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <em class="jxr_javadoccomment"> * @throws IOException thrown if the report cannot be read.</em>
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> processBundlerAuditOutput(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> original, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine, BufferedReader rdr) <strong class="jxr_keyword">throws</strong> IOException {
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <strong class="jxr_keyword">final</strong> String parentName = original.getActualFile().getParentFile().getName();
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <strong class="jxr_keyword">final</strong> String fileName = original.getFileName();
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <strong class="jxr_keyword">final</strong> String filePath = original.getFilePath();
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> vulnerability = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> String gem = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <strong class="jxr_keyword">final</strong> Map<String, Dependency> map = <strong class="jxr_keyword">new</strong> HashMap<String, Dependency>();
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <strong class="jxr_keyword">boolean</strong> appendToDescription = false;
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <strong class="jxr_keyword">while</strong> (rdr.ready()) {
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> <strong class="jxr_keyword">final</strong> String nextLine = rdr.readLine();
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> == nextLine) {
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextLine.startsWith(NAME)) {
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> appendToDescription = false;
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> gem = nextLine.substring(NAME.length());
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <strong class="jxr_keyword">if</strong> (!map.containsKey(gem)) {
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> map.put(gem, createDependencyForGem(engine, parentName, fileName, filePath, gem));
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> }
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> dependency = map.get(gem);
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> LOGGER.debug(String.format(<span class="jxr_string">"bundle-audit (%s): %s"</span>, parentName, nextLine));
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextLine.startsWith(VERSION)) {
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> vulnerability = createVulnerability(parentName, dependency, gem, nextLine);
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextLine.startsWith(ADVISORY)) {
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> setVulnerabilityName(parentName, dependency, vulnerability, nextLine);
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextLine.startsWith(CRITICALITY)) {
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> addCriticalityToVulnerability(parentName, vulnerability, nextLine);
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextLine.startsWith(<span class="jxr_string">"URL: "</span>)) {
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a> addReferenceToVulnerability(parentName, vulnerability, nextLine);
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextLine.startsWith(<span class="jxr_string">"Description:"</span>)) {
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> appendToDescription = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != vulnerability) {
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> vulnerability.setDescription(<span class="jxr_string">"*** Vulnerability obtained from bundle-audit verbose report. "</span>
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> + <span class="jxr_string">"Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0 "</span>
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> + <span class="jxr_string">" indicates unknown). See link below for full details. *** "</span>);
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a> }
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (appendToDescription) {
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != vulnerability) {
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> vulnerability.setDescription(vulnerability.getDescription() + nextLine + <span class="jxr_string">"\n"</span>);
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a> }
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> }
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> }
|
||||
<a class="jxr_linenumber" name="L342" href="#L342">342</a> }
|
||||
<a class="jxr_linenumber" name="L343" href="#L343">343</a>
|
||||
<a class="jxr_linenumber" name="L344" href="#L344">344</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L345" href="#L345">345</a> <em class="jxr_javadoccomment"> * Sets the vulnerability name.</em>
|
||||
<a class="jxr_linenumber" name="L346" href="#L346">346</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L347" href="#L347">347</a> <em class="jxr_javadoccomment"> * @param parentName the parent name</em>
|
||||
<a class="jxr_linenumber" name="L348" href="#L348">348</a> <em class="jxr_javadoccomment"> * @param dependency the dependency</em>
|
||||
<a class="jxr_linenumber" name="L349" href="#L349">349</a> <em class="jxr_javadoccomment"> * @param vulnerability the vulnerability</em>
|
||||
<a class="jxr_linenumber" name="L350" href="#L350">350</a> <em class="jxr_javadoccomment"> * @param nextLine the line to parse</em>
|
||||
<a class="jxr_linenumber" name="L351" href="#L351">351</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L352" href="#L352">352</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> setVulnerabilityName(String parentName, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> vulnerability, String nextLine) {
|
||||
<a class="jxr_linenumber" name="L353" href="#L353">353</a> <strong class="jxr_keyword">final</strong> String advisory = nextLine.substring((ADVISORY.length()));
|
||||
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != vulnerability) {
|
||||
<a class="jxr_linenumber" name="L355" href="#L355">355</a> vulnerability.setName(advisory);
|
||||
<a class="jxr_linenumber" name="L356" href="#L356">356</a> }
|
||||
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != dependency) {
|
||||
<a class="jxr_linenumber" name="L358" href="#L358">358</a> dependency.getVulnerabilities().add(vulnerability); <em class="jxr_comment">// needed to wait for vulnerability name to avoid NPE</em>
|
||||
<a class="jxr_linenumber" name="L359" href="#L359">359</a> }
|
||||
<a class="jxr_linenumber" name="L360" href="#L360">360</a> LOGGER.debug(String.format(<span class="jxr_string">"bundle-audit (%s): %s"</span>, parentName, nextLine));
|
||||
<a class="jxr_linenumber" name="L361" href="#L361">361</a> }
|
||||
<a class="jxr_linenumber" name="L362" href="#L362">362</a>
|
||||
<a class="jxr_linenumber" name="L363" href="#L363">363</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L364" href="#L364">364</a> <em class="jxr_javadoccomment"> * Adds a reference to the vulnerability.</em>
|
||||
<a class="jxr_linenumber" name="L365" href="#L365">365</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L366" href="#L366">366</a> <em class="jxr_javadoccomment"> * @param parentName the parent name</em>
|
||||
<a class="jxr_linenumber" name="L367" href="#L367">367</a> <em class="jxr_javadoccomment"> * @param vulnerability the vulnerability</em>
|
||||
<a class="jxr_linenumber" name="L368" href="#L368">368</a> <em class="jxr_javadoccomment"> * @param nextLine the line to parse</em>
|
||||
<a class="jxr_linenumber" name="L369" href="#L369">369</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L370" href="#L370">370</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addReferenceToVulnerability(String parentName, <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> vulnerability, String nextLine) {
|
||||
<a class="jxr_linenumber" name="L371" href="#L371">371</a> <strong class="jxr_keyword">final</strong> String url = nextLine.substring((<span class="jxr_string">"URL: "</span>).length());
|
||||
<a class="jxr_linenumber" name="L372" href="#L372">372</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != vulnerability) {
|
||||
<a class="jxr_linenumber" name="L373" href="#L373">373</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Reference.html">Reference</a> ref = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Reference.html">Reference</a>();
|
||||
<a class="jxr_linenumber" name="L374" href="#L374">374</a> ref.setName(vulnerability.getName());
|
||||
<a class="jxr_linenumber" name="L375" href="#L375">375</a> ref.setSource(<span class="jxr_string">"bundle-audit"</span>);
|
||||
<a class="jxr_linenumber" name="L376" href="#L376">376</a> ref.setUrl(url);
|
||||
<a class="jxr_linenumber" name="L377" href="#L377">377</a> vulnerability.getReferences().add(ref);
|
||||
<a class="jxr_linenumber" name="L378" href="#L378">378</a> }
|
||||
<a class="jxr_linenumber" name="L379" href="#L379">379</a> LOGGER.debug(String.format(<span class="jxr_string">"bundle-audit (%s): %s"</span>, parentName, nextLine));
|
||||
<a class="jxr_linenumber" name="L380" href="#L380">380</a> }
|
||||
<a class="jxr_linenumber" name="L381" href="#L381">381</a>
|
||||
<a class="jxr_linenumber" name="L382" href="#L382">382</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L383" href="#L383">383</a> <em class="jxr_javadoccomment"> * Adds the criticality to the vulnerability</em>
|
||||
<a class="jxr_linenumber" name="L384" href="#L384">384</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L385" href="#L385">385</a> <em class="jxr_javadoccomment"> * @param parentName the parent name</em>
|
||||
<a class="jxr_linenumber" name="L386" href="#L386">386</a> <em class="jxr_javadoccomment"> * @param vulnerability the vulnerability</em>
|
||||
<a class="jxr_linenumber" name="L387" href="#L387">387</a> <em class="jxr_javadoccomment"> * @param nextLine the line to parse</em>
|
||||
<a class="jxr_linenumber" name="L388" href="#L388">388</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L389" href="#L389">389</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addCriticalityToVulnerability(String parentName, <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> vulnerability, String nextLine) {
|
||||
<a class="jxr_linenumber" name="L390" href="#L390">390</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != vulnerability) {
|
||||
<a class="jxr_linenumber" name="L391" href="#L391">391</a> <strong class="jxr_keyword">final</strong> String criticality = nextLine.substring(CRITICALITY.length()).trim();
|
||||
<a class="jxr_linenumber" name="L392" href="#L392">392</a> <strong class="jxr_keyword">float</strong> score = -1.0f;
|
||||
<a class="jxr_linenumber" name="L393" href="#L393">393</a> <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> v = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L394" href="#L394">394</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L395" href="#L395">395</a> v = cvedb.getVulnerability(vulnerability.getName());
|
||||
<a class="jxr_linenumber" name="L396" href="#L396">396</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
||||
<a class="jxr_linenumber" name="L397" href="#L397">397</a> LOGGER.debug(<span class="jxr_string">"Unable to look up vulnerability {}"</span>, vulnerability.getName());
|
||||
<a class="jxr_linenumber" name="L398" href="#L398">398</a> }
|
||||
<a class="jxr_linenumber" name="L399" href="#L399">399</a> <strong class="jxr_keyword">if</strong> (v != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L400" href="#L400">400</a> score = v.getCvssScore();
|
||||
<a class="jxr_linenumber" name="L401" href="#L401">401</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"High"</span>.equalsIgnoreCase(criticality)) {
|
||||
<a class="jxr_linenumber" name="L402" href="#L402">402</a> score = 8.5f;
|
||||
<a class="jxr_linenumber" name="L403" href="#L403">403</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"Medium"</span>.equalsIgnoreCase(criticality)) {
|
||||
<a class="jxr_linenumber" name="L404" href="#L404">404</a> score = 5.5f;
|
||||
<a class="jxr_linenumber" name="L405" href="#L405">405</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"Low"</span>.equalsIgnoreCase(criticality)) {
|
||||
<a class="jxr_linenumber" name="L406" href="#L406">406</a> score = 2.0f;
|
||||
<a class="jxr_linenumber" name="L407" href="#L407">407</a> }
|
||||
<a class="jxr_linenumber" name="L408" href="#L408">408</a> vulnerability.setCvssScore(score);
|
||||
<a class="jxr_linenumber" name="L409" href="#L409">409</a> }
|
||||
<a class="jxr_linenumber" name="L410" href="#L410">410</a> LOGGER.debug(String.format(<span class="jxr_string">"bundle-audit (%s): %s"</span>, parentName, nextLine));
|
||||
<a class="jxr_linenumber" name="L411" href="#L411">411</a> }
|
||||
<a class="jxr_linenumber" name="L412" href="#L412">412</a>
|
||||
<a class="jxr_linenumber" name="L413" href="#L413">413</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L414" href="#L414">414</a> <em class="jxr_javadoccomment"> * Creates a vulnerability.</em>
|
||||
<a class="jxr_linenumber" name="L415" href="#L415">415</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L416" href="#L416">416</a> <em class="jxr_javadoccomment"> * @param parentName the parent name</em>
|
||||
<a class="jxr_linenumber" name="L417" href="#L417">417</a> <em class="jxr_javadoccomment"> * @param dependency the dependency</em>
|
||||
<a class="jxr_linenumber" name="L418" href="#L418">418</a> <em class="jxr_javadoccomment"> * @param gem the gem name</em>
|
||||
<a class="jxr_linenumber" name="L419" href="#L419">419</a> <em class="jxr_javadoccomment"> * @param nextLine the line to parse</em>
|
||||
<a class="jxr_linenumber" name="L420" href="#L420">420</a> <em class="jxr_javadoccomment"> * @return the vulnerability</em>
|
||||
<a class="jxr_linenumber" name="L421" href="#L421">421</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L422" href="#L422">422</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> createVulnerability(String parentName, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, String gem, String nextLine) {
|
||||
<a class="jxr_linenumber" name="L423" href="#L423">423</a> <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> vulnerability = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L424" href="#L424">424</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != dependency) {
|
||||
<a class="jxr_linenumber" name="L425" href="#L425">425</a> <strong class="jxr_keyword">final</strong> String version = nextLine.substring(VERSION.length());
|
||||
<a class="jxr_linenumber" name="L426" href="#L426">426</a> dependency.getVersionEvidence().addEvidence(
|
||||
<a class="jxr_linenumber" name="L427" href="#L427">427</a> <span class="jxr_string">"bundler-audit"</span>,
|
||||
<a class="jxr_linenumber" name="L428" href="#L428">428</a> <span class="jxr_string">"Version"</span>,
|
||||
<a class="jxr_linenumber" name="L429" href="#L429">429</a> version,
|
||||
<a class="jxr_linenumber" name="L430" href="#L430">430</a> Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L431" href="#L431">431</a> vulnerability = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a>(); <em class="jxr_comment">// don't add to dependency until we have name set later</em>
|
||||
<a class="jxr_linenumber" name="L432" href="#L432">432</a> vulnerability.setMatchedCPE(
|
||||
<a class="jxr_linenumber" name="L433" href="#L433">433</a> String.format(<span class="jxr_string">"cpe:/a:%1$s_project:%1$s:%2$s::~~~ruby~~"</span>, gem, version),
|
||||
<a class="jxr_linenumber" name="L434" href="#L434">434</a> <strong class="jxr_keyword">null</strong>);
|
||||
<a class="jxr_linenumber" name="L435" href="#L435">435</a> vulnerability.setCvssAccessVector(<span class="jxr_string">"-"</span>);
|
||||
<a class="jxr_linenumber" name="L436" href="#L436">436</a> vulnerability.setCvssAccessComplexity(<span class="jxr_string">"-"</span>);
|
||||
<a class="jxr_linenumber" name="L437" href="#L437">437</a> vulnerability.setCvssAuthentication(<span class="jxr_string">"-"</span>);
|
||||
<a class="jxr_linenumber" name="L438" href="#L438">438</a> vulnerability.setCvssAvailabilityImpact(<span class="jxr_string">"-"</span>);
|
||||
<a class="jxr_linenumber" name="L439" href="#L439">439</a> vulnerability.setCvssConfidentialityImpact(<span class="jxr_string">"-"</span>);
|
||||
<a class="jxr_linenumber" name="L440" href="#L440">440</a> vulnerability.setCvssIntegrityImpact(<span class="jxr_string">"-"</span>);
|
||||
<a class="jxr_linenumber" name="L441" href="#L441">441</a> }
|
||||
<a class="jxr_linenumber" name="L442" href="#L442">442</a> LOGGER.debug(String.format(<span class="jxr_string">"bundle-audit (%s): %s"</span>, parentName, nextLine));
|
||||
<a class="jxr_linenumber" name="L443" href="#L443">443</a> <strong class="jxr_keyword">return</strong> vulnerability;
|
||||
<a class="jxr_linenumber" name="L444" href="#L444">444</a> }
|
||||
<a class="jxr_linenumber" name="L445" href="#L445">445</a>
|
||||
<a class="jxr_linenumber" name="L446" href="#L446">446</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L447" href="#L447">447</a> <em class="jxr_javadoccomment"> * Creates the dependency based off of the gem.</em>
|
||||
<a class="jxr_linenumber" name="L448" href="#L448">448</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L449" href="#L449">449</a> <em class="jxr_javadoccomment"> * @param engine the engine used for scanning</em>
|
||||
<a class="jxr_linenumber" name="L450" href="#L450">450</a> <em class="jxr_javadoccomment"> * @param parentName the gem parent</em>
|
||||
<a class="jxr_linenumber" name="L451" href="#L451">451</a> <em class="jxr_javadoccomment"> * @param fileName the file name</em>
|
||||
<a class="jxr_linenumber" name="L452" href="#L452">452</a> <em class="jxr_javadoccomment"> * @param filePath the file path</em>
|
||||
<a class="jxr_linenumber" name="L453" href="#L453">453</a> <em class="jxr_javadoccomment"> * @param gem the gem name</em>
|
||||
<a class="jxr_linenumber" name="L454" href="#L454">454</a> <em class="jxr_javadoccomment"> * @return the dependency to add</em>
|
||||
<a class="jxr_linenumber" name="L455" href="#L455">455</a> <em class="jxr_javadoccomment"> * @throws IOException thrown if a temporary gem file could not be written</em>
|
||||
<a class="jxr_linenumber" name="L456" href="#L456">456</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L457" href="#L457">457</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> createDependencyForGem(<a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine, String parentName, String fileName, String filePath, String gem) <strong class="jxr_keyword">throws</strong> IOException {
|
||||
<a class="jxr_linenumber" name="L458" href="#L458">458</a> <strong class="jxr_keyword">final</strong> File gemFile = <strong class="jxr_keyword">new</strong> File(Settings.getTempDirectory(), gem + <span class="jxr_string">"_Gemfile.lock"</span>);
|
||||
<a class="jxr_linenumber" name="L459" href="#L459">459</a> gemFile.createNewFile();
|
||||
<a class="jxr_linenumber" name="L460" href="#L460">460</a> <strong class="jxr_keyword">final</strong> String displayFileName = String.format(<span class="jxr_string">"%s%c%s:%s"</span>, parentName, File.separatorChar, fileName, gem);
|
||||
<a class="jxr_linenumber" name="L461" href="#L461">461</a>
|
||||
<a class="jxr_linenumber" name="L462" href="#L462">462</a> FileUtils.write(gemFile, displayFileName, Charset.defaultCharset()); <em class="jxr_comment">// unique contents to avoid dependency bundling</em>
|
||||
<a class="jxr_linenumber" name="L463" href="#L463">463</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(gemFile);
|
||||
<a class="jxr_linenumber" name="L464" href="#L464">464</a> dependency.getProductEvidence().addEvidence(<span class="jxr_string">"bundler-audit"</span>, <span class="jxr_string">"Name"</span>, gem, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L465" href="#L465">465</a> dependency.setDisplayFileName(displayFileName);
|
||||
<a class="jxr_linenumber" name="L466" href="#L466">466</a> dependency.setFileName(fileName);
|
||||
<a class="jxr_linenumber" name="L467" href="#L467">467</a> dependency.setFilePath(filePath);
|
||||
<a class="jxr_linenumber" name="L468" href="#L468">468</a> engine.getDependencies().add(dependency);
|
||||
<a class="jxr_linenumber" name="L469" href="#L469">469</a> <strong class="jxr_keyword">return</strong> dependency;
|
||||
<a class="jxr_linenumber" name="L470" href="#L470">470</a> }
|
||||
<a class="jxr_linenumber" name="L471" href="#L471">471</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
152
xref/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzer.html
Normal file
152
xref/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzer.html
Normal file
@@ -0,0 +1,152 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head><meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>RubyBundlerAnalyzer xref</title>
|
||||
<link type="text/css" rel="stylesheet" href="../../../../stylesheet.css" />
|
||||
</head>
|
||||
<body>
|
||||
<div id="overview"><a href="../../../../../apidocs/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzer.html">View Javadoc</a></div><pre>
|
||||
<a class="jxr_linenumber" name="L1" href="#L1">1</a> <em class="jxr_comment">/*</em>
|
||||
<a class="jxr_linenumber" name="L2" href="#L2">2</a> <em class="jxr_comment"> * This file is part of dependency-check-core.</em>
|
||||
<a class="jxr_linenumber" name="L3" href="#L3">3</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L4" href="#L4">4</a> <em class="jxr_comment"> * Licensed under the Apache License, Version 2.0 (the "License");</em>
|
||||
<a class="jxr_linenumber" name="L5" href="#L5">5</a> <em class="jxr_comment"> * you may not use this file except in compliance with the License.</em>
|
||||
<a class="jxr_linenumber" name="L6" href="#L6">6</a> <em class="jxr_comment"> * You may obtain a copy of the License at</em>
|
||||
<a class="jxr_linenumber" name="L7" href="#L7">7</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L8" href="#L8">8</a> <em class="jxr_comment"> * <a href="http://www.apache.org/licenses/LICENSE-2." target="alexandria_uri">http://www.apache.org/licenses/LICENSE-2.</a>0</em>
|
||||
<a class="jxr_linenumber" name="L9" href="#L9">9</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L10" href="#L10">10</a> <em class="jxr_comment"> * Unless required by applicable law or agreed to in writing, software</em>
|
||||
<a class="jxr_linenumber" name="L11" href="#L11">11</a> <em class="jxr_comment"> * distributed under the License is distributed on an "AS IS" BASIS,</em>
|
||||
<a class="jxr_linenumber" name="L12" href="#L12">12</a> <em class="jxr_comment"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</em>
|
||||
<a class="jxr_linenumber" name="L13" href="#L13">13</a> <em class="jxr_comment"> * See the License for the specific language governing permissions and</em>
|
||||
<a class="jxr_linenumber" name="L14" href="#L14">14</a> <em class="jxr_comment"> * limitations under the License.</em>
|
||||
<a class="jxr_linenumber" name="L15" href="#L15">15</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L16" href="#L16">16</a> <em class="jxr_comment"> * Copyright (c) 2016 Bianca Jiang. All Rights Reserved.</em>
|
||||
<a class="jxr_linenumber" name="L17" href="#L17">17</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L18" href="#L18">18</a> <strong class="jxr_keyword">package</strong> org.owasp.dependencycheck.analyzer;
|
||||
<a class="jxr_linenumber" name="L19" href="#L19">19</a>
|
||||
<a class="jxr_linenumber" name="L20" href="#L20">20</a> <strong class="jxr_keyword">import</strong> java.io.File;
|
||||
<a class="jxr_linenumber" name="L21" href="#L21">21</a> <strong class="jxr_keyword">import</strong> java.io.FilenameFilter;
|
||||
<a class="jxr_linenumber" name="L22" href="#L22">22</a>
|
||||
<a class="jxr_linenumber" name="L23" href="#L23">23</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.Engine;
|
||||
<a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
|
||||
<a class="jxr_linenumber" name="L26" href="#L26">26</a>
|
||||
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <em class="jxr_javadoccomment"> * This analyzer accepts the fully resolved .gemspec created by the Ruby bundler</em>
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <em class="jxr_javadoccomment"> * (<a href="http://bundler.io)" target="alexandria_uri">http://bundler.io)</a> for better evidence results. It also tries to resolve the</em>
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <em class="jxr_javadoccomment"> * dependency packagePath to where the gem is actually installed. Then during {@link org.owasp.dependencycheck.analyzer.AnalysisPhase#PRE_FINDING_ANALYSIS}</em>
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <em class="jxr_javadoccomment"> * {@link DependencyBundlingAnalyzer} will merge two .gemspec dependencies</em>
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <em class="jxr_javadoccomment"> * together if <code>Dependency.getPackagePath()</code> are the same.</em>
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <em class="jxr_javadoccomment"> * Ruby bundler creates new .gemspec files under a folder called</em>
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <em class="jxr_javadoccomment"> * "specifications" at deploy time, in addition to the original .gemspec files</em>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment"> * from source. The bundler generated .gemspec files always contain fully</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> * resolved attributes thus provide more accurate evidences, whereas the</em>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> * original .gemspec from source often contain variables for attributes that</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> * can't be used for evidences.</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * Note this analyzer share the same</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> * {@link org.owasp.dependencycheck.utils.Settings.KEYS#ANALYZER_RUBY_GEMSPEC_ENABLED} as</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * {@link RubyGemspecAnalyzer}, so it will enabled/disabled with</em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> * {@link RubyGemspecAnalyzer}.</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> * @author Bianca Jiang (biancajiang@gmail.com)</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> @Experimental
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzer.html">RubyBundlerAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.html">RubyGemspecAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Ruby Bundler Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> * Folder name that contains .gemspec files created by "bundle install"</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String SPECIFICATIONS = <span class="jxr_string">"specifications"</span>;
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> * Folder name that contains the gems by "bundle install"</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String GEMS = <span class="jxr_string">"gems"</span>;
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> @Override
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> }
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> * Only accept *.gemspec files generated by "bundle install --deployment"</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * under "specifications" folder.</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> * @param pathname the path name to test</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * @return true if the analyzer can process the given file; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> @Override
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> accept(File pathname) {
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <strong class="jxr_keyword">boolean</strong> accepted = <strong class="jxr_keyword">super</strong>.accept(pathname);
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">if</strong> (accepted) {
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">final</strong> File parentDir = pathname.getParentFile();
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> accepted = parentDir != <strong class="jxr_keyword">null</strong> && parentDir.getName().equals(SPECIFICATIONS);
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> }
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">return</strong> accepted;
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> }
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> @Override
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">super</strong>.analyzeFileType(dependency, engine);
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_comment">//find the corresponding gem folder for this .gemspec stub by "bundle install --deployment"</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <strong class="jxr_keyword">final</strong> File gemspecFile = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <strong class="jxr_keyword">final</strong> String gemFileName = gemspecFile.getName();
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <strong class="jxr_keyword">final</strong> String gemName = gemFileName.substring(0, gemFileName.lastIndexOf(<span class="jxr_string">".gemspec"</span>));
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <strong class="jxr_keyword">final</strong> File specificationsDir = gemspecFile.getParentFile();
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <strong class="jxr_keyword">if</strong> (specificationsDir != <strong class="jxr_keyword">null</strong> && specificationsDir.getName().equals(SPECIFICATIONS) && specificationsDir.exists()) {
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <strong class="jxr_keyword">final</strong> File parentDir = specificationsDir.getParentFile();
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">if</strong> (parentDir != <strong class="jxr_keyword">null</strong> && parentDir.exists()) {
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">final</strong> File gemsDir = <strong class="jxr_keyword">new</strong> File(parentDir, GEMS);
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">if</strong> (gemsDir.exists()) {
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">final</strong> File[] matchingFiles = gemsDir.listFiles(<strong class="jxr_keyword">new</strong> FilenameFilter() {
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> accept(File dir, String name) {
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">return</strong> name.equals(gemName);
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> }
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> });
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <strong class="jxr_keyword">if</strong> (matchingFiles != <strong class="jxr_keyword">null</strong> && matchingFiles.length > 0) {
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <strong class="jxr_keyword">final</strong> String gemPath = matchingFiles[0].getAbsolutePath();
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <strong class="jxr_keyword">if</strong> (dependency.getActualFilePath().equals(dependency.getFilePath())) {
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <strong class="jxr_keyword">if</strong> (gemPath != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> dependency.setPackagePath(gemPath);
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> }
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <em class="jxr_comment">//.gemspec's actualFilePath and filePath are different when it's from a compressed file</em>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_comment">//in which case actualFilePath is the temp directory used by decompression.</em>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_comment">//packagePath should use the filePath of the identified gem file in "gems" folder</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">final</strong> File gemspecStub = <strong class="jxr_keyword">new</strong> File(dependency.getFilePath());
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <strong class="jxr_keyword">final</strong> File specDir = gemspecStub.getParentFile();
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <strong class="jxr_keyword">if</strong> (specDir != <strong class="jxr_keyword">null</strong> && specDir.getName().equals(SPECIFICATIONS)) {
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">final</strong> File gemsDir2 = <strong class="jxr_keyword">new</strong> File(specDir.getParentFile(), GEMS);
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <strong class="jxr_keyword">final</strong> File packageDir = <strong class="jxr_keyword">new</strong> File(gemsDir2, gemName);
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> dependency.setPackagePath(packageDir.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> }
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> }
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> }
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> }
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> }
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> }
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> }
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
</body>
|
||||
</html>
|
||||
@@ -25,148 +25,231 @@
|
||||
<a class="jxr_linenumber" name="L17" href="#L17">17</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L18" href="#L18">18</a> <strong class="jxr_keyword">package</strong> org.owasp.dependencycheck.analyzer;
|
||||
<a class="jxr_linenumber" name="L19" href="#L19">19</a>
|
||||
<a class="jxr_linenumber" name="L20" href="#L20">20</a> <strong class="jxr_keyword">import</strong> org.apache.commons.io.FileUtils;
|
||||
<a class="jxr_linenumber" name="L21" href="#L21">21</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.Engine;
|
||||
<a class="jxr_linenumber" name="L22" href="#L22">22</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||
<a class="jxr_linenumber" name="L23" href="#L23">23</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Confidence;
|
||||
<a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
|
||||
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.EvidenceCollection;
|
||||
<a class="jxr_linenumber" name="L26" href="#L26">26</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.FileFilterBuilder;
|
||||
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
|
||||
<a class="jxr_linenumber" name="L20" href="#L20">20</a> <strong class="jxr_keyword">import</strong> java.io.File;
|
||||
<a class="jxr_linenumber" name="L21" href="#L21">21</a> <strong class="jxr_keyword">import</strong> java.io.FileFilter;
|
||||
<a class="jxr_linenumber" name="L22" href="#L22">22</a> <strong class="jxr_keyword">import</strong> java.io.FilenameFilter;
|
||||
<a class="jxr_linenumber" name="L23" href="#L23">23</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
|
||||
<a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> java.nio.charset.Charset;
|
||||
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> java.util.List;
|
||||
<a class="jxr_linenumber" name="L26" href="#L26">26</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
|
||||
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
|
||||
<a class="jxr_linenumber" name="L28" href="#L28">28</a>
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> java.io.FileFilter;
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a>
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <em class="jxr_javadoccomment"> * Used to analyze Ruby Gem specifications and collect information that can be used to determine the associated CPE. Regular</em>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment"> * expressions are used to parse the well-defined Ruby syntax that forms the specification.</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.html">RubyGemspecAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Ruby Gemspec Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String GEMSPEC = <span class="jxr_string">"gemspec"</span>;
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> = FileFilterBuilder.newInstance().addExtensions(GEMSPEC).addFilenames(<span class="jxr_string">"Rakefile"</span>).build();
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String EMAIL = <span class="jxr_string">"email"</span>;
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> org.apache.commons.io.FileUtils;
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.Engine;
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Confidence;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.EvidenceCollection;
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.FileFilterBuilder;
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> org.slf4j.Logger;
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> org.slf4j.LoggerFactory;
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * Used to analyze Ruby Gem specifications and collect information that can be</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> * used to determine the associated CPE. Regular expressions are used to parse</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * the well-defined Ruby syntax that forms the specification.</em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> @Experimental
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.html">RubyGemspecAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(RubyGemspecAnalyzer.<strong class="jxr_keyword">class</strong>);
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Ruby Gemspec Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment"> * @return a filter that accepts files named Rakefile or matching the glob pattern, *.gemspec</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> @Override
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">return</strong> FILTER;
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> }
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> @Override
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_comment">// NO-OP</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> }
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> @Override
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> }
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment"> * The gemspec file extension.</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String GEMSPEC = <span class="jxr_string">"gemspec"</span>;
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> * The file filter containing the list of file extensions that can be</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> * analyzed.</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(GEMSPEC).build();
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_comment">//TODO: support Rakefile</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_comment">//= FileFilterBuilder.newInstance().addExtensions(GEMSPEC).addFilenames("Rakefile").build();</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * The name of the version file.</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String VERSION_FILE_NAME = <span class="jxr_string">"VERSION"</span>;
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> @Override
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> }
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> @Override
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED;
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> }
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> * The capture group #1 is the block variable.</em>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern GEMSPEC_BLOCK_INIT
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> = Pattern.compile(<span class="jxr_string">"Gem::Specification\\.new\\s+?do\\s+?\\|(.+?)\\|"</span>);
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> @Override
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> String contents;
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> contents = FileUtils.readFileToString(dependency.getActualFile());
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> }
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <strong class="jxr_keyword">final</strong> Matcher matcher = GEMSPEC_BLOCK_INIT.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <strong class="jxr_keyword">if</strong> (matcher.find()) {
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> contents = contents.substring(matcher.end());
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">final</strong> String blockVariable = matcher.group(1);
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendor = dependency.getVendorEvidence();
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> addStringEvidence(vendor, contents, blockVariable, <span class="jxr_string">"author"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> addListEvidence(vendor, contents, blockVariable, <span class="jxr_string">"authors"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <strong class="jxr_keyword">final</strong> String email = addStringEvidence(vendor, contents, blockVariable, EMAIL, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">if</strong> (email.isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> addListEvidence(vendor, contents, blockVariable, EMAIL, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> }
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> addStringEvidence(vendor, contents, blockVariable, <span class="jxr_string">"homepage"</span>, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> product = dependency.getProductEvidence();
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <strong class="jxr_keyword">final</strong> String name = addStringEvidence(product, contents, blockVariable, <span class="jxr_string">"name"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">if</strong> (!name.isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> vendor.addEvidence(GEMSPEC, <span class="jxr_string">"name_project"</span>, name + <span class="jxr_string">"_project"</span>, Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> }
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> addStringEvidence(product, contents, blockVariable, <span class="jxr_string">"summary"</span>, Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> addStringEvidence(dependency.getVersionEvidence(), contents, blockVariable, <span class="jxr_string">"version"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> }
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> }
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a>
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addListEvidence(<a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidences, String contents,
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> String blockVariable, String field, <a href="../../../../org/owasp/dependencycheck/dependency/Confidence.html">Confidence</a> confidence) {
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <strong class="jxr_keyword">final</strong> Matcher matcher = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> String.format(<span class="jxr_string">"\\s+?%s\\.%s\\s*?=\\s*?\\[(.*?)\\]"</span>, blockVariable, field)).matcher(contents);
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <strong class="jxr_keyword">if</strong> (matcher.find()) {
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <strong class="jxr_keyword">final</strong> String value = matcher.group(1).replaceAll(<span class="jxr_string">"['\"]"</span>, <span class="jxr_string">" "</span>).trim();
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> evidences.addEvidence(GEMSPEC, field, value, confidence);
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> }
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> }
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a>
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <strong class="jxr_keyword">private</strong> String addStringEvidence(<a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidences, String contents,
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> String blockVariable, String field, <a href="../../../../org/owasp/dependencycheck/dependency/Confidence.html">Confidence</a> confidence) {
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">final</strong> Matcher matcher = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> String.format(<span class="jxr_string">"\\s+?%s\\.%s\\s*?=\\s*?(['\"])(.*?)\\1"</span>, blockVariable, field)).matcher(contents);
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> String value = <span class="jxr_string">""</span>;
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">if</strong> (matcher.find()) {
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> value = matcher.group(2);
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> evidences.addEvidence(GEMSPEC, field, value, confidence);
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> }
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">return</strong> value;
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> }
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> }
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> * @return a filter that accepts files matching the glob pattern, *.gemspec</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> @Override
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">return</strong> FILTER;
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> }
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> @Override
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_comment">// NO-OP</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> }
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> @Override
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> }
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> @Override
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> }
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's</em>
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment"> * enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> @Override
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED;
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> }
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> * The capture group #1 is the block variable.</em>
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern GEMSPEC_BLOCK_INIT = Pattern.compile(<span class="jxr_string">"Gem::Specification\\.new\\s+?do\\s+?\\|(.+?)\\|"</span>);
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a>
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> @Override
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> String contents;
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> }
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">final</strong> Matcher matcher = GEMSPEC_BLOCK_INIT.matcher(contents);
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <strong class="jxr_keyword">if</strong> (matcher.find()) {
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> contents = contents.substring(matcher.end());
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <strong class="jxr_keyword">final</strong> String blockVariable = matcher.group(1);
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendor = dependency.getVendorEvidence();
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> product = dependency.getProductEvidence();
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <strong class="jxr_keyword">final</strong> String name = addStringEvidence(product, contents, blockVariable, <span class="jxr_string">"name"</span>, <span class="jxr_string">"name"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">if</strong> (!name.isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> vendor.addEvidence(GEMSPEC, <span class="jxr_string">"name_project"</span>, name + <span class="jxr_string">"_project"</span>, Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> }
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> addStringEvidence(product, contents, blockVariable, <span class="jxr_string">"summary"</span>, <span class="jxr_string">"summary"</span>, Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a>
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> addStringEvidence(vendor, contents, blockVariable, <span class="jxr_string">"author"</span>, <span class="jxr_string">"authors?"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> addStringEvidence(vendor, contents, blockVariable, <span class="jxr_string">"email"</span>, <span class="jxr_string">"emails?"</span>, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> addStringEvidence(vendor, contents, blockVariable, <span class="jxr_string">"homepage"</span>, <span class="jxr_string">"homepage"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> addStringEvidence(vendor, contents, blockVariable, <span class="jxr_string">"license"</span>, <span class="jxr_string">"licen[cs]es?"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">final</strong> String value = addStringEvidence(dependency.getVersionEvidence(), contents,
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> blockVariable, <span class="jxr_string">"version"</span>, <span class="jxr_string">"version"</span>, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">if</strong> (value.length() < 1) {
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> addEvidenceFromVersionFile(dependency.getActualFile(), dependency.getVersionEvidence());
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> }
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> }
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a>
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> setPackagePath(dependency);
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> }
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a>
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <em class="jxr_javadoccomment"> * Adds the specified evidence to the given evidence collection.</em>
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment"> * @param evidences the collection to add the evidence to</em>
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment"> * @param contents the evidence contents</em>
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment"> * @param blockVariable the variable</em>
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_javadoccomment"> * @param field the field</em>
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <em class="jxr_javadoccomment"> * @param fieldPattern the field pattern</em>
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <em class="jxr_javadoccomment"> * @param confidence the confidence of the evidence</em>
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <em class="jxr_javadoccomment"> * @return the evidence string value added</em>
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">private</strong> String addStringEvidence(<a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidences, String contents,
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> String blockVariable, String field, String fieldPattern, <a href="../../../../org/owasp/dependencycheck/dependency/Confidence.html">Confidence</a> confidence) {
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> String value = <span class="jxr_string">""</span>;
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a>
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <em class="jxr_comment">//capture array value between [ ]</em>
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <strong class="jxr_keyword">final</strong> Matcher arrayMatcher = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> String.format(<span class="jxr_string">"\\s*?%s\\.%s\\s*?=\\s*?\\[(.*?)\\]"</span>, blockVariable, fieldPattern), Pattern.CASE_INSENSITIVE).matcher(contents);
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <strong class="jxr_keyword">if</strong> (arrayMatcher.find()) {
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <strong class="jxr_keyword">final</strong> String arrayValue = arrayMatcher.group(1);
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> value = arrayValue.replaceAll(<span class="jxr_string">"['\"]"</span>, <span class="jxr_string">""</span>).trim(); <em class="jxr_comment">//strip quotes</em>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> } <strong class="jxr_keyword">else</strong> { <em class="jxr_comment">//capture single value between quotes</em>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <strong class="jxr_keyword">final</strong> Matcher matcher = Pattern.compile(
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> String.format(<span class="jxr_string">"\\s*?%s\\.%s\\s*?=\\s*?(['\"])(.*?)\\1"</span>, blockVariable, fieldPattern), Pattern.CASE_INSENSITIVE).matcher(contents);
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <strong class="jxr_keyword">if</strong> (matcher.find()) {
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> value = matcher.group(2);
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> }
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> }
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">if</strong> (value.length() > 0) {
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> evidences.addEvidence(GEMSPEC, field, value, confidence);
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> }
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a>
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <strong class="jxr_keyword">return</strong> value;
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> }
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a>
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <em class="jxr_javadoccomment"> * Adds evidence from the version file.</em>
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <em class="jxr_javadoccomment"> * @param dependencyFile the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <em class="jxr_javadoccomment"> * @param versionEvidences the version evidence</em>
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addEvidenceFromVersionFile(File dependencyFile, <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> versionEvidences) {
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <strong class="jxr_keyword">final</strong> File parentDir = dependencyFile.getParentFile();
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <strong class="jxr_keyword">if</strong> (parentDir != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <strong class="jxr_keyword">final</strong> File[] matchingFiles = parentDir.listFiles(<strong class="jxr_keyword">new</strong> FilenameFilter() {
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> accept(File dir, String name) {
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <strong class="jxr_keyword">return</strong> name.contains(VERSION_FILE_NAME);
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> }
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> });
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">for</strong> (File f : matchingFiles) {
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <strong class="jxr_keyword">final</strong> List<String> lines = FileUtils.readLines(f, Charset.defaultCharset());
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">if</strong> (lines.size() == 1) { <em class="jxr_comment">//TODO other checking?</em>
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <strong class="jxr_keyword">final</strong> String value = lines.get(0).trim();
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> versionEvidences.addEvidence(GEMSPEC, <span class="jxr_string">"version"</span>, value, Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> }
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> LOGGER.debug(<span class="jxr_string">"Error reading gemspec"</span>, e);
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> }
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> }
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> }
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> }
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a>
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <em class="jxr_javadoccomment"> * Sets the package path on the dependency.</em>
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <em class="jxr_javadoccomment"> * @param dep the dependency to alter</em>
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> setPackagePath(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dep) {
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(dep.getFilePath());
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">final</strong> String parent = file.getParent();
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <strong class="jxr_keyword">if</strong> (parent != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> dep.setPackagePath(parent);
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> }
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> }
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check 1.3.6 Reference Package org.owasp.dependencycheck.analyzer.exception</title>
|
||||
<title>Dependency-Check 1.4.0 Reference Package org.owasp.dependencycheck.analyzer.exception</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check 1.3.6 Reference Package org.owasp.dependencycheck.analyzer.exception</title>
|
||||
<title>Dependency-Check 1.4.0 Reference Package org.owasp.dependencycheck.analyzer.exception</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check 1.3.6 Reference Package org.owasp.dependencycheck.analyzer</title>
|
||||
<title>Dependency-Check 1.4.0 Reference Package org.owasp.dependencycheck.analyzer</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
@@ -62,6 +62,9 @@
|
||||
</li>
|
||||
<li>
|
||||
<a href="DependencyBundlingAnalyzer.html" target="classFrame">DependencyBundlingAnalyzer</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="Experimental.html" target="classFrame">Experimental</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="FalsePositiveAnalyzer.html" target="classFrame">FalsePositiveAnalyzer</a>
|
||||
@@ -107,6 +110,9 @@
|
||||
</li>
|
||||
<li>
|
||||
<a href="RubyBundleAuditAnalyzer.html" target="classFrame">RubyBundleAuditAnalyzer</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="RubyBundlerAnalyzer.html" target="classFrame">RubyBundlerAnalyzer</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="RubyGemspecAnalyzer.html" target="classFrame">RubyGemspecAnalyzer</a>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check 1.3.6 Reference Package org.owasp.dependencycheck.analyzer</title>
|
||||
<title>Dependency-Check 1.4.0 Reference Package org.owasp.dependencycheck.analyzer</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
@@ -114,6 +114,11 @@
|
||||
<td>
|
||||
<a href="DependencyBundlingAnalyzer.html" target="classFrame">DependencyBundlingAnalyzer</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="Experimental.html" target="classFrame">Experimental</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
@@ -189,6 +194,11 @@
|
||||
<td>
|
||||
<a href="RubyBundleAuditAnalyzer.html" target="classFrame">RubyBundleAuditAnalyzer</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="RubyBundlerAnalyzer.html" target="classFrame">RubyBundlerAnalyzer</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
|
||||
Reference in New Issue
Block a user