diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java index bbabe8f64..af3716973 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java @@ -47,8 +47,8 @@ public final class UrlStringUtils { private static final Pattern IS_URL_TEST = Pattern.compile("^(ht|f)tps?://.*", Pattern.CASE_INSENSITIVE); /** - * Tests if the text provided contains a URL. This is somewhat limited search in that it only looks for - * (ftp|http|https):// + * Tests if the text provided contains a URL. This is somewhat limited + * search in that it only looks for (ftp|http|https):// * * @param text the text to search * @return true if the text contains a url, otherwise false @@ -67,14 +67,16 @@ public final class UrlStringUtils { return IS_URL_TEST.matcher(text).matches(); } /** - * A listing of domain parts that should not be used as evidence. Yes, this is an incomplete list. + * A listing of domain parts that should not be used as evidence. Yes, this + * is an incomplete list. */ private static final Set IGNORE_LIST = new HashSet<>( Arrays.asList("www", "com", "org", "gov", "info", "name", "net", "pro", "tel", "mobi", "xxx")); /** *

- * Takes a URL, in String format, and adds the important parts of the URL to a list of strings.

+ * Takes a URL, in String format, and adds the important parts of the URL to + * a list of strings.

*

* Example, given the following input:

* "https://www.somedomain.com/path1/path2/file.php?id=439" @@ -99,14 +101,21 @@ public final class UrlStringUtils { } final String document = url.getPath(); final String[] pathParts = document.split("[\\//]"); - for (int i = 0; i < pathParts.length - 2; i++) { + for (int i = 0; i < pathParts.length - 1; i++) { if (!pathParts[i].isEmpty()) { importantParts.add(pathParts[i]); } } if (pathParts.length > 0 && !pathParts[pathParts.length - 1].isEmpty()) { - final String fileNameNoExt = pathParts[pathParts.length - 1].replaceAll("\\..*{0,5}$", ""); - importantParts.add(fileNameNoExt); + final String tmp = pathParts[pathParts.length - 1]; + final int pos = tmp.lastIndexOf('.'); + if (pos > 1) { + importantParts.add(tmp.substring(0, pos)); + } else if (pos == 0 && tmp.length()>1) { + importantParts.add(tmp.substring(1)); + } else { + importantParts.add(tmp); + } } return importantParts; } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/UrlStringUtilsTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/UrlStringUtilsTest.java new file mode 100644 index 000000000..8107aa31d --- /dev/null +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/UrlStringUtilsTest.java @@ -0,0 +1,74 @@ +/* + * This file is part of dependency-check-core. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2017 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck.utils; + +import java.util.Arrays; +import java.util.List; +import org.junit.Test; +import static org.junit.Assert.*; + +/** + * + * @author jeremy long + */ +public class UrlStringUtilsTest { + + /** + * Test of containsUrl method, of class UrlStringUtils. + */ + @Test + public void testContainsUrl() { + String text = "Test of https://github.com"; + assertTrue(UrlStringUtils.containsUrl(text)); + text = "Test of github.com"; + assertFalse(UrlStringUtils.containsUrl(text)); + } + + /** + * Test of isUrl method, of class UrlStringUtils. + */ + @Test + public void testIsUrl() { + String text = "https://github.com"; + assertTrue(UrlStringUtils.isUrl(text)); + text = "simple text"; + assertFalse(UrlStringUtils.isUrl(text)); + } + + /** + * Test of extractImportantUrlData method, of class UrlStringUtils. + */ + @Test + public void testExtractImportantUrlData() throws Exception { + String text = "http://github.com/jeremylong/DependencyCheck/index.html"; + List expResult = Arrays.asList("github", "jeremylong", "DependencyCheck", "index");; + List result = UrlStringUtils.extractImportantUrlData(text); + assertEquals(expResult, result); + + text = "http://github.com/jeremylong/DependencyCheck/.gitignore"; + expResult = Arrays.asList("github", "jeremylong", "DependencyCheck", "gitignore");; + result = UrlStringUtils.extractImportantUrlData(text); + assertEquals(expResult, result); + + text = "http://github.com/jeremylong/DependencyCheck/something"; + expResult = Arrays.asList("github", "jeremylong", "DependencyCheck", "something");; + result = UrlStringUtils.extractImportantUrlData(text); + assertEquals(expResult, result); + } + +}