290: Added unit tests and implementation to support bzip2.

2026-01-15 08:13:43 +01:00 · 2015-08-05 16:00:03 -04:00
parent 56424924bb
commit 4764f61b48
4 changed files with 65 additions and 26 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -24,6 +24,8 @@ import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
 import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream;
 import org.apache.commons.compress.archivers.zip.ZipFile;
 import org.apache.commons.compress.compressors.CompressorInputStream;
+import org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream;
+import org.apache.commons.compress.compressors.bzip2.BZip2Utils;
 import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
 import org.apache.commons.compress.compressors.gzip.GzipUtils;
 import org.owasp.dependencycheck.Engine;
@@ -87,15 +89,16 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
     */
    private static final Set<String> ZIPPABLES = newHashSet("zip", "ear", "war", "jar", "sar", "apk", "nupkg");
    /**
-     * The set of file extensions supported by this analyzer. Note for developers, any additions to this list will need to be
-     * explicitly handled in extractFiles().
+     * The set of file extensions supported by this analyzer. Note for developers, any additions to this list will need
+     * to be explicitly handled in {@link #extractFiles(File, File, Engine)}.
     */
-    private static final Set<String> EXTENSIONS = newHashSet("tar", "gz", "tgz");
+    private static final Set<String> EXTENSIONS = newHashSet("tar", "gz", "tgz", "bz2", "tbz2");

    /**
     * Detects files with extensions to remove from the engine's collection of dependencies.
     */
-    private static final FileFilter REMOVE_FROM_ANALYSIS = FileFilterBuilder.newInstance().addExtensions("zip", "tar", "gz", "tgz").build();
+    private static final FileFilter REMOVE_FROM_ANALYSIS =
+            FileFilterBuilder.newInstance().addExtensions("zip", "tar", "gz", "tgz", "bz2", "tbz2").build();

    static {
        final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
@@ -331,6 +334,12 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
                if (engine.accept(f)) {
                    decompressFile(new GzipCompressorInputStream(new BufferedInputStream(fis)), f);
                }
+            } else if ("bz2".equals(archiveExt) || "tbz2".equals(archiveExt)) {
+                final String uncompressedName = BZip2Utils.getUncompressedFilename(archive.getName());
+                final File f = new File(destination, uncompressedName);
+                if (engine.accept(f)) {
+                    decompressFile(new BZip2CompressorInputStream(new BufferedInputStream(fis)), f);
+                }
            }
        } catch (ArchiveExtractionException ex) {
            LOGGER.warn("Exception extracting archive '{}'.", archive.getName());
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java
@@ -51,6 +51,8 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
        expResult.add("tar");
        expResult.add("gz");
        expResult.add("tgz");
+        expResult.add("bz2");
+        expResult.add("tbz2");
        for (String ext : expResult) {
            assertTrue(ext, instance.accept(new File("test." + ext)));
        }
@@ -197,28 +199,31 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
        }
    }

-//    /**
-//     * Test of analyze method, of class ArchiveAnalyzer.
-//     */
-//    @Test
-//    public void testNestedZipFolder() throws Exception {
-//        ArchiveAnalyzer instance = new ArchiveAnalyzer();
-//        try {
-//            instance.initialize();
-//
-//            File file = new File(this.getClass().getClassLoader().getResource("nested.zip").getPath());
-//            Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
-//            Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
-//            Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
-//            Engine engine = new Engine();
-//
-//            engine.scan(file);
-//            engine.analyzeDependencies();
-//
-//        } finally {
-//            instance.close();
-//        }
-//    }
+    /**
+     * Test of analyze method, of class ArchiveAnalyzer.
+     */
+    @Test
+    public void testAnalyzeTarBz2() throws Exception {
+        ArchiveAnalyzer instance = new ArchiveAnalyzer();
+        instance.accept(new File("zip")); //ensure analyzer is "enabled"
+        try {
+            instance.initialize();
+            File file = BaseTest.getResourceAsFile(this, "file.tar.bz2");
+            Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
+            Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
+            Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
+            Engine engine = new Engine();
+            int initial_size = engine.getDependencies().size();
+            engine.scan(file);
+            engine.analyzeDependencies();
+            int ending_size = engine.getDependencies().size();
+            engine.cleanup();
+            assertTrue(initial_size < ending_size);
+        } finally {
+            instance.close();
+        }
+    }
+
    /**
     * Test of analyze method, of class ArchiveAnalyzer.
     */
@@ -248,6 +253,31 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
        }
    }

+    /**
+     * Test of analyze method, of class ArchiveAnalyzer.
+     */
+    @Test
+    public void testAnalyzeTbz2() throws Exception {
+        ArchiveAnalyzer instance = new ArchiveAnalyzer();
+        instance.accept(new File("zip")); //ensure analyzer is "enabled"
+        try {
+            instance.initialize();
+            File file = BaseTest.getResourceAsFile(this, "file.tbz2");
+            Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
+            Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
+            Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
+            Engine engine = new Engine();
+            int initial_size = engine.getDependencies().size();
+            engine.scan(file);
+            engine.analyzeDependencies();
+            int ending_size = engine.getDependencies().size();
+            engine.cleanup();
+            assertTrue(initial_size < ending_size);
+        } finally {
+            instance.close();
+        }
+    }
+
    /**
     * Test of analyze method, of class ArchiveAnalyzer.
     */
--- a/dependency-check-core/src/test/resources/file.tar.bz2
+++ b/dependency-check-core/src/test/resources/file.tar.bz2
--- a/dependency-check-core/src/test/resources/file.tbz2
+++ b/dependency-check-core/src/test/resources/file.tbz2