github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-20 00:04:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

290: Added unit tests and implementation to support bzip2.

Browse Source
This commit is contained in:
Dale Visser
2015-08-05 16:00:03 -04:00
parent 56424924bb
commit 4764f61b48
4 changed files with 65 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -24,6 +24,8 @@ import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream; import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream;
import org.apache.commons.compress.archivers.zip.ZipFile; import org.apache.commons.compress.archivers.zip.ZipFile;
import org.apache.commons.compress.compressors.CompressorInputStream; import org.apache.commons.compress.compressors.CompressorInputStream;
import org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream;
import org.apache.commons.compress.compressors.bzip2.BZip2Utils;
import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream; import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
import org.apache.commons.compress.compressors.gzip.GzipUtils; import org.apache.commons.compress.compressors.gzip.GzipUtils;
import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.Engine;
@@ -87,15 +89,16 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
*/ */
private static final Set<String> ZIPPABLES = newHashSet("zip", "ear", "war", "jar", "sar", "apk", "nupkg"); private static final Set<String> ZIPPABLES = newHashSet("zip", "ear", "war", "jar", "sar", "apk", "nupkg");
/** /**
* The set of file extensions supported by this analyzer. Note for developers, any additions to this list will need to be * The set of file extensions supported by this analyzer. Note for developers, any additions to this list will need
* explicitly handled in extractFiles(). * to be explicitly handled in {@link #extractFiles(File, File, Engine)}.
*/ */
private static final Set<String> EXTENSIONS = newHashSet("tar", "gz", "tgz"); private static final Set<String> EXTENSIONS = newHashSet("tar", "gz", "tgz", "bz2", "tbz2");
/** /**
* Detects files with extensions to remove from the engine's collection of dependencies. * Detects files with extensions to remove from the engine's collection of dependencies.
*/ */
private static final FileFilter REMOVE_FROM_ANALYSIS = FileFilterBuilder.newInstance().addExtensions("zip", "tar", "gz", "tgz").build(); private static final FileFilter REMOVE_FROM_ANALYSIS =
FileFilterBuilder.newInstance().addExtensions("zip", "tar", "gz", "tgz", "bz2", "tbz2").build();
static { static {
final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS); final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
@@ -331,6 +334,12 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
if (engine.accept(f)) { if (engine.accept(f)) {
decompressFile(new GzipCompressorInputStream(new BufferedInputStream(fis)), f); decompressFile(new GzipCompressorInputStream(new BufferedInputStream(fis)), f);
} }
} else if ("bz2".equals(archiveExt) || "tbz2".equals(archiveExt)) {
final String uncompressedName = BZip2Utils.getUncompressedFilename(archive.getName());
final File f = new File(destination, uncompressedName);
if (engine.accept(f)) {
decompressFile(new BZip2CompressorInputStream(new BufferedInputStream(fis)), f);
}
} }
} catch (ArchiveExtractionException ex) { } catch (ArchiveExtractionException ex) {
LOGGER.warn("Exception extracting archive '{}'.", archive.getName()); LOGGER.warn("Exception extracting archive '{}'.", archive.getName());

74
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java
View File

@@ -51,6 +51,8 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
expResult.add("tar"); expResult.add("tar");
expResult.add("gz"); expResult.add("gz");
expResult.add("tgz"); expResult.add("tgz");
expResult.add("bz2");
expResult.add("tbz2");
for (String ext : expResult) { for (String ext : expResult) {
assertTrue(ext, instance.accept(new File("test." + ext))); assertTrue(ext, instance.accept(new File("test." + ext)));
} }
@@ -197,28 +199,31 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
} }
} }
// /** /**
// * Test of analyze method, of class ArchiveAnalyzer. * Test of analyze method, of class ArchiveAnalyzer.
// */ */
// @Test @Test
// public void testNestedZipFolder() throws Exception { public void testAnalyzeTarBz2() throws Exception {
// ArchiveAnalyzer instance = new ArchiveAnalyzer(); ArchiveAnalyzer instance = new ArchiveAnalyzer();
// try { instance.accept(new File("zip")); //ensure analyzer is "enabled"
// instance.initialize(); try {
// instance.initialize();
// File file = new File(this.getClass().getClassLoader().getResource("nested.zip").getPath()); File file = BaseTest.getResourceAsFile(this, "file.tar.bz2");
// Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
// Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
// Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
// Engine engine = new Engine(); Engine engine = new Engine();
// int initial_size = engine.getDependencies().size();
// engine.scan(file); engine.scan(file);
// engine.analyzeDependencies(); engine.analyzeDependencies();
// int ending_size = engine.getDependencies().size();
// } finally { engine.cleanup();
// instance.close(); assertTrue(initial_size < ending_size);
// } } finally {
// } instance.close();
}
}
/** /**
* Test of analyze method, of class ArchiveAnalyzer. * Test of analyze method, of class ArchiveAnalyzer.
*/ */
@@ -248,6 +253,31 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
} }
} }
/**
* Test of analyze method, of class ArchiveAnalyzer.
*/
@Test
public void testAnalyzeTbz2() throws Exception {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
instance.accept(new File("zip")); //ensure analyzer is "enabled"
try {
instance.initialize();
File file = BaseTest.getResourceAsFile(this, "file.tbz2");
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
Engine engine = new Engine();
int initial_size = engine.getDependencies().size();
engine.scan(file);
engine.analyzeDependencies();
int ending_size = engine.getDependencies().size();
engine.cleanup();
assertTrue(initial_size < ending_size);
} finally {
instance.close();
}
}
/** /**
* Test of analyze method, of class ArchiveAnalyzer. * Test of analyze method, of class ArchiveAnalyzer.
*/ */

BIN
dependency-check-core/src/test/resources/file.tar.bz2 Normal file
View File

Binary file not shown.

BIN
dependency-check-core/src/test/resources/file.tbz2 Normal file
View File

Binary file not shown.