github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Changed AbstractFiletypeAnalyzer to expose getFileFilter() instead of getSupportedExtensions(), and

Browse Source 
refactored existing implementations to return a FileFilter instance. The new FileFilterBuilder class
encapsulates building of a filter that can consider the full filename or other attributes, in addition
to file extension.


Former-commit-id: 9c968c77cc2285d571d38b1a8486d05b09b12aa4
This commit is contained in:
Dale Visser
2015-06-26 18:18:07 -04:00
parent 9fbf8b58a1
commit 4d01d636cc
24 changed files with 382 additions and 422 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -37,6 +37,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.FileFilter;
import java.util.ArrayList;
import java.util.EnumMap;
import java.util.HashSet;
@@ -50,7 +51,7 @@ import java.util.Set;
*
* @author Jeremy Long
*/
public class Engine {
public class Engine implements FileFilter{
/**
* The list of dependencies.
@@ -317,7 +318,7 @@ public class Engine {
extension = fileName;
}
Dependency dependency = null;
if (supportsExtension(extension)) {
if (accept(file)) {
dependency = new Dependency(file);
if (extension.equals(fileName)) {
dependency.setFileExtension(extension);
@@ -379,7 +380,7 @@ public class Engine {
boolean shouldAnalyze = true;
if (a instanceof FileTypeAnalyzer) {
final FileTypeAnalyzer fAnalyzer = (FileTypeAnalyzer) a;
shouldAnalyze = fAnalyzer.supportsExtension(d.getFileExtension());
shouldAnalyze = fAnalyzer.accept(d.getActualFile());
}
if (shouldAnalyze) {
LOGGER.debug("Begin Analysis of '{}'", d.getActualFilePath());
@@ -482,18 +483,18 @@ public class Engine {
/**
* Checks all analyzers to see if an extension is supported.
*
* @param ext a file extension
* @param file a file extension
* @return true or false depending on whether or not the file extension is supported
*/
public boolean supportsExtension(String ext) {
if (ext == null) {
public boolean accept(File file) {
if (file == null) {
return false;
}
boolean scan = false;
for (FileTypeAnalyzer a : this.fileTypeAnalyzers) {
/* note, we can't break early on this loop as the analyzers need to know if
they have files to work on prior to initialization */
scan |= a.supportsExtension(ext);
scan |= a.accept(file);
}
return scan;
}

76
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
View File

@@ -17,9 +17,15 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.io.File;
import java.io.FileFilter;
import java.util.*;
import org.apache.commons.io.IOCase;
import org.apache.commons.io.filefilter.IOFileFilter;
import org.apache.commons.io.filefilter.NameFileFilter;
import org.apache.commons.io.filefilter.OrFileFilter;
import org.apache.commons.io.filefilter.SuffixFileFilter;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
@@ -36,6 +42,7 @@ import org.slf4j.LoggerFactory;
public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implements FileTypeAnalyzer {
//<editor-fold defaultstate="collapsed" desc="Constructor">
/**
* Base constructor that all children must call. This checks the configuration to determine if the analyzer is
* enabled.
@@ -98,21 +105,20 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="Abstract methods children must implement">
/**
* <p>
* Returns a list of supported file extensions. An example would be an analyzer that inspected java jar files. The
* getSupportedExtensions function would return a set with a single element "jar".</p>
* Returns the {@link java.io.FileFilter} used to determine which files are to be analyzed.
* An example would be an analyzer that inspected Java jar files. Implementors may use
* {@link org.owasp.dependencycheck.utils.FileFilterBuilder}.</p>
*
* @return the file filter used to determine which files are to be analyzed
* <p/>
* <p>
* <b>Note:</b> when implementing this the extensions returned MUST be lowercase.</p>
*
* @return The file extensions supported by this analyzer.
*
* <p>
* If the analyzer returns null it will not cause additional files to be analyzed but will be executed against every
* file loaded</p>
* If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against
* every file loaded.</p>
*/
protected abstract Set<String> getSupportedExtensions();
protected abstract FileFilter getFileFilter();
/**
* Initializes the file type analyzer.
@@ -126,7 +132,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
* @param engine the engine scanning
* @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException;
@@ -141,6 +147,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="Final implementations for the Analyzer interface">
/**
* Initializes the analyzer.
*
@@ -175,7 +182,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
* @param engine the engine scanning
* @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
@Override
@@ -185,38 +192,30 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
}
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this analyzer.
*/
@Override
public final boolean supportsExtension(String extension) {
if (!enabled) {
return false;
}
final Set<String> ext = getSupportedExtensions();
if (ext == null) {
LOGGER.error("The '{}' analyzer is misconfigured and does not have any file extensions;"
+ " it will be disabled", getName());
return false;
} else {
final boolean match = ext.contains(extension);
if (match) {
filesMatched = match;
public boolean accept(File pathname) {
FileFilter filter = getFileFilter();
boolean accepted = false;
if (null == filter) {
LOGGER.error("The '{}' analyzer is misconfigured and does not have a file filter; it will be disabled", getName());
} else if (enabled) {
accepted = filter.accept(pathname);
if (accepted) {
filesMatched = true;
}
return match;
}
return accepted;
}
//</editor-fold>
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="Static utility methods">
/**
* <p>
* Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a
* final static declaration.</p>
*
* <p/>
* <p>
* This implementation was copied from
* http://stackoverflow.com/questions/2041778/initialize-java-hashset-values-by-construction</p>
@@ -226,9 +225,10 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
*/
protected static Set<String> newHashSet(String... strings) {
final Set<String> set = new HashSet<String>();
Collections.addAll(set, strings);
return set;
}
//</editor-fold>
}

46
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -17,13 +17,7 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
@@ -31,6 +25,7 @@ import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.commons.compress.archivers.ArchiveEntry;
import org.apache.commons.compress.archivers.ArchiveInputStream;
import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
@@ -44,6 +39,7 @@ import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
@@ -116,14 +112,11 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
EXTENSIONS.addAll(ZIPPABLES);
}
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
@Override
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
protected FileFilter getFileFilter() {
return FILTER;
}
/**
@@ -197,7 +190,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
* @param engine the engine scanning
* @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
@Override
@@ -229,14 +222,14 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
//TODO - can we get more evidence from the parent? EAR contains module name, etc.
//analyze the dependency (i.e. extract files) if it is a supported type.
if (this.supportsExtension(d.getFileExtension()) && scanDepth < MAX_SCAN_DEPTH) {
if (this.accept(d.getActualFile()) && scanDepth < MAX_SCAN_DEPTH) {
scanDepth += 1;
analyze(d, engine);
scanDepth -= 1;
}
}
}
if (this.REMOVE_FROM_ANALYSIS.contains(dependency.getFileExtension())) {
if (REMOVE_FROM_ANALYSIS.contains(dependency.getFileExtension())) {
if ("zip".equals(dependency.getFileExtension()) && isZipFileActuallyJarFile(dependency)) {
final File tdir = getNextTempDirectory();
final String fileName = dependency.getFileName();
@@ -295,9 +288,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Extracts the contents of an archive into the specified directory.
*
* @param archive an archive file such as a WAR or EAR
* @param archive an archive file such as a WAR or EAR
* @param destination a directory to extract the contents to
* @param engine the scanning engine
* @param engine the scanning engine
* @throws AnalysisException thrown if the archive is not found
*/
private void extractFiles(File archive, File destination, Engine engine) throws AnalysisException {
@@ -320,9 +313,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
extractArchive(new TarArchiveInputStream(new BufferedInputStream(fis)), destination, engine);
} else if ("gz".equals(archiveExt) || "tgz".equals(archiveExt)) {
final String uncompressedName = GzipUtils.getUncompressedFilename(archive.getName());
final String uncompressedExt = FileUtils.getFileExtension(uncompressedName).toLowerCase();
if (engine.supportsExtension(uncompressedExt)) {
decompressFile(new GzipCompressorInputStream(new BufferedInputStream(fis)), new File(destination, uncompressedName));
File f = new File(destination, uncompressedName);
if (engine.accept(f)) {
decompressFile(new GzipCompressorInputStream(new BufferedInputStream(fis)), f);
}
}
} catch (ArchiveExtractionException ex) {
@@ -343,9 +336,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Extracts files from an archive.
*
* @param input the archive to extract files from
* @param input the archive to extract files from
* @param destination the location to write the files too
* @param engine the dependency-check engine
* @param engine the dependency-check engine
* @throws ArchiveExtractionException thrown if there is an exception extracting files from the archive
*/
private void extractArchive(ArchiveInputStream input, File destination, Engine engine) throws ArchiveExtractionException {
@@ -362,8 +355,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
}
} else {
final File file = new File(destination, entry.getName());
final String ext = FileUtils.getFileExtension(file.getName());
if (engine.supportsExtension(ext)) {
if (engine.accept(file)) {
LOGGER.debug("Extracting '{}'", file.getPath());
BufferedOutputStream bos = null;
FileOutputStream fos = null;
@@ -429,7 +421,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
* Decompresses a file.
*
* @param inputStream the compressed file
* @param outputFile the location to write the decompressed file
* @param outputFile the location to write the decompressed file
* @throws ArchiveExtractionException thrown if there is an exception decompressing the file
*/
private void decompressFile(CompressorInputStream inputStream, File outputFile) throws ArchiveExtractionException {

41
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
View File

@@ -17,22 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import ch.qos.cal10n.IMessageConveyor;
import ch.qos.cal10n.MessageConveyor;
import org.owasp.dependencycheck.Engine;
@@ -41,12 +25,23 @@ import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.utils.DCResources;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.cal10n.LocLogger;
import org.slf4j.cal10n.LocLoggerFactory;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import java.io.*;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
/**
* Analyzer for getting company, product, and version information from a .NET assembly.
*
@@ -66,7 +61,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The list of supported extensions
*/
private static final Set<String> SUPPORTED_EXTENSIONS = newHashSet("dll", "exe");
private static final String[] SUPPORTED_EXTENSIONS = {"dll", "exe"};
/**
* The temp value for GrokAssembly.exe
*/
@@ -296,14 +291,12 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
}
}
/**
* Gets the set of extensions supported by this analyzer.
*
* @return the list of supported extensions
*/
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(
SUPPORTED_EXTENSIONS).build();
@Override
public Set<String> getSupportedExtensions() {
return SUPPORTED_EXTENSIONS;
protected FileFilter getFileFilter() {
return FILTER;
}
/**

32
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
View File

@@ -17,23 +17,24 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.UrlStringUtils;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* Used to analyze Autoconf input files named configure.ac or configure.in. Files simply named "configure" are also analyzed,
* assuming they are generated by Autoconf, and contain certain special package descriptor variables.
@@ -71,8 +72,7 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = newHashSet("ac", "in",
CONFIGURE);
private static final String[] EXTENSIONS = {"ac", "in"};
/**
* Matches AC_INIT variables in the output configure script.
@@ -103,14 +103,12 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
| Pattern.CASE_INSENSITIVE);
}
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addFilenames(CONFIGURE).addExtensions(
EXTENSIONS).build();
@Override
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
protected FileFilter getFileFilter() {
return FILTER;
}
/**

31
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
View File

@@ -17,12 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
import java.util.List;
import java.util.Set;
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
@@ -31,14 +25,18 @@ import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.utils.*;
import org.owasp.dependencycheck.xml.pom.PomUtils;
import org.owasp.dependencycheck.utils.DownloadFailedException;
import org.owasp.dependencycheck.utils.Downloader;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.FileFilter;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
import java.util.List;
/**
* Analyzer which will attempt to locate a dependency, and the GAV information, by querying Central for the dependency's SHA-1
* digest.
@@ -65,7 +63,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The types of files on which this will work.
*/
private static final Set<String> SUPPORTED_EXTENSIONS = newHashSet("jar");
private static final String SUPPORTED_EXTENSIONS = "jar";
/**
* The analyzer should be disabled if there are errors, so this is a flag to determine if such an error has occurred.
@@ -163,14 +161,11 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYSIS_PHASE;
}
/**
* Returns the extensions for which this Analyzer runs.
*
* @return the extensions for which this Analyzer runs
*/
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(SUPPORTED_EXTENSIONS).build();
@Override
public Set<String> getSupportedExtensions() {
return SUPPORTED_EXTENSIONS;
protected FileFilter getFileFilter() {
return FILTER;
}
/**

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileTypeAnalyzer.java
View File

@@ -17,20 +17,14 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.io.FileFilter;
/**
* An Analyzer that scans specific file types.
*
* @author Jeremy Long
*/
public interface FileTypeAnalyzer extends Analyzer {
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this analyzer.
*/
boolean supportsExtension(String extension);
public interface FileTypeAnalyzer extends Analyzer, FileFilter {
/**
* Resets the analyzers state.

25
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -17,14 +17,7 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.Reader;
import java.io.*;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
@@ -47,6 +40,7 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.xml.pom.License;
import org.owasp.dependencycheck.xml.pom.PomUtils;
import org.owasp.dependencycheck.xml.pom.Model;
@@ -168,16 +162,13 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = newHashSet("jar", "war");
private static final String[] EXTENSIONS = {"jar", "war"};
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
@Override
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
protected FileFilter getFileFilter() {
return FILTER;
}
/**
@@ -388,7 +379,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @param dependency the dependency being analyzed
* @return returns the POM object
* @throws AnalysisException is thrown if there is an exception extracting or parsing the POM
* {@link org.owasp.dependencycheck.jaxb.pom.generated.Model} object
* {@link org.owasp.dependencycheck.xml.pom.Model} object
*/
private Model extractPom(String path, JarFile jar, Dependency dependency) throws AnalysisException {
InputStream input = null;

24
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
View File

@@ -17,20 +17,17 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.util.Set;
import java.util.regex.Pattern;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.*;
import java.util.regex.Pattern;
/**
*
* Used to analyze a JavaScript file to gather information to aid in identification of a CPE identifier.
@@ -56,16 +53,13 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = newHashSet("js");
private static final String EXTENSIONS = "js";
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
@Override
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
protected FileFilter getFileFilter() {
return FILTER;
}
/**

31
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
View File

@@ -17,12 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Set;
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
@@ -31,14 +25,18 @@ import org.owasp.dependencycheck.data.nexus.NexusSearch;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.utils.*;
import org.owasp.dependencycheck.xml.pom.PomUtils;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.DownloadFailedException;
import org.owasp.dependencycheck.utils.Downloader;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.FileFilter;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
/**
* Analyzer which will attempt to locate a dependency on a Nexus service by SHA-1 digest of the dependency.
*
@@ -78,7 +76,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The types of files on which this will work.
*/
private static final Set<String> SUPPORTED_EXTENSIONS = newHashSet("jar");
private static final String SUPPORTED_EXTENSIONS = "jar";
/**
* The Nexus Search to be set up for this analyzer.
@@ -183,14 +181,11 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYSIS_PHASE;
}
/**
* Returns the extensions for which this Analyzer runs.
*
* @return the extensions for which this Analyzer runs
*/
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(SUPPORTED_EXTENSIONS).build();
@Override
public Set<String> getSupportedExtensions() {
return SUPPORTED_EXTENSIONS;
protected FileFilter getFileFilter() {
return FILTER;
}
/**

24
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
View File

@@ -17,10 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Set;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nuget.NugetPackage;
@@ -29,10 +25,16 @@ import org.owasp.dependencycheck.data.nuget.NuspecParser;
import org.owasp.dependencycheck.data.nuget.XPathNuspecParser;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
/**
* Analyzer which will parse a Nuspec file to gather module information.
*
@@ -58,7 +60,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The types of files on which this will work.
*/
private static final Set<String> SUPPORTED_EXTENSIONS = newHashSet("nuspec");
private static final String SUPPORTED_EXTENSIONS = "nuspec";
/**
* Initializes the analyzer once before any analysis is performed.
@@ -99,14 +101,12 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYSIS_PHASE;
}
/**
* Returns the extensions for which this Analyzer runs.
*
* @return the extensions for which this Analyzer runs
*/
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(
SUPPORTED_EXTENSIONS).build();
@Override
public Set<String> getSupportedExtensions() {
return SUPPORTED_EXTENSIONS;
protected FileFilter getFileFilter() {
return FILTER;
}
/**

59
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
View File

@@ -17,17 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FilenameFilter;
import java.util.Set;
import java.util.regex.Pattern;
import javax.mail.MessagingException;
import javax.mail.internet.InternetHeaders;
import org.apache.commons.io.filefilter.NameFileFilter;
import org.apache.commons.io.filefilter.SuffixFileFilter;
import org.apache.commons.io.input.AutoCloseInputStream;
@@ -37,14 +26,15 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
import org.owasp.dependencycheck.utils.ExtractionException;
import org.owasp.dependencycheck.utils.ExtractionUtil;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.UrlStringUtils;
import org.owasp.dependencycheck.utils.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.mail.MessagingException;
import javax.mail.internet.InternetHeaders;
import java.io.*;
import java.util.regex.Pattern;
/**
* Used to analyze a Wheel or egg distribution files, or their contents in unzipped form, and collect information that can be used
* to determine the associated CPE.
@@ -86,11 +76,10 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = newHashSet("whl", "egg",
"zip", METADATA, PKG_INFO);
private static final String[] EXTENSIONS = {"whl", "egg", "zip"};
/**
* Used to match on egg archive candidate extenssions.
* Used to match on egg archive candidate extensions.
*/
private static final Pattern EGG_OR_ZIP = Pattern.compile("egg|zip");
@@ -114,23 +103,21 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Filter that detects files named "METADATA".
*/
private static final FilenameFilter METADATA_FILTER = new NameFileFilter(
private static final NameFileFilter METADATA_FILTER = new NameFileFilter(
METADATA);
/**
* Filter that detects files named "PKG-INFO".
*/
private static final FilenameFilter PKG_INFO_FILTER = new NameFileFilter(
private static final NameFileFilter PKG_INFO_FILTER = new NameFileFilter(
PKG_INFO);
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addFileFilters(
METADATA_FILTER, PKG_INFO_FILTER).addExtensions(EXTENSIONS).build();
@Override
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
protected FileFilter getFileFilter() {
return FILTER;
}
/**
@@ -194,13 +181,13 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Collects the meta data from an archive.
*
* @param dependency the archive being scanned
* @param folderFilter the filter to apply to the folder
* @param dependency the archive being scanned
* @param folderFilter the filter to apply to the folder
* @param metadataFilter the filter to apply to the meta data
* @throws AnalysisException thrown when there is a problem analyzing the dependency
*/
private void collectMetadataFromArchiveFormat(Dependency dependency,
FilenameFilter folderFilter, FilenameFilter metadataFilter)
FilenameFilter folderFilter, FilenameFilter metadataFilter)
throws AnalysisException {
final File temp = getNextTempDirectory();
LOGGER.debug("{} exists? {}", temp, temp.exists());
@@ -260,7 +247,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
* Gathers evidence from the METADATA file.
*
* @param dependency the dependency being analyzed
* @param file a reference to the manifest/properties file
* @param file a reference to the manifest/properties file
* @throws AnalysisException thrown when there is an error
*/
private static void collectWheelMetadata(Dependency dependency, File file)
@@ -290,13 +277,13 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Adds a value to the evidence collection.
*
* @param headers the properties collection
* @param evidence the evidence collection to add the value
* @param property the property name
* @param headers the properties collection
* @param evidence the evidence collection to add the value
* @param property the property name
* @param confidence the confidence of the evidence
*/
private static void addPropertyToEvidence(InternetHeaders headers,
EvidenceCollection evidence, String property, Confidence confidence) {
EvidenceCollection evidence, String property, Confidence confidence) {
final String value = headers.getHeader(property, null);
LOGGER.debug("Property: {}, Value: {}", property, value);
if (StringUtils.isNotBlank(value)) {

39
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
View File

@@ -17,17 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.filefilter.NameFileFilter;
import org.apache.commons.io.filefilter.SuffixFileFilter;
@@ -36,11 +25,21 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.UrlStringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* Used to analyze a Python package, and collect information that can be used to determine the associated CPE.
*
@@ -63,8 +62,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Filename extensions for files to be analyzed.
*/
private static final Set<String> EXTENSIONS = Collections
.unmodifiableSet(Collections.singleton("py"));
private static final String EXTENSIONS = "py";
/**
* Pattern for matching the module docstring in a source file.
@@ -134,14 +132,11 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
return AnalysisPhase.INFORMATION_COLLECTION;
}
/**
* Returns the set of supported file extensions.
*
* @return the set of supported file extensions
*/
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
@Override
protected Set<String> getSupportedExtensions() {
return EXTENSIONS;
protected FileFilter getFileFilter() {
return FILTER;
}
/**
@@ -209,12 +204,12 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
*/
private boolean analyzeFileContents(Dependency dependency, File file)
throws AnalysisException {
String contents = "";
String contents;
try {
contents = FileUtils.readFileToString(file).trim();
} catch (IOException e) {
throw new AnalysisException(
"Problem occured while reading dependency file.", e);
"Problem occurred while reading dependency file.", e);
}
boolean found = false;
if (!contents.isEmpty()) {

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java
View File

@@ -109,8 +109,7 @@ public final class ExtractionUtil {
}
} else {
final File file = new File(extractTo, entry.getName());
final String ext = getFileExtension(file.getName());
if (engine == null || engine.supportsExtension(ext)) {
if (engine == null || engine.accept(file)) {
BufferedOutputStream bos = null;
FileOutputStream fos;
try {

113
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileFilterBuilder.java Normal file
View File

@@ -0,0 +1,113 @@
/*
* This file is part of dependency-check-core.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import org.apache.commons.io.filefilter.IOFileFilter;
import org.apache.commons.io.filefilter.NameFileFilter;
import org.apache.commons.io.filefilter.OrFileFilter;
import org.apache.commons.io.filefilter.SuffixFileFilter;
import java.io.File;
import java.io.FileFilter;
import java.util.*;
/**
* Utility class for building useful {@link FileFilter} instances for
* {@link org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer} implementations. The built filter uses
* {@link OrFileFilter} to logically OR the given filter conditions.
*
* @author Dale Visser <dvisser@ida.org>
*/
public class FileFilterBuilder {
public static FileFilterBuilder newInstance(){
return new FileFilterBuilder();
}
private Set<String> filenames = new HashSet<String>();
/**
* Add to the set of filenames to accept for analysis. Case sensitivity is assumed.
*
* @param names one or more filenames to accept for analysis
*/
public FileFilterBuilder addFilenames(String... names) {
filenames.addAll(Arrays.asList(names));
return this;
}
private Set<String> extensions = new HashSet<String>();
/**
* Add to the set of file extensions to accept for analysis. Case sensitivity is assumed.
*
* @param extensions one or more file extensions to accept for analysis
*/
public FileFilterBuilder addExtensions(String... extensions) {
return this.addExtensions(Arrays.asList(extensions));
}
/**
* Add to the set of file extensions to accept for analysis. Case sensitivity is assumed.
*
* @param extensions one or more file extensions to accept for analysis
*/
public FileFilterBuilder addExtensions(Iterable<String> extensions){
for (String extension : extensions) {
// Ultimately, SuffixFileFilter will be used, and the "." needs to be explicit.
this.extensions.add(extension.startsWith(".") ? extension : "." + extension);
}
return this;
}
private List<IOFileFilter> fileFilters = new ArrayList<IOFileFilter>();
/**
* Add to a list of {@link IOFileFilter} instances to consult for whether to accept a file for analysis.
*
* @param filters one or more file filters to consult for whether to accept for analysis
*/
public FileFilterBuilder addFileFilters(IOFileFilter... filters) {
fileFilters.addAll(Arrays.asList(filters));
return this;
}
/**
* Builds the filter and returns it.
*
* @return a filter that is the logical OR of all the conditions provided by the add... methods
* @throws IllegalStateException if no add... method has been called with one or more arguments
*/
public FileFilter build() {
if (filenames.isEmpty() && extensions.isEmpty() && fileFilters.isEmpty()) {
throw new IllegalStateException("May only be invoked after at least one add... method has been invoked.");
}
OrFileFilter filter = new OrFileFilter();
if (!filenames.isEmpty()) {
filter.addFileFilter(new NameFileFilter(new ArrayList<String>(filenames)));
}
if (!extensions.isEmpty()) {
filter.addFileFilter(new SuffixFileFilter(new ArrayList<String>(extensions)));
}
for (IOFileFilter iof : fileFilters) {
filter.addFileFilter(iof);
}
return filter;
}
}

41
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java
View File

@@ -20,8 +20,7 @@ package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.util.HashSet;
import java.util.Set;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.*;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
@@ -39,7 +38,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
* Test of getSupportedExtensions method, of class ArchiveAnalyzer.
*/
@Test
public void testGetSupportedExtensions() {
public void testSupportsExtensions() {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
Set<String> expResult = new HashSet<String>();
expResult.add("zip");
@@ -52,8 +51,9 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
expResult.add("tar");
expResult.add("gz");
expResult.add("tgz");
Set result = instance.getSupportedExtensions();
assertEquals(expResult, result);
for (String ext : expResult) {
assertTrue(ext, instance.accept(new File("test." + ext)));
}
}
/**
@@ -72,28 +72,9 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
*/
@Test
public void testSupportsExtension() {
String extension = "7z"; //not supported
String extension = "test.7z"; //not supported
ArchiveAnalyzer instance = new ArchiveAnalyzer();
boolean expResult = false;
boolean result = instance.supportsExtension(extension);
assertEquals(expResult, result);
extension = "war"; //supported
expResult = true;
result = instance.supportsExtension(extension);
assertEquals(expResult, result);
extension = "ear"; //supported
result = instance.supportsExtension(extension);
assertEquals(expResult, result);
extension = "zip"; //supported
result = instance.supportsExtension(extension);
assertEquals(expResult, result);
extension = "nupkg"; //supported
result = instance.supportsExtension(extension);
assertEquals(expResult, result);
assertFalse(extension, instance.accept(new File(extension)));
}
/**
@@ -129,7 +110,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
public void testAnalyze() throws Exception {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
//trick the analyzer into thinking it is active.
instance.supportsExtension("ear");
instance.accept(new File("test.ear"));
try {
instance.initialize();
File file = BaseTest.getResourceAsFile(this, "daytrader-ear-2.1.7.ear");
@@ -160,7 +141,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
public void testAnalyzeTar() throws Exception {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
//trick the analyzer into thinking it is active so that it will initialize
instance.supportsExtension("tar");
instance.accept(new File("test.tar"));
try {
instance.initialize();
@@ -191,7 +172,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
@Test
public void testAnalyzeTarGz() throws Exception {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
instance.supportsExtension("zip"); //ensure analyzer is "enabled"
instance.accept(new File("zip")); //ensure analyzer is "enabled"
try {
instance.initialize();
@@ -244,7 +225,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
@Test
public void testAnalyzeTgz() throws Exception {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
instance.supportsExtension("zip"); //ensure analyzer is "enabled"
instance.accept(new File("zip")); //ensure analyzer is "enabled"
try {
instance.initialize();

4
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java
View File

@@ -58,7 +58,7 @@ public class AssemblyAnalyzerTest extends BaseTest {
public void setUp() throws Exception {
try {
analyzer = new AssemblyAnalyzer();
analyzer.supportsExtension("dll");
analyzer.accept(new File("test.dll")); // trick into "thinking it is active"
analyzer.initialize();
} catch (Exception e) {
if (e.getMessage().contains("Could not execute .NET AssemblyAnalyzer")) {
@@ -155,7 +155,7 @@ public class AssemblyAnalyzerTest extends BaseTest {
System.setProperty(LOG_KEY, "error");
// Have to make a NEW analyzer because during setUp, it would have gotten the correct one
AssemblyAnalyzer aanalyzer = new AssemblyAnalyzer();
aanalyzer.supportsExtension("dll");
aanalyzer.accept(new File("test.dll")); // trick into "thinking it is active"
aanalyzer.initialize();
fail("Expected an AnalysisException");
} catch (AnalysisException ae) {

34
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java
View File

@@ -17,13 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import java.util.Arrays;
import java.util.HashSet;
import org.apache.commons.lang.StringUtils;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -31,6 +24,11 @@ import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import java.io.File;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
/**
* Unit tests for AutoconfAnalyzer. The test resources under autoconf/ were
* obtained from outside open source software projects. Links to those projects
@@ -164,27 +162,15 @@ public class AutoconfAnalyzerTest extends BaseTest {
}
/**
* Test of {@link AutoconfAnalyzer#getSupportedExtensions}.
* Test of {@link AutoconfAnalyzer#accept(File)}.
*/
@Test
public void testGetSupportedExtensions() {
final String[] expected = { "ac", "in", "configure" };
assertEquals("Supported extensions should just have the following: "
+ StringUtils.join(expected, ", "),
new HashSet<String>(Arrays.asList(expected)),
analyzer.getSupportedExtensions());
}
/**
* Test of {@link AutoconfAnalyzer#supportsExtension}.
*/
@Test
public void testSupportsExtension() {
public void testSupportsFileExtension() {
assertTrue("Should support \"ac\" extension.",
analyzer.supportsExtension("ac"));
analyzer.accept(new File("configure.ac")));
assertTrue("Should support \"in\" extension.",
analyzer.supportsExtension("in"));
analyzer.accept(new File("configure.in")));
assertTrue("Should support \"configure\" extension.",
analyzer.supportsExtension("configure"));
analyzer.accept(new File("configure")));
}
}

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java
View File

@@ -149,7 +149,7 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
HintAnalyzer hintAnalyzer = new HintAnalyzer();
JarAnalyzer jarAnalyzer = new JarAnalyzer();
jarAnalyzer.supportsExtension("jar");
jarAnalyzer.accept(new File("test.jar"));//trick analyzer into "thinking it is active"
jarAnalyzer.analyze(struts, null);
hintAnalyzer.analyze(struts, null);

39
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java
View File

@@ -17,19 +17,19 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import java.io.File;
import java.util.HashSet;
import java.util.Set;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
/**
*
* @author Jeremy Long
*/
public class JarAnalyzerTest extends BaseTest {
@@ -94,13 +94,14 @@ public class JarAnalyzerTest extends BaseTest {
* Test of getSupportedExtensions method, of class JarAnalyzer.
*/
@Test
public void testGetSupportedExtensions() {
public void testAcceptSupportedExtensions() throws Exception {
JarAnalyzer instance = new JarAnalyzer();
Set<String> expResult = new HashSet<String>();
expResult.add("jar");
expResult.add("war");
Set result = instance.getSupportedExtensions();
assertEquals(expResult, result);
instance.initialize();
instance.setEnabled(true);
String[] files = {"test.jar", "test.war"};
for (String name : files) {
assertTrue(name, instance.accept(new File(name)));
}
}
/**
@@ -114,16 +115,4 @@ public class JarAnalyzerTest extends BaseTest {
assertEquals(expResult, result);
}
/**
* Test of supportsExtension method, of class JarAnalyzer.
*/
@Test
public void testSupportsExtension() {
String extension = "jar";
JarAnalyzer instance = new JarAnalyzer();
boolean expResult = true;
boolean result = instance.supportsExtension(extension);
assertEquals(expResult, result);
}
}

31
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java
View File

@@ -17,15 +17,16 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.util.HashSet;
import java.util.Set;
import static org.junit.Assert.assertEquals;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
import java.io.File;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
/**
*
* @author Jeremy Long
@@ -36,12 +37,12 @@ public class JavaScriptAnalyzerTest extends BaseTest {
* Test of getSupportedExtensions method, of class JavaScriptAnalyzer.
*/
@Test
public void testGetSupportedExtensions() {
public void testAcceptSupportedExtensions() throws Exception {
JavaScriptAnalyzer instance = new JavaScriptAnalyzer();
Set<String> expResult = new HashSet<String>();
expResult.add("js");
Set result = instance.getSupportedExtensions();
assertEquals(expResult, result);
instance.initialize();
instance.setEnabled(true);
String name = "test.js";
assertTrue(name, instance.accept(new File(name)));
}
/**
@@ -56,18 +57,6 @@ public class JavaScriptAnalyzerTest extends BaseTest {
assertEquals(expResult, result);
}
/**
* Test of supportsExtension method, of class JavaScriptAnalyzer.
*/
@Test
public void testSupportsExtension() {
String extension = "js";
JavaScriptAnalyzer instance = new JavaScriptAnalyzer();
boolean expResult = true;
boolean result = instance.supportsExtension(extension);
assertEquals(expResult, result);
}
/**
* Test of getAnalysisPhase method, of class JavaScriptAnalyzer.
*/

15
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java
View File

@@ -24,6 +24,8 @@ import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import java.io.File;
public class NuspecAnalyzerTest extends BaseTest {
private NuspecAnalyzer instance;
@@ -31,6 +33,7 @@ public class NuspecAnalyzerTest extends BaseTest {
@Before
public void setUp() throws Exception {
instance = new NuspecAnalyzer();
instance.initialize();
instance.setEnabled(true);
}
@@ -40,15 +43,9 @@ public class NuspecAnalyzerTest extends BaseTest {
}
@Test
public void testGetSupportedExtensions() {
assertTrue(instance.getSupportedExtensions().contains("nuspec"));
assertFalse(instance.getSupportedExtensions().contains("nupkg"));
}
@Test
public void testSupportsExtension() {
assertTrue(instance.supportsExtension("nuspec"));
assertFalse(instance.supportsExtension("nupkg"));
public void testSupportsFileExtensions() {
assertTrue(instance.accept(new File("test.nuspec")));
assertFalse(instance.accept(new File("test.nupkg")));
}
@Test

38
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java
View File

@@ -17,13 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import java.util.Arrays;
import java.util.HashSet;
import org.apache.commons.lang.StringUtils;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -32,6 +25,11 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import java.io.File;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
/**
* Unit tests for PythonDistributionAnalyzer.
*
@@ -76,33 +74,21 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
analyzer.getName());
}
/**
* Test of getSupportedExtensions method, of class PythonDistributionAnalyzer.
*/
@Test
public void testGetSupportedExtensions() {
final String[] expected = {"whl", "egg", "zip", "METADATA", "PKG-INFO"};
assertEquals("Supported extensions should just have the following: "
+ StringUtils.join(expected, ", "),
new HashSet<String>(Arrays.asList(expected)),
analyzer.getSupportedExtensions());
}
/**
* Test of supportsExtension method, of class PythonDistributionAnalyzer.
*/
@Test
public void testSupportsExtension() {
public void testSupportsFiles() {
assertTrue("Should support \"whl\" extension.",
analyzer.supportsExtension("whl"));
analyzer.accept(new File("test.whl")));
assertTrue("Should support \"egg\" extension.",
analyzer.supportsExtension("egg"));
analyzer.accept(new File("test.egg")));
assertTrue("Should support \"zip\" extension.",
analyzer.supportsExtension("zip"));
analyzer.accept(new File("test.zip")));
assertTrue("Should support \"METADATA\" extension.",
analyzer.supportsExtension("METADATA"));
analyzer.accept(new File("METADATA")));
assertTrue("Should support \"PKG-INFO\" extension.",
analyzer.supportsExtension("PKG-INFO"));
analyzer.accept(new File("PKG-INFO")));
}
/**
@@ -119,7 +105,7 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
/**
* Test of inspect method, of class PythonDistributionAnalyzer.
*
* @throws Exception is thrown when an exception occurs.
* @throws AnalysisException is thrown when an exception occurs.
*/
@Test
public void testAnalyzeSitePackage() throws AnalysisException {

29
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java
View File

@@ -17,15 +17,7 @@
*/
package org.owasp.dependencycheck.analyzer;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import java.util.Arrays;
import java.util.HashSet;
import org.apache.commons.lang.StringUtils;
import org.junit.After;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
@@ -33,6 +25,11 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import java.io.File;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
/**
* Unit tests for PythonPackageAnalyzer.
*
@@ -77,25 +74,13 @@ public class PythonPackageAnalyzerTest extends BaseTest {
analyzer.getName());
}
/**
* Test of getSupportedExtensions method, of class PythonPackageAnalyzer.
*/
@Test
public void testGetSupportedExtensions() {
final String[] expected = {"py"};
assertEquals("Supported extensions should just have the following: "
+ StringUtils.join(expected, ", "),
new HashSet<String>(Arrays.asList(expected)),
analyzer.getSupportedExtensions());
}
/**
* Test of supportsExtension method, of class PythonPackageAnalyzer.
*/
@Test
public void testSupportsExtension() {
public void testSupportsFileExtension() {
assertTrue("Should support \"py\" extension.",
analyzer.supportsExtension("py"));
analyzer.accept(new File("test.py")));
}
@Test