diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
index 69036b9a9..a5b232990 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -37,6 +37,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
+import java.io.FileFilter;
import java.util.ArrayList;
import java.util.EnumMap;
import java.util.HashSet;
@@ -50,7 +51,7 @@ import java.util.Set;
*
* @author Jeremy Long
*/
-public class Engine {
+public class Engine implements FileFilter{
/**
* The list of dependencies.
@@ -317,7 +318,7 @@ public class Engine {
extension = fileName;
}
Dependency dependency = null;
- if (supportsExtension(extension)) {
+ if (accept(file)) {
dependency = new Dependency(file);
if (extension.equals(fileName)) {
dependency.setFileExtension(extension);
@@ -379,7 +380,7 @@ public class Engine {
boolean shouldAnalyze = true;
if (a instanceof FileTypeAnalyzer) {
final FileTypeAnalyzer fAnalyzer = (FileTypeAnalyzer) a;
- shouldAnalyze = fAnalyzer.supportsExtension(d.getFileExtension());
+ shouldAnalyze = fAnalyzer.accept(d.getActualFile());
}
if (shouldAnalyze) {
LOGGER.debug("Begin Analysis of '{}'", d.getActualFilePath());
@@ -482,18 +483,18 @@ public class Engine {
/**
* Checks all analyzers to see if an extension is supported.
*
- * @param ext a file extension
+ * @param file a file extension
* @return true or false depending on whether or not the file extension is supported
*/
- public boolean supportsExtension(String ext) {
- if (ext == null) {
+ public boolean accept(File file) {
+ if (file == null) {
return false;
}
boolean scan = false;
for (FileTypeAnalyzer a : this.fileTypeAnalyzers) {
/* note, we can't break early on this loop as the analyzers need to know if
they have files to work on prior to initialization */
- scan |= a.supportsExtension(ext);
+ scan |= a.accept(file);
}
return scan;
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
index 78f1499d2..c431e2326 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
@@ -17,9 +17,15 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
+import java.io.File;
+import java.io.FileFilter;
+import java.util.*;
+
+import org.apache.commons.io.IOCase;
+import org.apache.commons.io.filefilter.IOFileFilter;
+import org.apache.commons.io.filefilter.NameFileFilter;
+import org.apache.commons.io.filefilter.OrFileFilter;
+import org.apache.commons.io.filefilter.SuffixFileFilter;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
@@ -36,6 +42,7 @@ import org.slf4j.LoggerFactory;
public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implements FileTypeAnalyzer {
//
+
/**
* Base constructor that all children must call. This checks the configuration to determine if the analyzer is
* enabled.
@@ -98,21 +105,20 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
//
//
+
/**
*
- * Returns a list of supported file extensions. An example would be an analyzer that inspected java jar files. The
- * getSupportedExtensions function would return a set with a single element "jar".
+ * Returns the {@link java.io.FileFilter} used to determine which files are to be analyzed.
+ * An example would be an analyzer that inspected Java jar files. Implementors may use
+ * {@link org.owasp.dependencycheck.utils.FileFilterBuilder}.
*
+ * @return the file filter used to determine which files are to be analyzed
+ *
*
- * Note: when implementing this the extensions returned MUST be lowercase.
- *
- * @return The file extensions supported by this analyzer.
- *
- *
- * If the analyzer returns null it will not cause additional files to be analyzed but will be executed against every
- * file loaded
+ * If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against
+ * every file loaded.
*/
- protected abstract Set getSupportedExtensions();
+ protected abstract FileFilter getFileFilter();
/**
* Initializes the file type analyzer.
@@ -126,7 +132,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
- * @param engine the engine scanning
+ * @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException;
@@ -141,6 +147,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
//
//
+
/**
* Initializes the analyzer.
*
@@ -175,7 +182,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
- * @param engine the engine scanning
+ * @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
@Override
@@ -185,38 +192,30 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
}
}
- /**
- * Returns whether or not this analyzer can process the given extension.
- *
- * @param extension the file extension to test for support.
- * @return whether or not the specified file extension is supported by this analyzer.
- */
@Override
- public final boolean supportsExtension(String extension) {
- if (!enabled) {
- return false;
- }
- final Set ext = getSupportedExtensions();
- if (ext == null) {
- LOGGER.error("The '{}' analyzer is misconfigured and does not have any file extensions;"
- + " it will be disabled", getName());
- return false;
- } else {
- final boolean match = ext.contains(extension);
- if (match) {
- filesMatched = match;
+ public boolean accept(File pathname) {
+ FileFilter filter = getFileFilter();
+ boolean accepted = false;
+ if (null == filter) {
+ LOGGER.error("The '{}' analyzer is misconfigured and does not have a file filter; it will be disabled", getName());
+ } else if (enabled) {
+ accepted = filter.accept(pathname);
+ if (accepted) {
+ filesMatched = true;
}
- return match;
}
+ return accepted;
}
-//
+
+ //
//
+
/**
*
* Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a
* final static declaration.
- *
+ *
*
* This implementation was copied from
* http://stackoverflow.com/questions/2041778/initialize-java-hashset-values-by-construction
@@ -226,9 +225,10 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
*/
protected static Set newHashSet(String... strings) {
final Set set = new HashSet();
-
Collections.addAll(set, strings);
return set;
}
+
+
//
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
index 28cd78a2a..ebe2eb19e 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -17,13 +17,7 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.io.BufferedInputStream;
-import java.io.BufferedOutputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.IOException;
+import java.io.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
@@ -31,6 +25,7 @@ import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
+
import org.apache.commons.compress.archivers.ArchiveEntry;
import org.apache.commons.compress.archivers.ArchiveInputStream;
import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
@@ -44,6 +39,7 @@ import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException;
import org.owasp.dependencycheck.dependency.Dependency;
+import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
@@ -116,14 +112,11 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
EXTENSIONS.addAll(ZIPPABLES);
}
- /**
- * Returns a list of file EXTENSIONS supported by this analyzer.
- *
- * @return a list of file EXTENSIONS supported by this analyzer.
- */
+ private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
+
@Override
- public Set getSupportedExtensions() {
- return EXTENSIONS;
+ protected FileFilter getFileFilter() {
+ return FILTER;
}
/**
@@ -197,7 +190,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
- * @param engine the engine scanning
+ * @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
@Override
@@ -229,14 +222,14 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
//TODO - can we get more evidence from the parent? EAR contains module name, etc.
//analyze the dependency (i.e. extract files) if it is a supported type.
- if (this.supportsExtension(d.getFileExtension()) && scanDepth < MAX_SCAN_DEPTH) {
+ if (this.accept(d.getActualFile()) && scanDepth < MAX_SCAN_DEPTH) {
scanDepth += 1;
analyze(d, engine);
scanDepth -= 1;
}
}
}
- if (this.REMOVE_FROM_ANALYSIS.contains(dependency.getFileExtension())) {
+ if (REMOVE_FROM_ANALYSIS.contains(dependency.getFileExtension())) {
if ("zip".equals(dependency.getFileExtension()) && isZipFileActuallyJarFile(dependency)) {
final File tdir = getNextTempDirectory();
final String fileName = dependency.getFileName();
@@ -295,9 +288,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Extracts the contents of an archive into the specified directory.
*
- * @param archive an archive file such as a WAR or EAR
+ * @param archive an archive file such as a WAR or EAR
* @param destination a directory to extract the contents to
- * @param engine the scanning engine
+ * @param engine the scanning engine
* @throws AnalysisException thrown if the archive is not found
*/
private void extractFiles(File archive, File destination, Engine engine) throws AnalysisException {
@@ -320,9 +313,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
extractArchive(new TarArchiveInputStream(new BufferedInputStream(fis)), destination, engine);
} else if ("gz".equals(archiveExt) || "tgz".equals(archiveExt)) {
final String uncompressedName = GzipUtils.getUncompressedFilename(archive.getName());
- final String uncompressedExt = FileUtils.getFileExtension(uncompressedName).toLowerCase();
- if (engine.supportsExtension(uncompressedExt)) {
- decompressFile(new GzipCompressorInputStream(new BufferedInputStream(fis)), new File(destination, uncompressedName));
+ File f = new File(destination, uncompressedName);
+ if (engine.accept(f)) {
+ decompressFile(new GzipCompressorInputStream(new BufferedInputStream(fis)), f);
}
}
} catch (ArchiveExtractionException ex) {
@@ -343,9 +336,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Extracts files from an archive.
*
- * @param input the archive to extract files from
+ * @param input the archive to extract files from
* @param destination the location to write the files too
- * @param engine the dependency-check engine
+ * @param engine the dependency-check engine
* @throws ArchiveExtractionException thrown if there is an exception extracting files from the archive
*/
private void extractArchive(ArchiveInputStream input, File destination, Engine engine) throws ArchiveExtractionException {
@@ -362,8 +355,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
}
} else {
final File file = new File(destination, entry.getName());
- final String ext = FileUtils.getFileExtension(file.getName());
- if (engine.supportsExtension(ext)) {
+ if (engine.accept(file)) {
LOGGER.debug("Extracting '{}'", file.getPath());
BufferedOutputStream bos = null;
FileOutputStream fos = null;
@@ -429,7 +421,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
* Decompresses a file.
*
* @param inputStream the compressed file
- * @param outputFile the location to write the decompressed file
+ * @param outputFile the location to write the decompressed file
* @throws ArchiveExtractionException thrown if there is an exception decompressing the file
*/
private void decompressFile(CompressorInputStream inputStream, File outputFile) throws ArchiveExtractionException {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
index f8eade81e..70701ced8 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
@@ -17,22 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Locale;
-import java.util.Set;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathExpressionException;
-import javax.xml.xpath.XPathFactory;
-
import ch.qos.cal10n.IMessageConveyor;
import ch.qos.cal10n.MessageConveyor;
import org.owasp.dependencycheck.Engine;
@@ -41,12 +25,23 @@ import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.utils.DCResources;
+import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.cal10n.LocLogger;
import org.slf4j.cal10n.LocLoggerFactory;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
+import java.io.*;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Locale;
+
/**
* Analyzer for getting company, product, and version information from a .NET assembly.
*
@@ -66,7 +61,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The list of supported extensions
*/
- private static final Set SUPPORTED_EXTENSIONS = newHashSet("dll", "exe");
+ private static final String[] SUPPORTED_EXTENSIONS = {"dll", "exe"};
/**
* The temp value for GrokAssembly.exe
*/
@@ -296,14 +291,12 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
}
}
- /**
- * Gets the set of extensions supported by this analyzer.
- *
- * @return the list of supported extensions
- */
+ private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(
+ SUPPORTED_EXTENSIONS).build();
+
@Override
- public Set getSupportedExtensions() {
- return SUPPORTED_EXTENSIONS;
+ protected FileFilter getFileFilter() {
+ return FILTER;
}
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
index 1e81a0df6..f23e546a2 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
@@ -17,23 +17,24 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.io.File;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
+import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.UrlStringUtils;
+import java.io.File;
+import java.io.FileFilter;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
/**
* Used to analyze Autoconf input files named configure.ac or configure.in. Files simply named "configure" are also analyzed,
* assuming they are generated by Autoconf, and contain certain special package descriptor variables.
@@ -71,8 +72,7 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The set of file extensions supported by this analyzer.
*/
- private static final Set EXTENSIONS = newHashSet("ac", "in",
- CONFIGURE);
+ private static final String[] EXTENSIONS = {"ac", "in"};
/**
* Matches AC_INIT variables in the output configure script.
@@ -103,14 +103,12 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
| Pattern.CASE_INSENSITIVE);
}
- /**
- * Returns a list of file EXTENSIONS supported by this analyzer.
- *
- * @return a list of file EXTENSIONS supported by this analyzer.
- */
+ private static final FileFilter FILTER = FileFilterBuilder.newInstance().addFilenames(CONFIGURE).addExtensions(
+ EXTENSIONS).build();
+
@Override
- public Set getSupportedExtensions() {
- return EXTENSIONS;
+ protected FileFilter getFileFilter() {
+ return FILTER;
}
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
index 94074deb7..029f25c45 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
@@ -17,12 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.net.URL;
-import java.util.List;
-import java.util.Set;
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
@@ -31,14 +25,18 @@ import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
+import org.owasp.dependencycheck.utils.*;
import org.owasp.dependencycheck.xml.pom.PomUtils;
-import org.owasp.dependencycheck.utils.DownloadFailedException;
-import org.owasp.dependencycheck.utils.Downloader;
-import org.owasp.dependencycheck.utils.InvalidSettingException;
-import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.File;
+import java.io.FileFilter;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.net.URL;
+import java.util.List;
+
/**
* Analyzer which will attempt to locate a dependency, and the GAV information, by querying Central for the dependency's SHA-1
* digest.
@@ -65,7 +63,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The types of files on which this will work.
*/
- private static final Set SUPPORTED_EXTENSIONS = newHashSet("jar");
+ private static final String SUPPORTED_EXTENSIONS = "jar";
/**
* The analyzer should be disabled if there are errors, so this is a flag to determine if such an error has occurred.
@@ -163,14 +161,11 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYSIS_PHASE;
}
- /**
- * Returns the extensions for which this Analyzer runs.
- *
- * @return the extensions for which this Analyzer runs
- */
+ private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(SUPPORTED_EXTENSIONS).build();
+
@Override
- public Set getSupportedExtensions() {
- return SUPPORTED_EXTENSIONS;
+ protected FileFilter getFileFilter() {
+ return FILTER;
}
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileTypeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileTypeAnalyzer.java
index 0151578c6..bb7467a4c 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileTypeAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileTypeAnalyzer.java
@@ -17,20 +17,14 @@
*/
package org.owasp.dependencycheck.analyzer;
+import java.io.FileFilter;
+
/**
* An Analyzer that scans specific file types.
*
* @author Jeremy Long
*/
-public interface FileTypeAnalyzer extends Analyzer {
-
- /**
- * Returns whether or not this analyzer can process the given extension.
- *
- * @param extension the file extension to test for support.
- * @return whether or not the specified file extension is supported by this analyzer.
- */
- boolean supportsExtension(String extension);
+public interface FileTypeAnalyzer extends Analyzer, FileFilter {
/**
* Resets the analyzers state.
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
index f9c180446..94aaceb37 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -17,14 +17,7 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.io.BufferedOutputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.io.Reader;
+import java.io.*;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
@@ -47,6 +40,7 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
+import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.xml.pom.License;
import org.owasp.dependencycheck.xml.pom.PomUtils;
import org.owasp.dependencycheck.xml.pom.Model;
@@ -168,16 +162,13 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The set of file extensions supported by this analyzer.
*/
- private static final Set EXTENSIONS = newHashSet("jar", "war");
+ private static final String[] EXTENSIONS = {"jar", "war"};
+
+ private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
- /**
- * Returns a list of file EXTENSIONS supported by this analyzer.
- *
- * @return a list of file EXTENSIONS supported by this analyzer.
- */
@Override
- public Set getSupportedExtensions() {
- return EXTENSIONS;
+ protected FileFilter getFileFilter() {
+ return FILTER;
}
/**
@@ -388,7 +379,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @param dependency the dependency being analyzed
* @return returns the POM object
* @throws AnalysisException is thrown if there is an exception extracting or parsing the POM
- * {@link org.owasp.dependencycheck.jaxb.pom.generated.Model} object
+ * {@link org.owasp.dependencycheck.xml.pom.Model} object
*/
private Model extractPom(String path, JarFile jar, Dependency dependency) throws AnalysisException {
InputStream input = null;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
index 077a6d667..6af9c3a8c 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
@@ -17,20 +17,17 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileReader;
-import java.io.IOException;
-import java.util.Set;
-import java.util.regex.Pattern;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
+import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.*;
+import java.util.regex.Pattern;
+
/**
*
* Used to analyze a JavaScript file to gather information to aid in identification of a CPE identifier.
@@ -56,16 +53,13 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The set of file extensions supported by this analyzer.
*/
- private static final Set EXTENSIONS = newHashSet("js");
+ private static final String EXTENSIONS = "js";
+
+ private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
- /**
- * Returns a list of file EXTENSIONS supported by this analyzer.
- *
- * @return a list of file EXTENSIONS supported by this analyzer.
- */
@Override
- public Set getSupportedExtensions() {
- return EXTENSIONS;
+ protected FileFilter getFileFilter() {
+ return FILTER;
}
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
index 101163745..057a1e23a 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
@@ -17,12 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Set;
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
@@ -31,14 +25,18 @@ import org.owasp.dependencycheck.data.nexus.NexusSearch;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
+import org.owasp.dependencycheck.utils.*;
import org.owasp.dependencycheck.xml.pom.PomUtils;
-import org.owasp.dependencycheck.utils.InvalidSettingException;
-import org.owasp.dependencycheck.utils.DownloadFailedException;
-import org.owasp.dependencycheck.utils.Downloader;
-import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.File;
+import java.io.FileFilter;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+
/**
* Analyzer which will attempt to locate a dependency on a Nexus service by SHA-1 digest of the dependency.
*
@@ -78,7 +76,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The types of files on which this will work.
*/
- private static final Set SUPPORTED_EXTENSIONS = newHashSet("jar");
+ private static final String SUPPORTED_EXTENSIONS = "jar";
/**
* The Nexus Search to be set up for this analyzer.
@@ -183,14 +181,11 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYSIS_PHASE;
}
- /**
- * Returns the extensions for which this Analyzer runs.
- *
- * @return the extensions for which this Analyzer runs
- */
+ private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(SUPPORTED_EXTENSIONS).build();
+
@Override
- public Set getSupportedExtensions() {
- return SUPPORTED_EXTENSIONS;
+ protected FileFilter getFileFilter() {
+ return FILTER;
}
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
index 237b349ae..0082963b6 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
@@ -17,10 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.util.Set;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nuget.NugetPackage;
@@ -29,10 +25,16 @@ import org.owasp.dependencycheck.data.nuget.NuspecParser;
import org.owasp.dependencycheck.data.nuget.XPathNuspecParser;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
+import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.FileFilter;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+
/**
* Analyzer which will parse a Nuspec file to gather module information.
*
@@ -58,7 +60,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The types of files on which this will work.
*/
- private static final Set SUPPORTED_EXTENSIONS = newHashSet("nuspec");
+ private static final String SUPPORTED_EXTENSIONS = "nuspec";
/**
* Initializes the analyzer once before any analysis is performed.
@@ -99,14 +101,12 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYSIS_PHASE;
}
- /**
- * Returns the extensions for which this Analyzer runs.
- *
- * @return the extensions for which this Analyzer runs
- */
+ private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(
+ SUPPORTED_EXTENSIONS).build();
+
@Override
- public Set getSupportedExtensions() {
- return SUPPORTED_EXTENSIONS;
+ protected FileFilter getFileFilter() {
+ return FILTER;
}
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
index 6b31c6973..530837945 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
@@ -17,17 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FilenameFilter;
-import java.util.Set;
-import java.util.regex.Pattern;
-
-import javax.mail.MessagingException;
-import javax.mail.internet.InternetHeaders;
-
import org.apache.commons.io.filefilter.NameFileFilter;
import org.apache.commons.io.filefilter.SuffixFileFilter;
import org.apache.commons.io.input.AutoCloseInputStream;
@@ -37,14 +26,15 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
-import org.owasp.dependencycheck.utils.ExtractionException;
-import org.owasp.dependencycheck.utils.ExtractionUtil;
-import org.owasp.dependencycheck.utils.FileUtils;
-import org.owasp.dependencycheck.utils.Settings;
-import org.owasp.dependencycheck.utils.UrlStringUtils;
+import org.owasp.dependencycheck.utils.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.mail.MessagingException;
+import javax.mail.internet.InternetHeaders;
+import java.io.*;
+import java.util.regex.Pattern;
+
/**
* Used to analyze a Wheel or egg distribution files, or their contents in unzipped form, and collect information that can be used
* to determine the associated CPE.
@@ -86,11 +76,10 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The set of file extensions supported by this analyzer.
*/
- private static final Set EXTENSIONS = newHashSet("whl", "egg",
- "zip", METADATA, PKG_INFO);
+ private static final String[] EXTENSIONS = {"whl", "egg", "zip"};
/**
- * Used to match on egg archive candidate extenssions.
+ * Used to match on egg archive candidate extensions.
*/
private static final Pattern EGG_OR_ZIP = Pattern.compile("egg|zip");
@@ -114,23 +103,21 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Filter that detects files named "METADATA".
*/
- private static final FilenameFilter METADATA_FILTER = new NameFileFilter(
+ private static final NameFileFilter METADATA_FILTER = new NameFileFilter(
METADATA);
/**
* Filter that detects files named "PKG-INFO".
*/
- private static final FilenameFilter PKG_INFO_FILTER = new NameFileFilter(
+ private static final NameFileFilter PKG_INFO_FILTER = new NameFileFilter(
PKG_INFO);
- /**
- * Returns a list of file EXTENSIONS supported by this analyzer.
- *
- * @return a list of file EXTENSIONS supported by this analyzer.
- */
+ private static final FileFilter FILTER = FileFilterBuilder.newInstance().addFileFilters(
+ METADATA_FILTER, PKG_INFO_FILTER).addExtensions(EXTENSIONS).build();
+
@Override
- public Set getSupportedExtensions() {
- return EXTENSIONS;
+ protected FileFilter getFileFilter() {
+ return FILTER;
}
/**
@@ -194,13 +181,13 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Collects the meta data from an archive.
*
- * @param dependency the archive being scanned
- * @param folderFilter the filter to apply to the folder
+ * @param dependency the archive being scanned
+ * @param folderFilter the filter to apply to the folder
* @param metadataFilter the filter to apply to the meta data
* @throws AnalysisException thrown when there is a problem analyzing the dependency
*/
private void collectMetadataFromArchiveFormat(Dependency dependency,
- FilenameFilter folderFilter, FilenameFilter metadataFilter)
+ FilenameFilter folderFilter, FilenameFilter metadataFilter)
throws AnalysisException {
final File temp = getNextTempDirectory();
LOGGER.debug("{} exists? {}", temp, temp.exists());
@@ -260,7 +247,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
* Gathers evidence from the METADATA file.
*
* @param dependency the dependency being analyzed
- * @param file a reference to the manifest/properties file
+ * @param file a reference to the manifest/properties file
* @throws AnalysisException thrown when there is an error
*/
private static void collectWheelMetadata(Dependency dependency, File file)
@@ -290,13 +277,13 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Adds a value to the evidence collection.
*
- * @param headers the properties collection
- * @param evidence the evidence collection to add the value
- * @param property the property name
+ * @param headers the properties collection
+ * @param evidence the evidence collection to add the value
+ * @param property the property name
* @param confidence the confidence of the evidence
*/
private static void addPropertyToEvidence(InternetHeaders headers,
- EvidenceCollection evidence, String property, Confidence confidence) {
+ EvidenceCollection evidence, String property, Confidence confidence) {
final String value = headers.getHeader(property, null);
LOGGER.debug("Property: {}, Value: {}", property, value);
if (StringUtils.isNotBlank(value)) {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
index a2080792f..6aba3e1f6 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
@@ -17,17 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.io.File;
-import java.io.FileFilter;
-import java.io.IOException;
-import java.net.MalformedURLException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Set;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.filefilter.NameFileFilter;
import org.apache.commons.io.filefilter.SuffixFileFilter;
@@ -36,11 +25,21 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
+import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.UrlStringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.File;
+import java.io.FileFilter;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
/**
* Used to analyze a Python package, and collect information that can be used to determine the associated CPE.
*
@@ -63,8 +62,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Filename extensions for files to be analyzed.
*/
- private static final Set EXTENSIONS = Collections
- .unmodifiableSet(Collections.singleton("py"));
+ private static final String EXTENSIONS = "py";
/**
* Pattern for matching the module docstring in a source file.
@@ -134,14 +132,11 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
return AnalysisPhase.INFORMATION_COLLECTION;
}
- /**
- * Returns the set of supported file extensions.
- *
- * @return the set of supported file extensions
- */
+ private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
+
@Override
- protected Set getSupportedExtensions() {
- return EXTENSIONS;
+ protected FileFilter getFileFilter() {
+ return FILTER;
}
/**
@@ -209,12 +204,12 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
*/
private boolean analyzeFileContents(Dependency dependency, File file)
throws AnalysisException {
- String contents = "";
+ String contents;
try {
contents = FileUtils.readFileToString(file).trim();
} catch (IOException e) {
throw new AnalysisException(
- "Problem occured while reading dependency file.", e);
+ "Problem occurred while reading dependency file.", e);
}
boolean found = false;
if (!contents.isEmpty()) {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java
index a39f01cd5..c1caa5a05 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java
@@ -109,8 +109,7 @@ public final class ExtractionUtil {
}
} else {
final File file = new File(extractTo, entry.getName());
- final String ext = getFileExtension(file.getName());
- if (engine == null || engine.supportsExtension(ext)) {
+ if (engine == null || engine.accept(file)) {
BufferedOutputStream bos = null;
FileOutputStream fos;
try {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileFilterBuilder.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileFilterBuilder.java
new file mode 100644
index 000000000..1d4ef3433
--- /dev/null
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileFilterBuilder.java
@@ -0,0 +1,113 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
+ */
+
+package org.owasp.dependencycheck.utils;
+
+import org.apache.commons.io.filefilter.IOFileFilter;
+import org.apache.commons.io.filefilter.NameFileFilter;
+import org.apache.commons.io.filefilter.OrFileFilter;
+import org.apache.commons.io.filefilter.SuffixFileFilter;
+
+import java.io.File;
+import java.io.FileFilter;
+import java.util.*;
+
+/**
+ * Utility class for building useful {@link FileFilter} instances for
+ * {@link org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer} implementations. The built filter uses
+ * {@link OrFileFilter} to logically OR the given filter conditions.
+ *
+ * @author Dale Visser
+ */
+public class FileFilterBuilder {
+
+ public static FileFilterBuilder newInstance(){
+ return new FileFilterBuilder();
+ }
+
+ private Set filenames = new HashSet();
+
+ /**
+ * Add to the set of filenames to accept for analysis. Case sensitivity is assumed.
+ *
+ * @param names one or more filenames to accept for analysis
+ */
+ public FileFilterBuilder addFilenames(String... names) {
+ filenames.addAll(Arrays.asList(names));
+ return this;
+ }
+
+ private Set extensions = new HashSet();
+
+ /**
+ * Add to the set of file extensions to accept for analysis. Case sensitivity is assumed.
+ *
+ * @param extensions one or more file extensions to accept for analysis
+ */
+ public FileFilterBuilder addExtensions(String... extensions) {
+ return this.addExtensions(Arrays.asList(extensions));
+ }
+
+ /**
+ * Add to the set of file extensions to accept for analysis. Case sensitivity is assumed.
+ *
+ * @param extensions one or more file extensions to accept for analysis
+ */
+ public FileFilterBuilder addExtensions(Iterable extensions){
+ for (String extension : extensions) {
+ // Ultimately, SuffixFileFilter will be used, and the "." needs to be explicit.
+ this.extensions.add(extension.startsWith(".") ? extension : "." + extension);
+ }
+ return this;
+ }
+
+ private List fileFilters = new ArrayList();
+
+ /**
+ * Add to a list of {@link IOFileFilter} instances to consult for whether to accept a file for analysis.
+ *
+ * @param filters one or more file filters to consult for whether to accept for analysis
+ */
+ public FileFilterBuilder addFileFilters(IOFileFilter... filters) {
+ fileFilters.addAll(Arrays.asList(filters));
+ return this;
+ }
+
+ /**
+ * Builds the filter and returns it.
+ *
+ * @return a filter that is the logical OR of all the conditions provided by the add... methods
+ * @throws IllegalStateException if no add... method has been called with one or more arguments
+ */
+ public FileFilter build() {
+ if (filenames.isEmpty() && extensions.isEmpty() && fileFilters.isEmpty()) {
+ throw new IllegalStateException("May only be invoked after at least one add... method has been invoked.");
+ }
+ OrFileFilter filter = new OrFileFilter();
+ if (!filenames.isEmpty()) {
+ filter.addFileFilter(new NameFileFilter(new ArrayList(filenames)));
+ }
+ if (!extensions.isEmpty()) {
+ filter.addFileFilter(new SuffixFileFilter(new ArrayList(extensions)));
+ }
+ for (IOFileFilter iof : fileFilters) {
+ filter.addFileFilter(iof);
+ }
+ return filter;
+ }
+}
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java
index 38fd60298..abd94ee62 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java
@@ -20,8 +20,7 @@ package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.util.HashSet;
import java.util.Set;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.*;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
@@ -39,7 +38,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
* Test of getSupportedExtensions method, of class ArchiveAnalyzer.
*/
@Test
- public void testGetSupportedExtensions() {
+ public void testSupportsExtensions() {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
Set expResult = new HashSet();
expResult.add("zip");
@@ -52,8 +51,9 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
expResult.add("tar");
expResult.add("gz");
expResult.add("tgz");
- Set result = instance.getSupportedExtensions();
- assertEquals(expResult, result);
+ for (String ext : expResult) {
+ assertTrue(ext, instance.accept(new File("test." + ext)));
+ }
}
/**
@@ -72,28 +72,9 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
*/
@Test
public void testSupportsExtension() {
- String extension = "7z"; //not supported
+ String extension = "test.7z"; //not supported
ArchiveAnalyzer instance = new ArchiveAnalyzer();
- boolean expResult = false;
- boolean result = instance.supportsExtension(extension);
- assertEquals(expResult, result);
-
- extension = "war"; //supported
- expResult = true;
- result = instance.supportsExtension(extension);
- assertEquals(expResult, result);
-
- extension = "ear"; //supported
- result = instance.supportsExtension(extension);
- assertEquals(expResult, result);
-
- extension = "zip"; //supported
- result = instance.supportsExtension(extension);
- assertEquals(expResult, result);
-
- extension = "nupkg"; //supported
- result = instance.supportsExtension(extension);
- assertEquals(expResult, result);
+ assertFalse(extension, instance.accept(new File(extension)));
}
/**
@@ -129,7 +110,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
public void testAnalyze() throws Exception {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
//trick the analyzer into thinking it is active.
- instance.supportsExtension("ear");
+ instance.accept(new File("test.ear"));
try {
instance.initialize();
File file = BaseTest.getResourceAsFile(this, "daytrader-ear-2.1.7.ear");
@@ -160,7 +141,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
public void testAnalyzeTar() throws Exception {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
//trick the analyzer into thinking it is active so that it will initialize
- instance.supportsExtension("tar");
+ instance.accept(new File("test.tar"));
try {
instance.initialize();
@@ -191,7 +172,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
@Test
public void testAnalyzeTarGz() throws Exception {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
- instance.supportsExtension("zip"); //ensure analyzer is "enabled"
+ instance.accept(new File("zip")); //ensure analyzer is "enabled"
try {
instance.initialize();
@@ -244,7 +225,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
@Test
public void testAnalyzeTgz() throws Exception {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
- instance.supportsExtension("zip"); //ensure analyzer is "enabled"
+ instance.accept(new File("zip")); //ensure analyzer is "enabled"
try {
instance.initialize();
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java
index 3333227a3..d67c417fd 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java
@@ -58,7 +58,7 @@ public class AssemblyAnalyzerTest extends BaseTest {
public void setUp() throws Exception {
try {
analyzer = new AssemblyAnalyzer();
- analyzer.supportsExtension("dll");
+ analyzer.accept(new File("test.dll")); // trick into "thinking it is active"
analyzer.initialize();
} catch (Exception e) {
if (e.getMessage().contains("Could not execute .NET AssemblyAnalyzer")) {
@@ -155,7 +155,7 @@ public class AssemblyAnalyzerTest extends BaseTest {
System.setProperty(LOG_KEY, "error");
// Have to make a NEW analyzer because during setUp, it would have gotten the correct one
AssemblyAnalyzer aanalyzer = new AssemblyAnalyzer();
- aanalyzer.supportsExtension("dll");
+ aanalyzer.accept(new File("test.dll")); // trick into "thinking it is active"
aanalyzer.initialize();
fail("Expected an AnalysisException");
} catch (AnalysisException ae) {
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java
index 6e118e41a..d6f8bb79c 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java
@@ -17,13 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import java.util.Arrays;
-import java.util.HashSet;
-
-import org.apache.commons.lang.StringUtils;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -31,6 +24,11 @@ import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
+import java.io.File;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
/**
* Unit tests for AutoconfAnalyzer. The test resources under autoconf/ were
* obtained from outside open source software projects. Links to those projects
@@ -164,27 +162,15 @@ public class AutoconfAnalyzerTest extends BaseTest {
}
/**
- * Test of {@link AutoconfAnalyzer#getSupportedExtensions}.
+ * Test of {@link AutoconfAnalyzer#accept(File)}.
*/
@Test
- public void testGetSupportedExtensions() {
- final String[] expected = { "ac", "in", "configure" };
- assertEquals("Supported extensions should just have the following: "
- + StringUtils.join(expected, ", "),
- new HashSet(Arrays.asList(expected)),
- analyzer.getSupportedExtensions());
- }
-
- /**
- * Test of {@link AutoconfAnalyzer#supportsExtension}.
- */
- @Test
- public void testSupportsExtension() {
+ public void testSupportsFileExtension() {
assertTrue("Should support \"ac\" extension.",
- analyzer.supportsExtension("ac"));
+ analyzer.accept(new File("configure.ac")));
assertTrue("Should support \"in\" extension.",
- analyzer.supportsExtension("in"));
+ analyzer.accept(new File("configure.in")));
assertTrue("Should support \"configure\" extension.",
- analyzer.supportsExtension("configure"));
+ analyzer.accept(new File("configure")));
}
}
\ No newline at end of file
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java
index 3625537a3..404d57ece 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java
@@ -149,7 +149,7 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
HintAnalyzer hintAnalyzer = new HintAnalyzer();
JarAnalyzer jarAnalyzer = new JarAnalyzer();
- jarAnalyzer.supportsExtension("jar");
+ jarAnalyzer.accept(new File("test.jar"));//trick analyzer into "thinking it is active"
jarAnalyzer.analyze(struts, null);
hintAnalyzer.analyze(struts, null);
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java
index 6ffebbda1..90f345cd7 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java
@@ -17,19 +17,19 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.io.File;
-import java.util.HashSet;
-import java.util.Properties;
-import java.util.Set;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
+import java.io.File;
+import java.util.HashSet;
+import java.util.Set;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
/**
- *
* @author Jeremy Long
*/
public class JarAnalyzerTest extends BaseTest {
@@ -94,13 +94,14 @@ public class JarAnalyzerTest extends BaseTest {
* Test of getSupportedExtensions method, of class JarAnalyzer.
*/
@Test
- public void testGetSupportedExtensions() {
+ public void testAcceptSupportedExtensions() throws Exception {
JarAnalyzer instance = new JarAnalyzer();
- Set expResult = new HashSet();
- expResult.add("jar");
- expResult.add("war");
- Set result = instance.getSupportedExtensions();
- assertEquals(expResult, result);
+ instance.initialize();
+ instance.setEnabled(true);
+ String[] files = {"test.jar", "test.war"};
+ for (String name : files) {
+ assertTrue(name, instance.accept(new File(name)));
+ }
}
/**
@@ -114,16 +115,4 @@ public class JarAnalyzerTest extends BaseTest {
assertEquals(expResult, result);
}
- /**
- * Test of supportsExtension method, of class JarAnalyzer.
- */
- @Test
- public void testSupportsExtension() {
- String extension = "jar";
- JarAnalyzer instance = new JarAnalyzer();
- boolean expResult = true;
- boolean result = instance.supportsExtension(extension);
- assertEquals(expResult, result);
- }
-
}
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java
index 8daf030ed..fb1169039 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java
@@ -17,15 +17,16 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.io.File;
-import java.util.HashSet;
-import java.util.Set;
-import static org.junit.Assert.assertEquals;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
+import java.io.File;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
/**
*
* @author Jeremy Long
@@ -36,12 +37,12 @@ public class JavaScriptAnalyzerTest extends BaseTest {
* Test of getSupportedExtensions method, of class JavaScriptAnalyzer.
*/
@Test
- public void testGetSupportedExtensions() {
+ public void testAcceptSupportedExtensions() throws Exception {
JavaScriptAnalyzer instance = new JavaScriptAnalyzer();
- Set expResult = new HashSet();
- expResult.add("js");
- Set result = instance.getSupportedExtensions();
- assertEquals(expResult, result);
+ instance.initialize();
+ instance.setEnabled(true);
+ String name = "test.js";
+ assertTrue(name, instance.accept(new File(name)));
}
/**
@@ -56,18 +57,6 @@ public class JavaScriptAnalyzerTest extends BaseTest {
assertEquals(expResult, result);
}
- /**
- * Test of supportsExtension method, of class JavaScriptAnalyzer.
- */
- @Test
- public void testSupportsExtension() {
- String extension = "js";
- JavaScriptAnalyzer instance = new JavaScriptAnalyzer();
- boolean expResult = true;
- boolean result = instance.supportsExtension(extension);
- assertEquals(expResult, result);
- }
-
/**
* Test of getAnalysisPhase method, of class JavaScriptAnalyzer.
*/
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java
index b993c6159..6d184dd2a 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java
@@ -24,6 +24,8 @@ import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
+import java.io.File;
+
public class NuspecAnalyzerTest extends BaseTest {
private NuspecAnalyzer instance;
@@ -31,6 +33,7 @@ public class NuspecAnalyzerTest extends BaseTest {
@Before
public void setUp() throws Exception {
instance = new NuspecAnalyzer();
+ instance.initialize();
instance.setEnabled(true);
}
@@ -40,15 +43,9 @@ public class NuspecAnalyzerTest extends BaseTest {
}
@Test
- public void testGetSupportedExtensions() {
- assertTrue(instance.getSupportedExtensions().contains("nuspec"));
- assertFalse(instance.getSupportedExtensions().contains("nupkg"));
- }
-
- @Test
- public void testSupportsExtension() {
- assertTrue(instance.supportsExtension("nuspec"));
- assertFalse(instance.supportsExtension("nupkg"));
+ public void testSupportsFileExtensions() {
+ assertTrue(instance.accept(new File("test.nuspec")));
+ assertFalse(instance.accept(new File("test.nupkg")));
}
@Test
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java
index 2a2018884..ded6cb20b 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java
@@ -17,13 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import java.util.Arrays;
-import java.util.HashSet;
-
-import org.apache.commons.lang.StringUtils;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -32,6 +25,11 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
+import java.io.File;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
/**
* Unit tests for PythonDistributionAnalyzer.
*
@@ -76,33 +74,21 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
analyzer.getName());
}
- /**
- * Test of getSupportedExtensions method, of class PythonDistributionAnalyzer.
- */
- @Test
- public void testGetSupportedExtensions() {
- final String[] expected = {"whl", "egg", "zip", "METADATA", "PKG-INFO"};
- assertEquals("Supported extensions should just have the following: "
- + StringUtils.join(expected, ", "),
- new HashSet(Arrays.asList(expected)),
- analyzer.getSupportedExtensions());
- }
-
/**
* Test of supportsExtension method, of class PythonDistributionAnalyzer.
*/
@Test
- public void testSupportsExtension() {
+ public void testSupportsFiles() {
assertTrue("Should support \"whl\" extension.",
- analyzer.supportsExtension("whl"));
+ analyzer.accept(new File("test.whl")));
assertTrue("Should support \"egg\" extension.",
- analyzer.supportsExtension("egg"));
+ analyzer.accept(new File("test.egg")));
assertTrue("Should support \"zip\" extension.",
- analyzer.supportsExtension("zip"));
+ analyzer.accept(new File("test.zip")));
assertTrue("Should support \"METADATA\" extension.",
- analyzer.supportsExtension("METADATA"));
+ analyzer.accept(new File("METADATA")));
assertTrue("Should support \"PKG-INFO\" extension.",
- analyzer.supportsExtension("PKG-INFO"));
+ analyzer.accept(new File("PKG-INFO")));
}
/**
@@ -119,7 +105,7 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
/**
* Test of inspect method, of class PythonDistributionAnalyzer.
*
- * @throws Exception is thrown when an exception occurs.
+ * @throws AnalysisException is thrown when an exception occurs.
*/
@Test
public void testAnalyzeSitePackage() throws AnalysisException {
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java
index 0b13dd153..b132c2ec8 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java
@@ -17,15 +17,7 @@
*/
package org.owasp.dependencycheck.analyzer;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import java.util.Arrays;
-import java.util.HashSet;
-
-import org.apache.commons.lang.StringUtils;
import org.junit.After;
-import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
@@ -33,6 +25,11 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
+import java.io.File;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
/**
* Unit tests for PythonPackageAnalyzer.
*
@@ -77,25 +74,13 @@ public class PythonPackageAnalyzerTest extends BaseTest {
analyzer.getName());
}
- /**
- * Test of getSupportedExtensions method, of class PythonPackageAnalyzer.
- */
- @Test
- public void testGetSupportedExtensions() {
- final String[] expected = {"py"};
- assertEquals("Supported extensions should just have the following: "
- + StringUtils.join(expected, ", "),
- new HashSet(Arrays.asList(expected)),
- analyzer.getSupportedExtensions());
- }
-
/**
* Test of supportsExtension method, of class PythonPackageAnalyzer.
*/
@Test
- public void testSupportsExtension() {
+ public void testSupportsFileExtension() {
assertTrue("Should support \"py\" extension.",
- analyzer.supportsExtension("py"));
+ analyzer.accept(new File("test.py")));
}
@Test