From 4d01d636ccfed80579b4251caef11b3a8676017a Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Fri, 26 Jun 2015 18:18:07 -0400 Subject: [PATCH] Changed AbstractFiletypeAnalyzer to expose getFileFilter() instead of getSupportedExtensions(), and refactored existing implementations to return a FileFilter instance. The new FileFilterBuilder class encapsulates building of a filter that can consider the full filename or other attributes, in addition to file extension. Former-commit-id: 9c968c77cc2285d571d38b1a8486d05b09b12aa4 --- .../org/owasp/dependencycheck/Engine.java | 15 +-- .../analyzer/AbstractFileTypeAnalyzer.java | 76 ++++++------ .../analyzer/ArchiveAnalyzer.java | 46 +++---- .../analyzer/AssemblyAnalyzer.java | 41 +++---- .../analyzer/AutoconfAnalyzer.java | 32 +++-- .../analyzer/CentralAnalyzer.java | 31 ++--- .../analyzer/FileTypeAnalyzer.java | 12 +- .../dependencycheck/analyzer/JarAnalyzer.java | 25 ++-- .../analyzer/JavaScriptAnalyzer.java | 24 ++-- .../analyzer/NexusAnalyzer.java | 31 ++--- .../analyzer/NuspecAnalyzer.java | 24 ++-- .../analyzer/PythonDistributionAnalyzer.java | 59 ++++----- .../analyzer/PythonPackageAnalyzer.java | 39 +++--- .../dependencycheck/utils/ExtractionUtil.java | 3 +- .../utils/FileFilterBuilder.java | 113 ++++++++++++++++++ .../ArchiveAnalyzerIntegrationTest.java | 41 ++----- .../analyzer/AssemblyAnalyzerTest.java | 4 +- .../analyzer/AutoconfAnalyzerTest.java | 34 ++---- .../analyzer/CPEAnalyzerIntegrationTest.java | 2 +- .../analyzer/JarAnalyzerTest.java | 39 +++--- .../analyzer/JavaScriptAnalyzerTest.java | 31 ++--- .../analyzer/NuspecAnalyzerTest.java | 15 +-- .../PythonDistributionAnalyzerTest.java | 38 ++---- .../analyzer/PythonPackageAnalyzerTest.java | 29 ++--- 24 files changed, 382 insertions(+), 422 deletions(-) create mode 100644 dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileFilterBuilder.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index 69036b9a9..a5b232990 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -37,6 +37,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.File; +import java.io.FileFilter; import java.util.ArrayList; import java.util.EnumMap; import java.util.HashSet; @@ -50,7 +51,7 @@ import java.util.Set; * * @author Jeremy Long */ -public class Engine { +public class Engine implements FileFilter{ /** * The list of dependencies. @@ -317,7 +318,7 @@ public class Engine { extension = fileName; } Dependency dependency = null; - if (supportsExtension(extension)) { + if (accept(file)) { dependency = new Dependency(file); if (extension.equals(fileName)) { dependency.setFileExtension(extension); @@ -379,7 +380,7 @@ public class Engine { boolean shouldAnalyze = true; if (a instanceof FileTypeAnalyzer) { final FileTypeAnalyzer fAnalyzer = (FileTypeAnalyzer) a; - shouldAnalyze = fAnalyzer.supportsExtension(d.getFileExtension()); + shouldAnalyze = fAnalyzer.accept(d.getActualFile()); } if (shouldAnalyze) { LOGGER.debug("Begin Analysis of '{}'", d.getActualFilePath()); @@ -482,18 +483,18 @@ public class Engine { /** * Checks all analyzers to see if an extension is supported. * - * @param ext a file extension + * @param file a file extension * @return true or false depending on whether or not the file extension is supported */ - public boolean supportsExtension(String ext) { - if (ext == null) { + public boolean accept(File file) { + if (file == null) { return false; } boolean scan = false; for (FileTypeAnalyzer a : this.fileTypeAnalyzers) { /* note, we can't break early on this loop as the analyzers need to know if they have files to work on prior to initialization */ - scan |= a.supportsExtension(ext); + scan |= a.accept(file); } return scan; } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java index 78f1499d2..c431e2326 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java @@ -17,9 +17,15 @@ */ package org.owasp.dependencycheck.analyzer; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; +import java.io.File; +import java.io.FileFilter; +import java.util.*; + +import org.apache.commons.io.IOCase; +import org.apache.commons.io.filefilter.IOFileFilter; +import org.apache.commons.io.filefilter.NameFileFilter; +import org.apache.commons.io.filefilter.OrFileFilter; +import org.apache.commons.io.filefilter.SuffixFileFilter; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Dependency; @@ -36,6 +42,7 @@ import org.slf4j.LoggerFactory; public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implements FileTypeAnalyzer { // + /** * Base constructor that all children must call. This checks the configuration to determine if the analyzer is * enabled. @@ -98,21 +105,20 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen // // + /** *

- * Returns a list of supported file extensions. An example would be an analyzer that inspected java jar files. The - * getSupportedExtensions function would return a set with a single element "jar".

+ * Returns the {@link java.io.FileFilter} used to determine which files are to be analyzed. + * An example would be an analyzer that inspected Java jar files. Implementors may use + * {@link org.owasp.dependencycheck.utils.FileFilterBuilder}.

* + * @return the file filter used to determine which files are to be analyzed + *

*

- * Note: when implementing this the extensions returned MUST be lowercase.

- * - * @return The file extensions supported by this analyzer. - * - *

- * If the analyzer returns null it will not cause additional files to be analyzed but will be executed against every - * file loaded

+ * If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against + * every file loaded.

*/ - protected abstract Set getSupportedExtensions(); + protected abstract FileFilter getFileFilter(); /** * Initializes the file type analyzer. @@ -126,7 +132,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen * scanned, and added to the list of dependencies within the engine. * * @param dependency the dependency to analyze - * @param engine the engine scanning + * @param engine the engine scanning * @throws AnalysisException thrown if there is an analysis exception */ protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException; @@ -141,6 +147,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen // // + /** * Initializes the analyzer. * @@ -175,7 +182,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen * scanned, and added to the list of dependencies within the engine. * * @param dependency the dependency to analyze - * @param engine the engine scanning + * @param engine the engine scanning * @throws AnalysisException thrown if there is an analysis exception */ @Override @@ -185,38 +192,30 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen } } - /** - * Returns whether or not this analyzer can process the given extension. - * - * @param extension the file extension to test for support. - * @return whether or not the specified file extension is supported by this analyzer. - */ @Override - public final boolean supportsExtension(String extension) { - if (!enabled) { - return false; - } - final Set ext = getSupportedExtensions(); - if (ext == null) { - LOGGER.error("The '{}' analyzer is misconfigured and does not have any file extensions;" - + " it will be disabled", getName()); - return false; - } else { - final boolean match = ext.contains(extension); - if (match) { - filesMatched = match; + public boolean accept(File pathname) { + FileFilter filter = getFileFilter(); + boolean accepted = false; + if (null == filter) { + LOGGER.error("The '{}' analyzer is misconfigured and does not have a file filter; it will be disabled", getName()); + } else if (enabled) { + accepted = filter.accept(pathname); + if (accepted) { + filesMatched = true; } - return match; } + return accepted; } -// + + // // + /** *

* Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a * final static declaration.

- * + *

*

* This implementation was copied from * http://stackoverflow.com/questions/2041778/initialize-java-hashset-values-by-construction

@@ -226,9 +225,10 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen */ protected static Set newHashSet(String... strings) { final Set set = new HashSet(); - Collections.addAll(set, strings); return set; } + + // } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index 28cd78a2a..ebe2eb19e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -17,13 +17,7 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.BufferedInputStream; -import java.io.BufferedOutputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.FileOutputStream; -import java.io.IOException; +import java.io.*; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; @@ -31,6 +25,7 @@ import java.util.Enumeration; import java.util.HashSet; import java.util.List; import java.util.Set; + import org.apache.commons.compress.archivers.ArchiveEntry; import org.apache.commons.compress.archivers.ArchiveInputStream; import org.apache.commons.compress.archivers.tar.TarArchiveInputStream; @@ -44,6 +39,7 @@ import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException; import org.owasp.dependencycheck.dependency.Dependency; +import org.owasp.dependencycheck.utils.FileFilterBuilder; import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; @@ -116,14 +112,11 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { EXTENSIONS.addAll(ZIPPABLES); } - /** - * Returns a list of file EXTENSIONS supported by this analyzer. - * - * @return a list of file EXTENSIONS supported by this analyzer. - */ + private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build(); + @Override - public Set getSupportedExtensions() { - return EXTENSIONS; + protected FileFilter getFileFilter() { + return FILTER; } /** @@ -197,7 +190,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { * scanned, and added to the list of dependencies within the engine. * * @param dependency the dependency to analyze - * @param engine the engine scanning + * @param engine the engine scanning * @throws AnalysisException thrown if there is an analysis exception */ @Override @@ -229,14 +222,14 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { //TODO - can we get more evidence from the parent? EAR contains module name, etc. //analyze the dependency (i.e. extract files) if it is a supported type. - if (this.supportsExtension(d.getFileExtension()) && scanDepth < MAX_SCAN_DEPTH) { + if (this.accept(d.getActualFile()) && scanDepth < MAX_SCAN_DEPTH) { scanDepth += 1; analyze(d, engine); scanDepth -= 1; } } } - if (this.REMOVE_FROM_ANALYSIS.contains(dependency.getFileExtension())) { + if (REMOVE_FROM_ANALYSIS.contains(dependency.getFileExtension())) { if ("zip".equals(dependency.getFileExtension()) && isZipFileActuallyJarFile(dependency)) { final File tdir = getNextTempDirectory(); final String fileName = dependency.getFileName(); @@ -295,9 +288,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { /** * Extracts the contents of an archive into the specified directory. * - * @param archive an archive file such as a WAR or EAR + * @param archive an archive file such as a WAR or EAR * @param destination a directory to extract the contents to - * @param engine the scanning engine + * @param engine the scanning engine * @throws AnalysisException thrown if the archive is not found */ private void extractFiles(File archive, File destination, Engine engine) throws AnalysisException { @@ -320,9 +313,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { extractArchive(new TarArchiveInputStream(new BufferedInputStream(fis)), destination, engine); } else if ("gz".equals(archiveExt) || "tgz".equals(archiveExt)) { final String uncompressedName = GzipUtils.getUncompressedFilename(archive.getName()); - final String uncompressedExt = FileUtils.getFileExtension(uncompressedName).toLowerCase(); - if (engine.supportsExtension(uncompressedExt)) { - decompressFile(new GzipCompressorInputStream(new BufferedInputStream(fis)), new File(destination, uncompressedName)); + File f = new File(destination, uncompressedName); + if (engine.accept(f)) { + decompressFile(new GzipCompressorInputStream(new BufferedInputStream(fis)), f); } } } catch (ArchiveExtractionException ex) { @@ -343,9 +336,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { /** * Extracts files from an archive. * - * @param input the archive to extract files from + * @param input the archive to extract files from * @param destination the location to write the files too - * @param engine the dependency-check engine + * @param engine the dependency-check engine * @throws ArchiveExtractionException thrown if there is an exception extracting files from the archive */ private void extractArchive(ArchiveInputStream input, File destination, Engine engine) throws ArchiveExtractionException { @@ -362,8 +355,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { } } else { final File file = new File(destination, entry.getName()); - final String ext = FileUtils.getFileExtension(file.getName()); - if (engine.supportsExtension(ext)) { + if (engine.accept(file)) { LOGGER.debug("Extracting '{}'", file.getPath()); BufferedOutputStream bos = null; FileOutputStream fos = null; @@ -429,7 +421,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { * Decompresses a file. * * @param inputStream the compressed file - * @param outputFile the location to write the decompressed file + * @param outputFile the location to write the decompressed file * @throws ArchiveExtractionException thrown if there is an exception decompressing the file */ private void decompressFile(CompressorInputStream inputStream, File outputFile) throws ArchiveExtractionException { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java index f8eade81e..70701ced8 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java @@ -17,22 +17,6 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.BufferedReader; -import java.io.File; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.util.ArrayList; -import java.util.List; -import java.util.Locale; -import java.util.Set; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.xpath.XPath; -import javax.xml.xpath.XPathExpressionException; -import javax.xml.xpath.XPathFactory; - import ch.qos.cal10n.IMessageConveyor; import ch.qos.cal10n.MessageConveyor; import org.owasp.dependencycheck.Engine; @@ -41,12 +25,23 @@ import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; import org.owasp.dependencycheck.utils.DCResources; +import org.owasp.dependencycheck.utils.FileFilterBuilder; import org.owasp.dependencycheck.utils.Settings; import org.slf4j.cal10n.LocLogger; import org.slf4j.cal10n.LocLoggerFactory; import org.w3c.dom.Document; import org.xml.sax.SAXException; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.xpath.XPath; +import javax.xml.xpath.XPathExpressionException; +import javax.xml.xpath.XPathFactory; +import java.io.*; +import java.util.ArrayList; +import java.util.List; +import java.util.Locale; + /** * Analyzer for getting company, product, and version information from a .NET assembly. * @@ -66,7 +61,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { /** * The list of supported extensions */ - private static final Set SUPPORTED_EXTENSIONS = newHashSet("dll", "exe"); + private static final String[] SUPPORTED_EXTENSIONS = {"dll", "exe"}; /** * The temp value for GrokAssembly.exe */ @@ -296,14 +291,12 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { } } - /** - * Gets the set of extensions supported by this analyzer. - * - * @return the list of supported extensions - */ + private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions( + SUPPORTED_EXTENSIONS).build(); + @Override - public Set getSupportedExtensions() { - return SUPPORTED_EXTENSIONS; + protected FileFilter getFileFilter() { + return FILTER; } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java index 1e81a0df6..f23e546a2 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java @@ -17,23 +17,24 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.File; -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; -import java.util.Set; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - import org.apache.commons.io.FileUtils; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.EvidenceCollection; +import org.owasp.dependencycheck.utils.FileFilterBuilder; import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.UrlStringUtils; +import java.io.File; +import java.io.FileFilter; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + /** * Used to analyze Autoconf input files named configure.ac or configure.in. Files simply named "configure" are also analyzed, * assuming they are generated by Autoconf, and contain certain special package descriptor variables. @@ -71,8 +72,7 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer { /** * The set of file extensions supported by this analyzer. */ - private static final Set EXTENSIONS = newHashSet("ac", "in", - CONFIGURE); + private static final String[] EXTENSIONS = {"ac", "in"}; /** * Matches AC_INIT variables in the output configure script. @@ -103,14 +103,12 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer { | Pattern.CASE_INSENSITIVE); } - /** - * Returns a list of file EXTENSIONS supported by this analyzer. - * - * @return a list of file EXTENSIONS supported by this analyzer. - */ + private static final FileFilter FILTER = FileFilterBuilder.newInstance().addFilenames(CONFIGURE).addExtensions( + EXTENSIONS).build(); + @Override - public Set getSupportedExtensions() { - return EXTENSIONS; + protected FileFilter getFileFilter() { + return FILTER; } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java index 94074deb7..029f25c45 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java @@ -17,12 +17,6 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.File; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.net.URL; -import java.util.List; -import java.util.Set; import org.apache.commons.io.FileUtils; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; @@ -31,14 +25,18 @@ import org.owasp.dependencycheck.data.nexus.MavenArtifact; import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; +import org.owasp.dependencycheck.utils.*; import org.owasp.dependencycheck.xml.pom.PomUtils; -import org.owasp.dependencycheck.utils.DownloadFailedException; -import org.owasp.dependencycheck.utils.Downloader; -import org.owasp.dependencycheck.utils.InvalidSettingException; -import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.io.File; +import java.io.FileFilter; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.net.URL; +import java.util.List; + /** * Analyzer which will attempt to locate a dependency, and the GAV information, by querying Central for the dependency's SHA-1 * digest. @@ -65,7 +63,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { /** * The types of files on which this will work. */ - private static final Set SUPPORTED_EXTENSIONS = newHashSet("jar"); + private static final String SUPPORTED_EXTENSIONS = "jar"; /** * The analyzer should be disabled if there are errors, so this is a flag to determine if such an error has occurred. @@ -163,14 +161,11 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { return ANALYSIS_PHASE; } - /** - * Returns the extensions for which this Analyzer runs. - * - * @return the extensions for which this Analyzer runs - */ + private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(SUPPORTED_EXTENSIONS).build(); + @Override - public Set getSupportedExtensions() { - return SUPPORTED_EXTENSIONS; + protected FileFilter getFileFilter() { + return FILTER; } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileTypeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileTypeAnalyzer.java index 0151578c6..bb7467a4c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileTypeAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileTypeAnalyzer.java @@ -17,20 +17,14 @@ */ package org.owasp.dependencycheck.analyzer; +import java.io.FileFilter; + /** * An Analyzer that scans specific file types. * * @author Jeremy Long */ -public interface FileTypeAnalyzer extends Analyzer { - - /** - * Returns whether or not this analyzer can process the given extension. - * - * @param extension the file extension to test for support. - * @return whether or not the specified file extension is supported by this analyzer. - */ - boolean supportsExtension(String extension); +public interface FileTypeAnalyzer extends Analyzer, FileFilter { /** * Resets the analyzers state. diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index f9c180446..94aaceb37 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -17,14 +17,7 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.BufferedOutputStream; -import java.io.File; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.OutputStream; -import java.io.Reader; +import java.io.*; import java.util.ArrayList; import java.util.Collections; import java.util.Enumeration; @@ -47,6 +40,7 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.EvidenceCollection; +import org.owasp.dependencycheck.utils.FileFilterBuilder; import org.owasp.dependencycheck.xml.pom.License; import org.owasp.dependencycheck.xml.pom.PomUtils; import org.owasp.dependencycheck.xml.pom.Model; @@ -168,16 +162,13 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { /** * The set of file extensions supported by this analyzer. */ - private static final Set EXTENSIONS = newHashSet("jar", "war"); + private static final String[] EXTENSIONS = {"jar", "war"}; + + private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build(); - /** - * Returns a list of file EXTENSIONS supported by this analyzer. - * - * @return a list of file EXTENSIONS supported by this analyzer. - */ @Override - public Set getSupportedExtensions() { - return EXTENSIONS; + protected FileFilter getFileFilter() { + return FILTER; } /** @@ -388,7 +379,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @param dependency the dependency being analyzed * @return returns the POM object * @throws AnalysisException is thrown if there is an exception extracting or parsing the POM - * {@link org.owasp.dependencycheck.jaxb.pom.generated.Model} object + * {@link org.owasp.dependencycheck.xml.pom.Model} object */ private Model extractPom(String path, JarFile jar, Dependency dependency) throws AnalysisException { InputStream input = null; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java index 077a6d667..6af9c3a8c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java @@ -17,20 +17,17 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.BufferedReader; -import java.io.File; -import java.io.FileNotFoundException; -import java.io.FileReader; -import java.io.IOException; -import java.util.Set; -import java.util.regex.Pattern; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Dependency; +import org.owasp.dependencycheck.utils.FileFilterBuilder; import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.io.*; +import java.util.regex.Pattern; + /** * * Used to analyze a JavaScript file to gather information to aid in identification of a CPE identifier. @@ -56,16 +53,13 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer { /** * The set of file extensions supported by this analyzer. */ - private static final Set EXTENSIONS = newHashSet("js"); + private static final String EXTENSIONS = "js"; + + private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build(); - /** - * Returns a list of file EXTENSIONS supported by this analyzer. - * - * @return a list of file EXTENSIONS supported by this analyzer. - */ @Override - public Set getSupportedExtensions() { - return EXTENSIONS; + protected FileFilter getFileFilter() { + return FILTER; } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java index 101163745..057a1e23a 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java @@ -17,12 +17,6 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.File; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.Set; import org.apache.commons.io.FileUtils; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; @@ -31,14 +25,18 @@ import org.owasp.dependencycheck.data.nexus.NexusSearch; import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; +import org.owasp.dependencycheck.utils.*; import org.owasp.dependencycheck.xml.pom.PomUtils; -import org.owasp.dependencycheck.utils.InvalidSettingException; -import org.owasp.dependencycheck.utils.DownloadFailedException; -import org.owasp.dependencycheck.utils.Downloader; -import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.io.File; +import java.io.FileFilter; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; + /** * Analyzer which will attempt to locate a dependency on a Nexus service by SHA-1 digest of the dependency. * @@ -78,7 +76,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { /** * The types of files on which this will work. */ - private static final Set SUPPORTED_EXTENSIONS = newHashSet("jar"); + private static final String SUPPORTED_EXTENSIONS = "jar"; /** * The Nexus Search to be set up for this analyzer. @@ -183,14 +181,11 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { return ANALYSIS_PHASE; } - /** - * Returns the extensions for which this Analyzer runs. - * - * @return the extensions for which this Analyzer runs - */ + private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(SUPPORTED_EXTENSIONS).build(); + @Override - public Set getSupportedExtensions() { - return SUPPORTED_EXTENSIONS; + protected FileFilter getFileFilter() { + return FILTER; } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java index 237b349ae..0082963b6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java @@ -17,10 +17,6 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.util.Set; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.data.nuget.NugetPackage; @@ -29,10 +25,16 @@ import org.owasp.dependencycheck.data.nuget.NuspecParser; import org.owasp.dependencycheck.data.nuget.XPathNuspecParser; import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; +import org.owasp.dependencycheck.utils.FileFilterBuilder; import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.io.FileFilter; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; + /** * Analyzer which will parse a Nuspec file to gather module information. * @@ -58,7 +60,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { /** * The types of files on which this will work. */ - private static final Set SUPPORTED_EXTENSIONS = newHashSet("nuspec"); + private static final String SUPPORTED_EXTENSIONS = "nuspec"; /** * Initializes the analyzer once before any analysis is performed. @@ -99,14 +101,12 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { return ANALYSIS_PHASE; } - /** - * Returns the extensions for which this Analyzer runs. - * - * @return the extensions for which this Analyzer runs - */ + private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions( + SUPPORTED_EXTENSIONS).build(); + @Override - public Set getSupportedExtensions() { - return SUPPORTED_EXTENSIONS; + protected FileFilter getFileFilter() { + return FILTER; } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java index 6b31c6973..530837945 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java @@ -17,17 +17,6 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.BufferedInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.FilenameFilter; -import java.util.Set; -import java.util.regex.Pattern; - -import javax.mail.MessagingException; -import javax.mail.internet.InternetHeaders; - import org.apache.commons.io.filefilter.NameFileFilter; import org.apache.commons.io.filefilter.SuffixFileFilter; import org.apache.commons.io.input.AutoCloseInputStream; @@ -37,14 +26,15 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.EvidenceCollection; -import org.owasp.dependencycheck.utils.ExtractionException; -import org.owasp.dependencycheck.utils.ExtractionUtil; -import org.owasp.dependencycheck.utils.FileUtils; -import org.owasp.dependencycheck.utils.Settings; -import org.owasp.dependencycheck.utils.UrlStringUtils; +import org.owasp.dependencycheck.utils.*; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.mail.MessagingException; +import javax.mail.internet.InternetHeaders; +import java.io.*; +import java.util.regex.Pattern; + /** * Used to analyze a Wheel or egg distribution files, or their contents in unzipped form, and collect information that can be used * to determine the associated CPE. @@ -86,11 +76,10 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { /** * The set of file extensions supported by this analyzer. */ - private static final Set EXTENSIONS = newHashSet("whl", "egg", - "zip", METADATA, PKG_INFO); + private static final String[] EXTENSIONS = {"whl", "egg", "zip"}; /** - * Used to match on egg archive candidate extenssions. + * Used to match on egg archive candidate extensions. */ private static final Pattern EGG_OR_ZIP = Pattern.compile("egg|zip"); @@ -114,23 +103,21 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { /** * Filter that detects files named "METADATA". */ - private static final FilenameFilter METADATA_FILTER = new NameFileFilter( + private static final NameFileFilter METADATA_FILTER = new NameFileFilter( METADATA); /** * Filter that detects files named "PKG-INFO". */ - private static final FilenameFilter PKG_INFO_FILTER = new NameFileFilter( + private static final NameFileFilter PKG_INFO_FILTER = new NameFileFilter( PKG_INFO); - /** - * Returns a list of file EXTENSIONS supported by this analyzer. - * - * @return a list of file EXTENSIONS supported by this analyzer. - */ + private static final FileFilter FILTER = FileFilterBuilder.newInstance().addFileFilters( + METADATA_FILTER, PKG_INFO_FILTER).addExtensions(EXTENSIONS).build(); + @Override - public Set getSupportedExtensions() { - return EXTENSIONS; + protected FileFilter getFileFilter() { + return FILTER; } /** @@ -194,13 +181,13 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { /** * Collects the meta data from an archive. * - * @param dependency the archive being scanned - * @param folderFilter the filter to apply to the folder + * @param dependency the archive being scanned + * @param folderFilter the filter to apply to the folder * @param metadataFilter the filter to apply to the meta data * @throws AnalysisException thrown when there is a problem analyzing the dependency */ private void collectMetadataFromArchiveFormat(Dependency dependency, - FilenameFilter folderFilter, FilenameFilter metadataFilter) + FilenameFilter folderFilter, FilenameFilter metadataFilter) throws AnalysisException { final File temp = getNextTempDirectory(); LOGGER.debug("{} exists? {}", temp, temp.exists()); @@ -260,7 +247,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { * Gathers evidence from the METADATA file. * * @param dependency the dependency being analyzed - * @param file a reference to the manifest/properties file + * @param file a reference to the manifest/properties file * @throws AnalysisException thrown when there is an error */ private static void collectWheelMetadata(Dependency dependency, File file) @@ -290,13 +277,13 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { /** * Adds a value to the evidence collection. * - * @param headers the properties collection - * @param evidence the evidence collection to add the value - * @param property the property name + * @param headers the properties collection + * @param evidence the evidence collection to add the value + * @param property the property name * @param confidence the confidence of the evidence */ private static void addPropertyToEvidence(InternetHeaders headers, - EvidenceCollection evidence, String property, Confidence confidence) { + EvidenceCollection evidence, String property, Confidence confidence) { final String value = headers.getHeader(property, null); LOGGER.debug("Property: {}, Value: {}", property, value); if (StringUtils.isNotBlank(value)) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java index a2080792f..6aba3e1f6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java @@ -17,17 +17,6 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.File; -import java.io.FileFilter; -import java.io.IOException; -import java.net.MalformedURLException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; -import java.util.Set; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - import org.apache.commons.io.FileUtils; import org.apache.commons.io.filefilter.NameFileFilter; import org.apache.commons.io.filefilter.SuffixFileFilter; @@ -36,11 +25,21 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.EvidenceCollection; +import org.owasp.dependencycheck.utils.FileFilterBuilder; import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.UrlStringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.io.File; +import java.io.FileFilter; +import java.io.IOException; +import java.net.MalformedURLException; +import java.util.ArrayList; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + /** * Used to analyze a Python package, and collect information that can be used to determine the associated CPE. * @@ -63,8 +62,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { /** * Filename extensions for files to be analyzed. */ - private static final Set EXTENSIONS = Collections - .unmodifiableSet(Collections.singleton("py")); + private static final String EXTENSIONS = "py"; /** * Pattern for matching the module docstring in a source file. @@ -134,14 +132,11 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { return AnalysisPhase.INFORMATION_COLLECTION; } - /** - * Returns the set of supported file extensions. - * - * @return the set of supported file extensions - */ + private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build(); + @Override - protected Set getSupportedExtensions() { - return EXTENSIONS; + protected FileFilter getFileFilter() { + return FILTER; } /** @@ -209,12 +204,12 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { */ private boolean analyzeFileContents(Dependency dependency, File file) throws AnalysisException { - String contents = ""; + String contents; try { contents = FileUtils.readFileToString(file).trim(); } catch (IOException e) { throw new AnalysisException( - "Problem occured while reading dependency file.", e); + "Problem occurred while reading dependency file.", e); } boolean found = false; if (!contents.isEmpty()) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java index a39f01cd5..c1caa5a05 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java @@ -109,8 +109,7 @@ public final class ExtractionUtil { } } else { final File file = new File(extractTo, entry.getName()); - final String ext = getFileExtension(file.getName()); - if (engine == null || engine.supportsExtension(ext)) { + if (engine == null || engine.accept(file)) { BufferedOutputStream bos = null; FileOutputStream fos; try { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileFilterBuilder.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileFilterBuilder.java new file mode 100644 index 000000000..1d4ef3433 --- /dev/null +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileFilterBuilder.java @@ -0,0 +1,113 @@ +/* + * This file is part of dependency-check-core. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved. + */ + +package org.owasp.dependencycheck.utils; + +import org.apache.commons.io.filefilter.IOFileFilter; +import org.apache.commons.io.filefilter.NameFileFilter; +import org.apache.commons.io.filefilter.OrFileFilter; +import org.apache.commons.io.filefilter.SuffixFileFilter; + +import java.io.File; +import java.io.FileFilter; +import java.util.*; + +/** + * Utility class for building useful {@link FileFilter} instances for + * {@link org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer} implementations. The built filter uses + * {@link OrFileFilter} to logically OR the given filter conditions. + * + * @author Dale Visser + */ +public class FileFilterBuilder { + + public static FileFilterBuilder newInstance(){ + return new FileFilterBuilder(); + } + + private Set filenames = new HashSet(); + + /** + * Add to the set of filenames to accept for analysis. Case sensitivity is assumed. + * + * @param names one or more filenames to accept for analysis + */ + public FileFilterBuilder addFilenames(String... names) { + filenames.addAll(Arrays.asList(names)); + return this; + } + + private Set extensions = new HashSet(); + + /** + * Add to the set of file extensions to accept for analysis. Case sensitivity is assumed. + * + * @param extensions one or more file extensions to accept for analysis + */ + public FileFilterBuilder addExtensions(String... extensions) { + return this.addExtensions(Arrays.asList(extensions)); + } + + /** + * Add to the set of file extensions to accept for analysis. Case sensitivity is assumed. + * + * @param extensions one or more file extensions to accept for analysis + */ + public FileFilterBuilder addExtensions(Iterable extensions){ + for (String extension : extensions) { + // Ultimately, SuffixFileFilter will be used, and the "." needs to be explicit. + this.extensions.add(extension.startsWith(".") ? extension : "." + extension); + } + return this; + } + + private List fileFilters = new ArrayList(); + + /** + * Add to a list of {@link IOFileFilter} instances to consult for whether to accept a file for analysis. + * + * @param filters one or more file filters to consult for whether to accept for analysis + */ + public FileFilterBuilder addFileFilters(IOFileFilter... filters) { + fileFilters.addAll(Arrays.asList(filters)); + return this; + } + + /** + * Builds the filter and returns it. + * + * @return a filter that is the logical OR of all the conditions provided by the add... methods + * @throws IllegalStateException if no add... method has been called with one or more arguments + */ + public FileFilter build() { + if (filenames.isEmpty() && extensions.isEmpty() && fileFilters.isEmpty()) { + throw new IllegalStateException("May only be invoked after at least one add... method has been invoked."); + } + OrFileFilter filter = new OrFileFilter(); + if (!filenames.isEmpty()) { + filter.addFileFilter(new NameFileFilter(new ArrayList(filenames))); + } + if (!extensions.isEmpty()) { + filter.addFileFilter(new SuffixFileFilter(new ArrayList(extensions))); + } + for (IOFileFilter iof : fileFilters) { + filter.addFileFilter(iof); + } + return filter; + } +} diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java index 38fd60298..abd94ee62 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java @@ -20,8 +20,7 @@ package org.owasp.dependencycheck.analyzer; import java.io.File; import java.util.HashSet; import java.util.Set; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; +import static org.junit.Assert.*; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.Engine; @@ -39,7 +38,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase { * Test of getSupportedExtensions method, of class ArchiveAnalyzer. */ @Test - public void testGetSupportedExtensions() { + public void testSupportsExtensions() { ArchiveAnalyzer instance = new ArchiveAnalyzer(); Set expResult = new HashSet(); expResult.add("zip"); @@ -52,8 +51,9 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase { expResult.add("tar"); expResult.add("gz"); expResult.add("tgz"); - Set result = instance.getSupportedExtensions(); - assertEquals(expResult, result); + for (String ext : expResult) { + assertTrue(ext, instance.accept(new File("test." + ext))); + } } /** @@ -72,28 +72,9 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase { */ @Test public void testSupportsExtension() { - String extension = "7z"; //not supported + String extension = "test.7z"; //not supported ArchiveAnalyzer instance = new ArchiveAnalyzer(); - boolean expResult = false; - boolean result = instance.supportsExtension(extension); - assertEquals(expResult, result); - - extension = "war"; //supported - expResult = true; - result = instance.supportsExtension(extension); - assertEquals(expResult, result); - - extension = "ear"; //supported - result = instance.supportsExtension(extension); - assertEquals(expResult, result); - - extension = "zip"; //supported - result = instance.supportsExtension(extension); - assertEquals(expResult, result); - - extension = "nupkg"; //supported - result = instance.supportsExtension(extension); - assertEquals(expResult, result); + assertFalse(extension, instance.accept(new File(extension))); } /** @@ -129,7 +110,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase { public void testAnalyze() throws Exception { ArchiveAnalyzer instance = new ArchiveAnalyzer(); //trick the analyzer into thinking it is active. - instance.supportsExtension("ear"); + instance.accept(new File("test.ear")); try { instance.initialize(); File file = BaseTest.getResourceAsFile(this, "daytrader-ear-2.1.7.ear"); @@ -160,7 +141,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase { public void testAnalyzeTar() throws Exception { ArchiveAnalyzer instance = new ArchiveAnalyzer(); //trick the analyzer into thinking it is active so that it will initialize - instance.supportsExtension("tar"); + instance.accept(new File("test.tar")); try { instance.initialize(); @@ -191,7 +172,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase { @Test public void testAnalyzeTarGz() throws Exception { ArchiveAnalyzer instance = new ArchiveAnalyzer(); - instance.supportsExtension("zip"); //ensure analyzer is "enabled" + instance.accept(new File("zip")); //ensure analyzer is "enabled" try { instance.initialize(); @@ -244,7 +225,7 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase { @Test public void testAnalyzeTgz() throws Exception { ArchiveAnalyzer instance = new ArchiveAnalyzer(); - instance.supportsExtension("zip"); //ensure analyzer is "enabled" + instance.accept(new File("zip")); //ensure analyzer is "enabled" try { instance.initialize(); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java index 3333227a3..d67c417fd 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java @@ -58,7 +58,7 @@ public class AssemblyAnalyzerTest extends BaseTest { public void setUp() throws Exception { try { analyzer = new AssemblyAnalyzer(); - analyzer.supportsExtension("dll"); + analyzer.accept(new File("test.dll")); // trick into "thinking it is active" analyzer.initialize(); } catch (Exception e) { if (e.getMessage().contains("Could not execute .NET AssemblyAnalyzer")) { @@ -155,7 +155,7 @@ public class AssemblyAnalyzerTest extends BaseTest { System.setProperty(LOG_KEY, "error"); // Have to make a NEW analyzer because during setUp, it would have gotten the correct one AssemblyAnalyzer aanalyzer = new AssemblyAnalyzer(); - aanalyzer.supportsExtension("dll"); + aanalyzer.accept(new File("test.dll")); // trick into "thinking it is active" aanalyzer.initialize(); fail("Expected an AnalysisException"); } catch (AnalysisException ae) { diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java index 6e118e41a..d6f8bb79c 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java @@ -17,13 +17,6 @@ */ package org.owasp.dependencycheck.analyzer; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -import java.util.Arrays; -import java.util.HashSet; - -import org.apache.commons.lang.StringUtils; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -31,6 +24,11 @@ import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Dependency; +import java.io.File; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + /** * Unit tests for AutoconfAnalyzer. The test resources under autoconf/ were * obtained from outside open source software projects. Links to those projects @@ -164,27 +162,15 @@ public class AutoconfAnalyzerTest extends BaseTest { } /** - * Test of {@link AutoconfAnalyzer#getSupportedExtensions}. + * Test of {@link AutoconfAnalyzer#accept(File)}. */ @Test - public void testGetSupportedExtensions() { - final String[] expected = { "ac", "in", "configure" }; - assertEquals("Supported extensions should just have the following: " - + StringUtils.join(expected, ", "), - new HashSet(Arrays.asList(expected)), - analyzer.getSupportedExtensions()); - } - - /** - * Test of {@link AutoconfAnalyzer#supportsExtension}. - */ - @Test - public void testSupportsExtension() { + public void testSupportsFileExtension() { assertTrue("Should support \"ac\" extension.", - analyzer.supportsExtension("ac")); + analyzer.accept(new File("configure.ac"))); assertTrue("Should support \"in\" extension.", - analyzer.supportsExtension("in")); + analyzer.accept(new File("configure.in"))); assertTrue("Should support \"configure\" extension.", - analyzer.supportsExtension("configure")); + analyzer.accept(new File("configure"))); } } \ No newline at end of file diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java index 3625537a3..404d57ece 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java @@ -149,7 +149,7 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase { HintAnalyzer hintAnalyzer = new HintAnalyzer(); JarAnalyzer jarAnalyzer = new JarAnalyzer(); - jarAnalyzer.supportsExtension("jar"); + jarAnalyzer.accept(new File("test.jar"));//trick analyzer into "thinking it is active" jarAnalyzer.analyze(struts, null); hintAnalyzer.analyze(struts, null); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java index 6ffebbda1..90f345cd7 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java @@ -17,19 +17,19 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.File; -import java.util.HashSet; -import java.util.Properties; -import java.util.Set; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; +import java.io.File; +import java.util.HashSet; +import java.util.Set; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + /** - * * @author Jeremy Long */ public class JarAnalyzerTest extends BaseTest { @@ -94,13 +94,14 @@ public class JarAnalyzerTest extends BaseTest { * Test of getSupportedExtensions method, of class JarAnalyzer. */ @Test - public void testGetSupportedExtensions() { + public void testAcceptSupportedExtensions() throws Exception { JarAnalyzer instance = new JarAnalyzer(); - Set expResult = new HashSet(); - expResult.add("jar"); - expResult.add("war"); - Set result = instance.getSupportedExtensions(); - assertEquals(expResult, result); + instance.initialize(); + instance.setEnabled(true); + String[] files = {"test.jar", "test.war"}; + for (String name : files) { + assertTrue(name, instance.accept(new File(name))); + } } /** @@ -114,16 +115,4 @@ public class JarAnalyzerTest extends BaseTest { assertEquals(expResult, result); } - /** - * Test of supportsExtension method, of class JarAnalyzer. - */ - @Test - public void testSupportsExtension() { - String extension = "jar"; - JarAnalyzer instance = new JarAnalyzer(); - boolean expResult = true; - boolean result = instance.supportsExtension(extension); - assertEquals(expResult, result); - } - } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java index 8daf030ed..fb1169039 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java @@ -17,15 +17,16 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.File; -import java.util.HashSet; -import java.util.Set; -import static org.junit.Assert.assertEquals; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.dependency.Dependency; +import java.io.File; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + /** * * @author Jeremy Long @@ -36,12 +37,12 @@ public class JavaScriptAnalyzerTest extends BaseTest { * Test of getSupportedExtensions method, of class JavaScriptAnalyzer. */ @Test - public void testGetSupportedExtensions() { + public void testAcceptSupportedExtensions() throws Exception { JavaScriptAnalyzer instance = new JavaScriptAnalyzer(); - Set expResult = new HashSet(); - expResult.add("js"); - Set result = instance.getSupportedExtensions(); - assertEquals(expResult, result); + instance.initialize(); + instance.setEnabled(true); + String name = "test.js"; + assertTrue(name, instance.accept(new File(name))); } /** @@ -56,18 +57,6 @@ public class JavaScriptAnalyzerTest extends BaseTest { assertEquals(expResult, result); } - /** - * Test of supportsExtension method, of class JavaScriptAnalyzer. - */ - @Test - public void testSupportsExtension() { - String extension = "js"; - JavaScriptAnalyzer instance = new JavaScriptAnalyzer(); - boolean expResult = true; - boolean result = instance.supportsExtension(extension); - assertEquals(expResult, result); - } - /** * Test of getAnalysisPhase method, of class JavaScriptAnalyzer. */ diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java index b993c6159..6d184dd2a 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java @@ -24,6 +24,8 @@ import org.junit.Before; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; +import java.io.File; + public class NuspecAnalyzerTest extends BaseTest { private NuspecAnalyzer instance; @@ -31,6 +33,7 @@ public class NuspecAnalyzerTest extends BaseTest { @Before public void setUp() throws Exception { instance = new NuspecAnalyzer(); + instance.initialize(); instance.setEnabled(true); } @@ -40,15 +43,9 @@ public class NuspecAnalyzerTest extends BaseTest { } @Test - public void testGetSupportedExtensions() { - assertTrue(instance.getSupportedExtensions().contains("nuspec")); - assertFalse(instance.getSupportedExtensions().contains("nupkg")); - } - - @Test - public void testSupportsExtension() { - assertTrue(instance.supportsExtension("nuspec")); - assertFalse(instance.supportsExtension("nupkg")); + public void testSupportsFileExtensions() { + assertTrue(instance.accept(new File("test.nuspec"))); + assertFalse(instance.accept(new File("test.nupkg"))); } @Test diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java index 2a2018884..ded6cb20b 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java @@ -17,13 +17,6 @@ */ package org.owasp.dependencycheck.analyzer; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -import java.util.Arrays; -import java.util.HashSet; - -import org.apache.commons.lang.StringUtils; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -32,6 +25,11 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; +import java.io.File; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + /** * Unit tests for PythonDistributionAnalyzer. * @@ -76,33 +74,21 @@ public class PythonDistributionAnalyzerTest extends BaseTest { analyzer.getName()); } - /** - * Test of getSupportedExtensions method, of class PythonDistributionAnalyzer. - */ - @Test - public void testGetSupportedExtensions() { - final String[] expected = {"whl", "egg", "zip", "METADATA", "PKG-INFO"}; - assertEquals("Supported extensions should just have the following: " - + StringUtils.join(expected, ", "), - new HashSet(Arrays.asList(expected)), - analyzer.getSupportedExtensions()); - } - /** * Test of supportsExtension method, of class PythonDistributionAnalyzer. */ @Test - public void testSupportsExtension() { + public void testSupportsFiles() { assertTrue("Should support \"whl\" extension.", - analyzer.supportsExtension("whl")); + analyzer.accept(new File("test.whl"))); assertTrue("Should support \"egg\" extension.", - analyzer.supportsExtension("egg")); + analyzer.accept(new File("test.egg"))); assertTrue("Should support \"zip\" extension.", - analyzer.supportsExtension("zip")); + analyzer.accept(new File("test.zip"))); assertTrue("Should support \"METADATA\" extension.", - analyzer.supportsExtension("METADATA")); + analyzer.accept(new File("METADATA"))); assertTrue("Should support \"PKG-INFO\" extension.", - analyzer.supportsExtension("PKG-INFO")); + analyzer.accept(new File("PKG-INFO"))); } /** @@ -119,7 +105,7 @@ public class PythonDistributionAnalyzerTest extends BaseTest { /** * Test of inspect method, of class PythonDistributionAnalyzer. * - * @throws Exception is thrown when an exception occurs. + * @throws AnalysisException is thrown when an exception occurs. */ @Test public void testAnalyzeSitePackage() throws AnalysisException { diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java index 0b13dd153..b132c2ec8 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java @@ -17,15 +17,7 @@ */ package org.owasp.dependencycheck.analyzer; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -import java.util.Arrays; -import java.util.HashSet; - -import org.apache.commons.lang.StringUtils; import org.junit.After; -import static org.junit.Assert.assertTrue; import org.junit.Before; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; @@ -33,6 +25,11 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; +import java.io.File; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + /** * Unit tests for PythonPackageAnalyzer. * @@ -77,25 +74,13 @@ public class PythonPackageAnalyzerTest extends BaseTest { analyzer.getName()); } - /** - * Test of getSupportedExtensions method, of class PythonPackageAnalyzer. - */ - @Test - public void testGetSupportedExtensions() { - final String[] expected = {"py"}; - assertEquals("Supported extensions should just have the following: " - + StringUtils.join(expected, ", "), - new HashSet(Arrays.asList(expected)), - analyzer.getSupportedExtensions()); - } - /** * Test of supportsExtension method, of class PythonPackageAnalyzer. */ @Test - public void testSupportsExtension() { + public void testSupportsFileExtension() { assertTrue("Should support \"py\" extension.", - analyzer.supportsExtension("py")); + analyzer.accept(new File("test.py"))); } @Test