diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 6c132047b..85b5c0154 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -21,7 +21,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 1.1.1-SNAPSHOT
+ 1.1.1
dependency-check-ant
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index 48eaaeda6..9afe105e1 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -21,7 +21,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 1.1.1-SNAPSHOT
+ 1.1.1
dependency-check-cli
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index d97a04fc2..141a103f7 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -21,7 +21,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 1.1.1-SNAPSHOT
+ 1.1.1
dependency-check-core
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
index dd8d794e9..2189c2d81 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
@@ -13,20 +13,27 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
+ * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.io.IOException;
import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
import java.util.regex.Pattern;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
/**
*
- * Used to load a JAR file and collect information that can be used to determine the associated CPE.
+ * Used to analyze a JavaScript file to gather information to aid in identification of a CPE identifier.
*
- * @author Jeremy Long
+ * @author Jeremy Long (jeremy.long@owasp.org)
*/
public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
@@ -49,6 +56,7 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
+ @Override
public Set getSupportedExtensions() {
return EXTENSIONS;
}
@@ -58,6 +66,7 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
*
* @return the name of the analyzer.
*/
+ @Override
public String getName() {
return ANALYZER_NAME;
}
@@ -68,6 +77,7 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this analyzer.
*/
+ @Override
public boolean supportsExtension(String extension) {
return EXTENSIONS.contains(extension);
}
@@ -77,42 +87,45 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
*
* @return the phase that the analyzer is intended to run in.
*/
+ @Override
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
//
/**
- * Loads a specified JAR file and collects information from the manifest and checksums to identify the correct CPE
- * information.
+ * Loads a specified JavaScript file and collects information from the copyright information contained within.
*
* @param dependency the dependency to analyze.
* @param engine the engine that is scanning the dependencies
- * @throws AnalysisException is thrown if there is an error reading the JAR file.
+ * @throws AnalysisException is thrown if there is an error reading the JavaScript file.
*/
@Override
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
- final Pattern extractComments = Pattern.compile("(/\\*([^*]|[\\r\\n]|(\\*+([^*/]|[\\r\\n])))*\\*+/)|(//.*)");
-
- }
-
- /**
- * The initialize method does nothing for this Analyzer.
- *
- * @throws Exception thrown if there is an exception
- */
- @Override
- public void initialize() throws Exception {
- //do nothing
- }
-
- /**
- * The close method does nothing for this Analyzer.
- *
- * @throws Exception thrown if there is an exception
- */
- @Override
- public void close() throws Exception {
- //do nothing
+ BufferedReader fin = null;;
+ try {
+ // /\*([^\*][^/]|[\r\n\f])+?\*/
+ final Pattern extractComments = Pattern.compile("(/\\*([^*]|[\\r\\n]|(\\*+([^*/]|[\\r\\n])))*\\*+/)|(//.*)", Pattern.MULTILINE);
+ File file = dependency.getActualFile();
+ fin = new BufferedReader(new FileReader(file));
+ StringBuilder sb = new StringBuilder(2000);
+ String text;
+ while ((text = fin.readLine()) != null) {
+ sb.append(text);
+ }
+ } catch (FileNotFoundException ex) {
+ final String msg = String.format("Dependency file not found: '%s'", dependency.getActualFilePath());
+ throw new AnalysisException(msg, ex);
+ } catch (IOException ex) {
+ Logger.getLogger(JavaScriptAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
+ } finally {
+ if (fin != null) {
+ try {
+ fin.close();
+ } catch (IOException ex) {
+ Logger.getLogger(JavaScriptAnalyzer.class.getName()).log(Level.FINEST, null, ex);
+ }
+ }
+ }
}
}
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java
new file mode 100644
index 000000000..93ddb80ab
--- /dev/null
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java
@@ -0,0 +1,145 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.analyzer;
+
+import java.io.File;
+import java.util.HashSet;
+import java.util.Set;
+import org.junit.After;
+import org.junit.AfterClass;
+import static org.junit.Assert.assertEquals;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.owasp.dependencycheck.Engine;
+import org.owasp.dependencycheck.dependency.Dependency;
+
+/**
+ *
+ * @author Jeremy Long (jeremy.long@owasp.org)
+ */
+public class JavaScriptAnalyzerTest {
+
+ public JavaScriptAnalyzerTest() {
+ }
+
+ @BeforeClass
+ public static void setUpClass() {
+ }
+
+ @AfterClass
+ public static void tearDownClass() {
+ }
+
+ @Before
+ public void setUp() {
+ }
+
+ @After
+ public void tearDown() {
+ }
+
+ /**
+ * Test of getSupportedExtensions method, of class JavaScriptAnalyzer.
+ */
+ @Test
+ public void testGetSupportedExtensions() {
+ JavaScriptAnalyzer instance = new JavaScriptAnalyzer();
+ Set expResult = new HashSet();
+ expResult.add("js");
+ Set result = instance.getSupportedExtensions();
+ assertEquals(expResult, result);
+ }
+
+ /**
+ * Test of getName method, of class JavaScriptAnalyzer.
+ */
+ @Test
+ public void testGetName() {
+ System.out.println("getName");
+ JavaScriptAnalyzer instance = new JavaScriptAnalyzer();
+ String expResult = "JavaScript Analyzer";
+ String result = instance.getName();
+ assertEquals(expResult, result);
+ }
+
+ /**
+ * Test of supportsExtension method, of class JavaScriptAnalyzer.
+ */
+ @Test
+ public void testSupportsExtension() {
+ String extension = "js";
+ JavaScriptAnalyzer instance = new JavaScriptAnalyzer();
+ boolean expResult = true;
+ boolean result = instance.supportsExtension(extension);
+ assertEquals(expResult, result);
+ }
+
+ /**
+ * Test of getAnalysisPhase method, of class JavaScriptAnalyzer.
+ */
+ @Test
+ public void testGetAnalysisPhase() {
+ JavaScriptAnalyzer instance = new JavaScriptAnalyzer();
+ AnalysisPhase expResult = AnalysisPhase.INFORMATION_COLLECTION;
+ AnalysisPhase result = instance.getAnalysisPhase();
+ assertEquals(expResult, result);
+ }
+
+ /**
+ * Test of analyze method, of class JavaScriptAnalyzer.
+ */
+ @Test
+ public void testAnalyze() throws Exception {
+ File jq6 = new File(this.getClass().getClassLoader().getResource("jquery-1.6.2.min.js").getPath());
+ File jq10 = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.js").getPath());
+ File jq10min = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.min.js").getPath());
+ Dependency depJQ6 = new Dependency(jq6);
+ Dependency depJQ10 = new Dependency(jq10);
+ Dependency depJQ10min = new Dependency(jq10min);
+ Engine engine = null;
+ JavaScriptAnalyzer instance = new JavaScriptAnalyzer();
+
+// assertTrue(depJQ6.getEvidence().size() == 0);
+// assertTrue(depJQ10.getEvidence().size() == 0);
+// assertTrue(depJQ10min.getEvidence().size() == 0);
+//
+// instance.analyze(depJQ6, engine);
+// instance.analyze(depJQ10, engine);
+// instance.analyze(depJQ10min, engine);
+// //TODO improve the assertions
+// assertTrue(depJQ6.getEvidence().size() > 0);
+// assertTrue(depJQ10.getEvidence().size() > 0);
+// assertTrue(depJQ10min.getEvidence().size() > 0);
+ }
+
+ /**
+ * Test of initialize method, of class JavaScriptAnalyzer.
+ */
+ @Test
+ public void testInitialize() throws Exception {
+ }
+
+ /**
+ * Test of close method, of class JavaScriptAnalyzer.
+ */
+ @Test
+ public void testClose() throws Exception {
+
+ }
+}
diff --git a/dependency-check-jenkins/pom.xml b/dependency-check-jenkins/pom.xml
index 4cc970dd8..0abccbebc 100644
--- a/dependency-check-jenkins/pom.xml
+++ b/dependency-check-jenkins/pom.xml
@@ -6,7 +6,7 @@
org.owasp
dependency-check-parent
- 1.1.1-SNAPSHOT
+ 1.1.1
org.owasp
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 213d1a799..0efb3861e 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -23,7 +23,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 1.1.1-SNAPSHOT
+ 1.1.1
dependency-check-maven
diff --git a/pom.xml b/pom.xml
index caa671646..196296923 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long
org.owasp
dependency-check-parent
- 1.1.1-SNAPSHOT
+ 1.1.1
pom