mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-18 07:14:09 +01:00
cleanup from reviews. Mostly formatting
This commit is contained in:
brianf
@@ -118,9 +118,7 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
final String filePath = String.format("%s:%s/%s/%s", dependency.getFilePath(), dep.getGroup(), dep.getProject(), dep.getVersion());
|
final String filePath = String.format("%s:%s/%s/%s", dependency.getFilePath(), dep.getGroup(), dep.getProject(), dep.getVersion());
|
||||||
d.setName(dep.getProject());
|
d.setName(dep.getProject());
|
||||||
d.setVersion(dep.getVersion());
|
d.setVersion(dep.getVersion());
|
||||||
|
|
||||||
d.setEcosystem(DEPENDENCY_ECOSYSTEM);
|
d.setEcosystem(DEPENDENCY_ECOSYSTEM);
|
||||||
|
|
||||||
final MessageDigest sha1 = getSha1MessageDigest();
|
final MessageDigest sha1 = getSha1MessageDigest();
|
||||||
d.setFilePath(filePath);
|
d.setFilePath(filePath);
|
||||||
d.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes(Charset.defaultCharset()))));
|
d.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes(Charset.defaultCharset()))));
|
||||||
@@ -133,12 +131,11 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
//make sure we only remove the main dependency if we went through this loop at least once.
|
//make sure we only remove the main dependency if we went through this loop at least once.
|
||||||
processedAtLeastOneDep = true;
|
processedAtLeastOneDep = true;
|
||||||
}
|
}
|
||||||
//remove the dependency at the end because it's referenced in the loop itself.
|
// remove the dependency at the end because it's referenced in the loop itself.
|
||||||
//double check the name to be sure we only remove the generic entry.
|
// double check the name to be sure we only remove the generic entry.
|
||||||
if (processedAtLeastOneDep && dependency.getDisplayFileName().equalsIgnoreCase("composer.lock")) {
|
if (processedAtLeastOneDep && dependency.getDisplayFileName().equalsIgnoreCase("composer.lock")) {
|
||||||
LOGGER.debug("Removing main redundant dependency {}",dependency.getDisplayFileName());
|
LOGGER.debug("Removing main redundant dependency {}", dependency.getDisplayFileName());
|
||||||
engine.getDependencies().remove(dependency);
|
engine.getDependencies().remove(dependency);
|
||||||
|
|
||||||
}
|
}
|
||||||
} catch (IOException ex) {
|
} catch (IOException ex) {
|
||||||
LOGGER.warn("Error opening dependency {}", dependency.getActualFilePath());
|
LOGGER.warn("Error opening dependency {}", dependency.getActualFilePath());
|
||||||
|
|||||||
@@ -129,7 +129,7 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
|
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
|
||||||
dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
|
dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
|
||||||
final File file = dependency.getActualFile();
|
final File file = dependency.getActualFile();
|
||||||
if (!file.isFile() || file.length()==0) {
|
if (!file.isFile() || file.length() == 0) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
|
try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
|
||||||
@@ -142,7 +142,8 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
final String valueString = ((JsonString) value).getString();
|
final String valueString = ((JsonString) value).getString();
|
||||||
productEvidence.addEvidence(PACKAGE_JSON, "name", valueString, Confidence.HIGHEST);
|
productEvidence.addEvidence(PACKAGE_JSON, "name", valueString, Confidence.HIGHEST);
|
||||||
dependency.setName(valueString);
|
dependency.setName(valueString);
|
||||||
vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString), Confidence.LOW);
|
vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString),
|
||||||
|
Confidence.LOW);
|
||||||
} else {
|
} else {
|
||||||
LOGGER.warn("JSON value not string as expected: {}", value);
|
LOGGER.warn("JSON value not string as expected: {}", value);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -304,10 +304,8 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
"Version", Confidence.HIGHEST);
|
"Version", Confidence.HIGHEST);
|
||||||
addPropertyToEvidence(headers, dependency.getProductEvidence(), "Name",
|
addPropertyToEvidence(headers, dependency.getProductEvidence(), "Name",
|
||||||
Confidence.HIGHEST);
|
Confidence.HIGHEST);
|
||||||
|
|
||||||
dependency.setName(headers.getHeader("Name", null));
|
dependency.setName(headers.getHeader("Name", null));
|
||||||
dependency.setVersion(headers.getHeader("Version", null));
|
dependency.setVersion(headers.getHeader("Version", null));
|
||||||
|
|
||||||
final String url = headers.getHeader("Home-page", null);
|
final String url = headers.getHeader("Home-page", null);
|
||||||
final EvidenceCollection vendorEvidence = dependency
|
final EvidenceCollection vendorEvidence = dependency
|
||||||
.getVendorEvidence();
|
.getVendorEvidence();
|
||||||
|
|||||||
@@ -329,9 +329,8 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
* @param confidence in evidence
|
* @param confidence in evidence
|
||||||
* @return whether evidence was found
|
* @return whether evidence was found
|
||||||
*/
|
*/
|
||||||
private boolean gatherVersionEvidence(Pattern pattern, String contents,
|
private boolean gatherVersionEvidence(Pattern pattern, String contents, String source, EvidenceCollection evidence,
|
||||||
String source, EvidenceCollection evidence, String name,
|
String name, Confidence confidence, Dependency d) {
|
||||||
Confidence confidence,Dependency d) {
|
|
||||||
final Matcher matcher = pattern.matcher(contents);
|
final Matcher matcher = pattern.matcher(contents);
|
||||||
final boolean found = matcher.find();
|
final boolean found = matcher.find();
|
||||||
if (found) {
|
if (found) {
|
||||||
|
|||||||
@@ -164,17 +164,15 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
addStringEvidence(vendor, contents, blockVariable, "homepage", "homepage", Confidence.HIGHEST);
|
addStringEvidence(vendor, contents, blockVariable, "homepage", "homepage", Confidence.HIGHEST);
|
||||||
addStringEvidence(vendor, contents, blockVariable, "license", "licen[cs]es?", Confidence.HIGHEST);
|
addStringEvidence(vendor, contents, blockVariable, "license", "licen[cs]es?", Confidence.HIGHEST);
|
||||||
|
|
||||||
final String value = addStringEvidence(dependency.getVersionEvidence(), contents,
|
final String value = addStringEvidence(dependency.getVersionEvidence(), contents, blockVariable, "version",
|
||||||
blockVariable, "version", "version", Confidence.HIGHEST);
|
"version", Confidence.HIGHEST);
|
||||||
if (value.length() < 1) {
|
if (value.length() < 1) {
|
||||||
addEvidenceFromVersionFile(dependency.getActualFile(), dependency.getVersionEvidence());
|
addEvidenceFromVersionFile(dependency.getActualFile(), dependency.getVersionEvidence());
|
||||||
}
|
}
|
||||||
else
|
else {
|
||||||
{
|
|
||||||
dependency.setVersion(value);
|
dependency.setVersion(value);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
setPackagePath(dependency);
|
setPackagePath(dependency);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -143,16 +143,17 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
final EvidenceCollection product = dependency.getProductEvidence();
|
final EvidenceCollection product = dependency.getProductEvidence();
|
||||||
final EvidenceCollection vendor = dependency.getVendorEvidence();
|
final EvidenceCollection vendor = dependency.getVendorEvidence();
|
||||||
|
|
||||||
//SPM is currently under development for SWIFT 3. Its current metadata includes package name and dependencies.
|
// SPM is currently under development for SWIFT 3. Its current metadata includes
|
||||||
//Future interesting metadata: version, license, homepage, author, summary, etc.
|
// package name and dependencies.
|
||||||
|
// Future interesting metadata: version, license, homepage, author, summary,
|
||||||
|
// etc.
|
||||||
final String name = addStringEvidence(product, packageDescription, "name", "name", Confidence.HIGHEST);
|
final String name = addStringEvidence(product, packageDescription, "name", "name", Confidence.HIGHEST);
|
||||||
if (name != null && !name.isEmpty()) {
|
if (name != null && !name.isEmpty()) {
|
||||||
vendor.addEvidence(SPM_FILE_NAME, "name_project", name, Confidence.HIGHEST);
|
vendor.addEvidence(SPM_FILE_NAME, "name_project", name, Confidence.HIGHEST);
|
||||||
dependency.setName(name);
|
dependency.setName(name);
|
||||||
}
|
} else {
|
||||||
else
|
// if we can't get the name from the meta, then assume the name is the name of
|
||||||
{
|
// the parent folder containing the package.swift file.
|
||||||
//if we can't get the name from the meta, then assume the name is the name of the parent folder containing the package.swift file.
|
|
||||||
dependency.setName(dependency.getActualFile().getParentFile().getName());
|
dependency.setName(dependency.getActualFile().getParentFile().getName());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -305,20 +305,16 @@ public class Dependency implements Serializable, Comparable<Dependency> {
|
|||||||
* @return the file name to display
|
* @return the file name to display
|
||||||
*/
|
*/
|
||||||
public String getDisplayFileName() {
|
public String getDisplayFileName() {
|
||||||
if (displayName == null) {
|
if (displayName != null) {
|
||||||
if(name != null) {
|
return displayName;
|
||||||
if (version != null) {
|
|
||||||
return name + ":" + version;
|
|
||||||
}
|
}
|
||||||
else {
|
if (name == null) {
|
||||||
|
return fileName;
|
||||||
|
}
|
||||||
|
if (version == null) {
|
||||||
return name;
|
return name;
|
||||||
}
|
}
|
||||||
}
|
return name + ":" + version;
|
||||||
else {
|
|
||||||
return this.fileName;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return this.displayName;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -880,7 +876,8 @@ public class Dependency implements Serializable, Comparable<Dependency> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param version the version to set
|
* @param version
|
||||||
|
* the version to set
|
||||||
*/
|
*/
|
||||||
public void setVersion(String version) {
|
public void setVersion(String version) {
|
||||||
this.version = version;
|
this.version = version;
|
||||||
@@ -894,7 +891,8 @@ public class Dependency implements Serializable, Comparable<Dependency> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param ecosystem the ecosystem to set
|
* @param ecosystem
|
||||||
|
* the ecosystem to set
|
||||||
*/
|
*/
|
||||||
public void setEcosystem(String ecosystem) {
|
public void setEcosystem(String ecosystem) {
|
||||||
this.ecosystem = ecosystem;
|
this.ecosystem = ecosystem;
|
||||||
|
|||||||
@@ -140,15 +140,13 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
|
|||||||
|
|
||||||
//this one finds nothing so it falls through to the filename. Can we do better?
|
//this one finds nothing so it falls through to the filename. Can we do better?
|
||||||
assertEquals("OpenCVDetectPython.cmake",result.getDisplayFileName());
|
assertEquals("OpenCVDetectPython.cmake",result.getDisplayFileName());
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void assertProductEvidence(Dependency result, String product) {
|
private void assertProductEvidence(Dependency result, String product) {
|
||||||
assertEquals(product,result.getName());
|
assertEquals(product, result.getName());
|
||||||
assertTrue("Expected product evidence to contain \"" + product + "\".",
|
assertTrue("Expected product evidence to contain \"" + product + "\".",
|
||||||
result.getProductEvidence().toString().contains(product));
|
result.getProductEvidence().toString().contains(product));
|
||||||
assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
|
assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -171,7 +169,6 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
|
|||||||
final Dependency last = dependencies.get(3);
|
final Dependency last = dependencies.get(3);
|
||||||
assertProductEvidence(last, "libavresample");
|
assertProductEvidence(last, "libavresample");
|
||||||
assertVersionEvidence(last, "1.0.1");
|
assertVersionEvidence(last, "1.0.1");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void assertVersionEvidence(Dependency result, String version) {
|
private void assertVersionEvidence(Dependency result, String version) {
|
||||||
|
|||||||
@@ -101,7 +101,7 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {
|
|||||||
|
|
||||||
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
|
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
|
||||||
"composer.lock"));
|
"composer.lock"));
|
||||||
///test that we don't remove the parent if it's not redundant by name
|
//test that we don't remove the parent if it's not redundant by name
|
||||||
result.setDisplayFileName("NotComposer.Lock");
|
result.setDisplayFileName("NotComposer.Lock");
|
||||||
engine.getDependencies().add(result);
|
engine.getDependencies().add(result);
|
||||||
analyzer.analyze(result, engine);
|
analyzer.analyze(result, engine);
|
||||||
|
|||||||
Reference in New Issue
Block a user