From 53e67dfb2764b254081292e88e541c78b38e183b Mon Sep 17 00:00:00 2001 From: Will Stranathan Date: Thu, 27 Mar 2014 17:34:45 -0400 Subject: [PATCH] Updated waitFor semantics Former-commit-id: 1080c4eca42029535508f2503ac0a76e853a7fcc --- .../analyzer/AssemblyAnalyzer.java | 44 ++++++++++++------ .../src/main/resources/GrokAssembly.exe | Bin 5632 -> 5632 bytes 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java index 52f5f3911..6f6ee4291 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java @@ -17,20 +17,24 @@ */ package org.owasp.dependencycheck.analyzer; +import java.io.BufferedReader; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; +import java.io.InputStreamReader; import java.util.ArrayList; import java.util.List; import java.util.Set; import java.util.logging.Level; import java.util.logging.Logger; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; import javax.xml.xpath.XPathFactory; + import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Confidence; @@ -113,19 +117,13 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { final ProcessBuilder pb = new ProcessBuilder(args); try { final Process proc = pb.start(); + // Try evacuating the error stream + final BufferedReader rdr = new BufferedReader(new InputStreamReader(proc.getErrorStream())); + String line = null; + while ((line = rdr.readLine()) != null) { + LOG.warning("Error from GrokAssembly: " + line); + } int rc = 0; - try { - rc = proc.waitFor(); - } catch (InterruptedException ie) { - return; - } - if (rc == 3) { - LOG.info(dependency.getActualFilePath() + " is not a valid assembly"); - return; - } else if (rc != 0) { - LOG.warning("Return code " + rc + " from GrokAssembly"); - } - final Document doc = builder.parse(proc.getInputStream()); final XPath xpath = XPathFactory.newInstance().newXPath(); @@ -153,6 +151,19 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { product, Confidence.HIGH)); } + try { + rc = proc.waitFor(); + } catch (InterruptedException ie) { + return; + } + if (rc == 3) { + LOG.info(dependency.getActualFilePath() + " is not a valid assembly"); + return; + } else if (rc != 0) { + LOG.warning("Return code " + rc + " from GrokAssembly"); + } + + } catch (IOException ioe) { throw new AnalysisException(ioe); } catch (SAXException saxe) { @@ -208,7 +219,14 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { // Now, need to see if GrokAssembly actually runs from this location. final List args = buildArgumentList(); try { - final Process p = new ProcessBuilder(args).start(); + final ProcessBuilder pb = new ProcessBuilder(args); + final Process p = pb.start(); + // Try evacuating the error stream + final BufferedReader rdr = new BufferedReader(new InputStreamReader(p.getErrorStream())); + String line = null; + while ((line = rdr.readLine()) != null) { + // We expect this to complain + } final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream()); final XPath xpath = XPathFactory.newInstance().newXPath(); final String error = xpath.evaluate("/assembly/error", doc); diff --git a/dependency-check-core/src/main/resources/GrokAssembly.exe b/dependency-check-core/src/main/resources/GrokAssembly.exe index 3324e28e858916827baf2c4e25c9ec4bb505dd8f..0cea03759a903de123293b159454387cbaf52851 100755 GIT binary patch delta 1379 zcmZ8gZD?Cn7=GV#bCY{-)0^I#m{w!DWa+x3OGiU3q_b-qzqV4aNY}~Av{VeW3f>tb zI9HlZ5$4CldWIjJBKk+C2ukpW!eHXB{jxHDD0BE@4h3-vf)t0~b52{GJ@7u~eV_L^ z@A+OTE)`!sVHj`Rviw3?bQYICIOwkKA{r;OQKJ3EayBlrJR`cI@@ZboP*G)&fC)0` z+;$?%CNgwPVfk3B&+QcXn~0pARG&d>EbkXXoRg=;wnn>CKFJuET**5S?8#x2Rf`iH z2_lHCT2;B0asw1~I-K%-8~PT6`6!?@-wKR}>{U>lcM-G)F<>3aRNVB;!5)t?xx8q|FW(~=j;dq{q7)!zDdQFh=fJyv=BAglJ#Rz*T7 zZrCb2`=9K#Ah|XB)n?WX+L4P#l5wky3m`AzSu63dRlB&Uu)J{4A%{ZUooavG|2wxU zO0;oq^371k+>Iy}?x{QoCEB~NyJ5e>!Z2)@1$xCFfc*(m+uv+BFzUx~o`ZG4#{s}2 z+T?#kr0T?F+T6K!0i|+_L_ecHg@=%vtk>oroqJr3Sb!`Fb#7{sPT-Dl^px8-HFgL3 z*AX9)$IYF)Qi#-gl&Oi-yTJWxU&YE)j_4VA!R&4PO&^j&Hv8;Q7b|~Q<2{;rn4br8 zTw_!7-)jCZ%?P2gd5xn&RhZMbsPVMM&oy4qcvYiqY&RSlGN#o-PpqE?P%W&D+EMUM z`F1#EJRqv_YKLP)sUxC*&Z}1xY7FK+mUEWP8zKb8BeH2<+zl({)>@n;d4d0kT+FOSz zwui^Nm3*q1v%)M7+m+aX>XY?*YxDJLjpnNL8Tr1w5T2~oC!VM`b54(tK{PMFj4t52 zQSig94|NTn+5hUbXFnbL_~0q|V(X4+7H){xbxmSF3zz&t7;ecMh-5_iX1^qiwBKuF zNGaGagfissRZuZAl=e$tt+bnn*p_elo}cv#kozTMWQV&Jqc!#WHkw4= yW+pMp(rsI8nLRdvug-+N`C8iuw+`Z<`l&<%RHlLEWp9TNnW3ha_>GtQBL4sul+QT; delta 1655 zcmZ8hU2Icj7=FHU`g7W@$Mtk{ldapC%|cW=(*^9%XKUkLtvIY5je2LqX}gO~d3Nw> z@WW04zlQ)_*$8;eW|LX1rK^E(V`Y;M`!#P^+blZ0D_YHTI!xNl0VlMJ`PU3Uq$6aU z5<+=6`>kNn#9TT`v%QlQ4L8nMCrI0H&q|d!VZ&j=@M5hGWv#@V`x#~0B&}*ygtIR# z)p|sRmJ*`r*iMSLPbH=;>Y?x0Nu=2$T<(++i%hDF`(ysLMs|<+FXj_lY&FMED|5vB zi8*JD*R5Ag%Njo$?w>2Zkdq+gluLLpso^fHj;N3kkFE}jh~*C(a@MYPCYPNdr;@&S zFi{;hvg_rX!I&`@4;XI4a)=QNI91+#y}o@r{q+y6u~h~=7;bTmLnP%Ik5MkI(c9vy z$S2t;z+H47WgVX1c>8%@ zm(OzX%0}yW`B+p_Y0E49zzwh9&rAo!4TNEd^TY~;O^VqpdPEpQN}o~sW##=y;a$Z; zlQEBJGPhCT9))9ye?#F13cpf#SK)%fgf4TNx9B_dFplbHzQ(<1=HwwR3_@lx*3jZJqY{UXyC+gxFF(UpV#>IVNrI36|`1ujmE521!Qh!1W zh)FyP-^}8o`pa+?JPmxI6h5gh9am(P_AvL}{Iy^}w2bD8hkIPtaWR;iEDpK(V$Mb1 zM6tC6i?0paoQda;6ro&CsQFN3K-FyXh>DIgSx}rlhCN#)y|HsVlv6=fAV_ zx6brlxEBPBDy#pn6)3B0$Xl7NFk3Tmv0Nv!FZkm1wD4lc%2-JTT5a?gF@cg^*E!Z*DCCZhj86fB z0=xUXdnLb^*`