From 56424924bba1c914d0107a7080670495cbc0e368 Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Wed, 5 Aug 2015 15:21:14 -0400 Subject: [PATCH] 290: Extracted some methods to reduce average method size, and eliminate some duplicate code. --- .../analyzer/ArchiveAnalyzer.java | 127 +++++++++--------- 1 file changed, 63 insertions(+), 64 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index ab3b84ac1..73ddc95c9 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -17,22 +17,6 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.BufferedInputStream; -import java.io.BufferedOutputStream; -import java.io.File; -import java.io.FileFilter; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.FileOutputStream; -import java.io.IOException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - import org.apache.commons.compress.archivers.ArchiveEntry; import org.apache.commons.compress.archivers.ArchiveInputStream; import org.apache.commons.compress.archivers.tar.TarArchiveInputStream; @@ -52,6 +36,9 @@ import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.io.*; +import java.util.*; + /** *

* An analyzer that extracts files from archives and ensures any supported files contained within the archive are added to the @@ -113,7 +100,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { static { final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS); if (additionalZipExt != null) { - final Set ext = new HashSet(Arrays.asList(additionalZipExt)); + final Set ext = new HashSet(Collections.singletonList(additionalZipExt)); ZIPPABLES.addAll(ext); } EXTENSIONS.addAll(ZIPPABLES); @@ -205,7 +192,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { * and added to the list of dependencies within the engine. * * @param dependency the dependency to analyze - * @param engine the engine scanning + * @param engine the engine scanning * @throws AnalysisException thrown if there is an analysis exception */ @Override @@ -215,15 +202,8 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { extractFiles(f, tmpDir, engine); //make a copy - List dependencies = new ArrayList(engine.getDependencies()); - engine.scan(tmpDir); - List newDependencies = engine.getDependencies(); - if (dependencies.size() != newDependencies.size()) { - //get the new dependencies - final Set dependencySet = new HashSet(); - dependencySet.addAll(newDependencies); - dependencySet.removeAll(dependencies); - + final Set dependencySet = findMoreDependencies(engine, tmpDir); + if (!dependencySet.isEmpty()) { for (Dependency d : dependencySet) { //fix the dependency's display name and path final String displayPath = String.format("%s%s", @@ -245,41 +225,60 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { } } if (REMOVE_FROM_ANALYSIS.accept(dependency.getActualFile())) { - if (ZIP_FILTER.accept(dependency.getActualFile()) && isZipFileActuallyJarFile(dependency)) { - final File tdir = getNextTempDirectory(); - final String fileName = dependency.getFileName(); - - LOGGER.info(String.format("The zip file '%s' appears to be a JAR file, making a copy and analyzing it as a JAR.", fileName)); - - final File tmpLoc = new File(tdir, fileName.substring(0, fileName.length() - 3) + "jar"); - try { - org.apache.commons.io.FileUtils.copyFile(tdir, tmpLoc); - dependencies = new ArrayList(engine.getDependencies()); - engine.scan(tmpLoc); - newDependencies = engine.getDependencies(); - if (dependencies.size() != newDependencies.size()) { - //get the new dependencies - final Set dependencySet = new HashSet(); - dependencySet.addAll(newDependencies); - dependencySet.removeAll(dependencies); - if (dependencySet.size() != 1) { - LOGGER.info("Deep copy of ZIP to JAR file resulted in more then one dependency?"); - } - for (Dependency d : dependencySet) { - //fix the dependency's display name and path - d.setFilePath(dependency.getFilePath()); - d.setDisplayFileName(dependency.getFileName()); - } - } - } catch (IOException ex) { - LOGGER.debug("Unable to perform deep copy on '{}'", dependency.getActualFile().getPath(), ex); - } - } + addDisguisedJarsToDependencies(dependency, engine); engine.getDependencies().remove(dependency); } Collections.sort(engine.getDependencies()); } + private void addDisguisedJarsToDependencies(Dependency dependency, Engine engine) throws AnalysisException { + if (ZIP_FILTER.accept(dependency.getActualFile()) && isZipFileActuallyJarFile(dependency)) { + final File tdir = getNextTempDirectory(); + final String fileName = dependency.getFileName(); + + LOGGER.info(String.format("The zip file '%s' appears to be a JAR file, making a copy and analyzing it as a JAR.", fileName)); + + final File tmpLoc = new File(tdir, fileName.substring(0, fileName.length() - 3) + "jar"); + try { + org.apache.commons.io.FileUtils.copyFile(tdir, tmpLoc); + final Set dependencySet = findMoreDependencies(engine, tmpLoc); + if (!dependencySet.isEmpty()) { + if (dependencySet.size() != 1) { + LOGGER.info("Deep copy of ZIP to JAR file resulted in more than one dependency?"); + } + for (Dependency d : dependencySet) { + //fix the dependency's display name and path + d.setFilePath(dependency.getFilePath()); + d.setDisplayFileName(dependency.getFileName()); + } + } + } catch (IOException ex) { + LOGGER.debug("Unable to perform deep copy on '{}'", dependency.getActualFile().getPath(), ex); + } + } + } + + private static final Set EMPTY_DEPENDENCY_SET = Collections.emptySet(); + + private Set findMoreDependencies(Engine engine, File tmpDir) { + //make a copy + List dependencies = new ArrayList(engine.getDependencies()); + engine.scan(tmpDir); + List newDependencies = engine.getDependencies(); + final boolean sizeChanged = dependencies.size() != newDependencies.size(); + final Set dependencySet; + if (sizeChanged) { + //get the new dependencies + dependencySet = new HashSet(); + dependencySet.addAll(newDependencies); + dependencySet.removeAll(dependencies); + } else { + dependencySet = EMPTY_DEPENDENCY_SET; + } + return dependencySet; + } + + /** * Retrieves the next temporary directory to extract an archive too. * @@ -303,9 +302,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { /** * Extracts the contents of an archive into the specified directory. * - * @param archive an archive file such as a WAR or EAR + * @param archive an archive file such as a WAR or EAR * @param destination a directory to extract the contents to - * @param engine the scanning engine + * @param engine the scanning engine * @throws AnalysisException thrown if the archive is not found */ private void extractFiles(File archive, File destination, Engine engine) throws AnalysisException { @@ -313,7 +312,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { return; } - FileInputStream fis = null; + FileInputStream fis; try { fis = new FileInputStream(archive); } catch (FileNotFoundException ex) { @@ -351,9 +350,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { /** * Extracts files from an archive. * - * @param input the archive to extract files from + * @param input the archive to extract files from * @param destination the location to write the files too - * @param engine the dependency-check engine + * @param engine the dependency-check engine * @throws ArchiveExtractionException thrown if there is an exception extracting files from the archive */ private void extractArchive(ArchiveInputStream input, File destination, Engine engine) throws ArchiveExtractionException { @@ -436,7 +435,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { * Decompresses a file. * * @param inputStream the compressed file - * @param outputFile the location to write the decompressed file + * @param outputFile the location to write the decompressed file * @throws ArchiveExtractionException thrown if there is an exception decompressing the file */ private void decompressFile(CompressorInputStream inputStream, File outputFile) throws ArchiveExtractionException { @@ -445,7 +444,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { try { out = new FileOutputStream(outputFile); final byte[] buffer = new byte[BUFFER_SIZE]; - int n = 0; + int n; // = 0 while (-1 != (n = inputStream.read(buffer))) { out.write(buffer, 0, n); }