github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-24 01:51:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

290: Extracted some methods to reduce average method size, and eliminate some duplicate code.

Browse Source
This commit is contained in:
Dale Visser
2015-08-05 15:21:14 -04:00
parent d529e88242
commit 56424924bb
1 changed files with 63 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -17,22 +17,6 @@
*/ */
package org.owasp.dependencycheck.analyzer; package org.owasp.dependencycheck.analyzer;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.commons.compress.archivers.ArchiveEntry; import org.apache.commons.compress.archivers.ArchiveEntry;
import org.apache.commons.compress.archivers.ArchiveInputStream; import org.apache.commons.compress.archivers.ArchiveInputStream;
import org.apache.commons.compress.archivers.tar.TarArchiveInputStream; import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
@@ -52,6 +36,9 @@ import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import java.io.*;
import java.util.*;
/** /**
* <p> * <p>
* An analyzer that extracts files from archives and ensures any supported files contained within the archive are added to the * An analyzer that extracts files from archives and ensures any supported files contained within the archive are added to the
@@ -113,7 +100,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
static { static {
final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS); final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
if (additionalZipExt != null) { if (additionalZipExt != null) {
final Set<String> ext = new HashSet<String>(Arrays.asList(additionalZipExt)); final Set<String> ext = new HashSet<String>(Collections.singletonList(additionalZipExt));
ZIPPABLES.addAll(ext); ZIPPABLES.addAll(ext);
} }
EXTENSIONS.addAll(ZIPPABLES); EXTENSIONS.addAll(ZIPPABLES);
@@ -215,15 +202,8 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
extractFiles(f, tmpDir, engine); extractFiles(f, tmpDir, engine);
//make a copy //make a copy
List<Dependency> dependencies = new ArrayList<Dependency>(engine.getDependencies()); final Set<Dependency> dependencySet = findMoreDependencies(engine, tmpDir);
engine.scan(tmpDir); if (!dependencySet.isEmpty()) {
List<Dependency> newDependencies = engine.getDependencies();
if (dependencies.size() != newDependencies.size()) {
//get the new dependencies
final Set<Dependency> dependencySet = new HashSet<Dependency>();
dependencySet.addAll(newDependencies);
dependencySet.removeAll(dependencies);
for (Dependency d : dependencySet) { for (Dependency d : dependencySet) {
//fix the dependency's display name and path //fix the dependency's display name and path
final String displayPath = String.format("%s%s", final String displayPath = String.format("%s%s",
@@ -245,6 +225,13 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
} }
} }
if (REMOVE_FROM_ANALYSIS.accept(dependency.getActualFile())) { if (REMOVE_FROM_ANALYSIS.accept(dependency.getActualFile())) {
addDisguisedJarsToDependencies(dependency, engine);
engine.getDependencies().remove(dependency);
}
Collections.sort(engine.getDependencies());
}
private void addDisguisedJarsToDependencies(Dependency dependency, Engine engine) throws AnalysisException {
if (ZIP_FILTER.accept(dependency.getActualFile()) && isZipFileActuallyJarFile(dependency)) { if (ZIP_FILTER.accept(dependency.getActualFile()) && isZipFileActuallyJarFile(dependency)) {
final File tdir = getNextTempDirectory(); final File tdir = getNextTempDirectory();
final String fileName = dependency.getFileName(); final String fileName = dependency.getFileName();
@@ -254,16 +241,10 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
final File tmpLoc = new File(tdir, fileName.substring(0, fileName.length() - 3) + "jar"); final File tmpLoc = new File(tdir, fileName.substring(0, fileName.length() - 3) + "jar");
try { try {
org.apache.commons.io.FileUtils.copyFile(tdir, tmpLoc); org.apache.commons.io.FileUtils.copyFile(tdir, tmpLoc);
dependencies = new ArrayList<Dependency>(engine.getDependencies()); final Set<Dependency> dependencySet = findMoreDependencies(engine, tmpLoc);
engine.scan(tmpLoc); if (!dependencySet.isEmpty()) {
newDependencies = engine.getDependencies();
if (dependencies.size() != newDependencies.size()) {
//get the new dependencies
final Set<Dependency> dependencySet = new HashSet<Dependency>();
dependencySet.addAll(newDependencies);
dependencySet.removeAll(dependencies);
if (dependencySet.size() != 1) { if (dependencySet.size() != 1) {
LOGGER.info("Deep copy of ZIP to JAR file resulted in more then one dependency?"); LOGGER.info("Deep copy of ZIP to JAR file resulted in more than one dependency?");
} }
for (Dependency d : dependencySet) { for (Dependency d : dependencySet) {
//fix the dependency's display name and path //fix the dependency's display name and path
@@ -275,10 +256,28 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
LOGGER.debug("Unable to perform deep copy on '{}'", dependency.getActualFile().getPath(), ex); LOGGER.debug("Unable to perform deep copy on '{}'", dependency.getActualFile().getPath(), ex);
} }
} }
engine.getDependencies().remove(dependency);
} }
Collections.sort(engine.getDependencies());
private static final Set<Dependency> EMPTY_DEPENDENCY_SET = Collections.emptySet();
private Set<Dependency> findMoreDependencies(Engine engine, File tmpDir) {
//make a copy
List<Dependency> dependencies = new ArrayList<Dependency>(engine.getDependencies());
engine.scan(tmpDir);
List<Dependency> newDependencies = engine.getDependencies();
final boolean sizeChanged = dependencies.size() != newDependencies.size();
final Set<Dependency> dependencySet;
if (sizeChanged) {
//get the new dependencies
dependencySet = new HashSet<Dependency>();
dependencySet.addAll(newDependencies);
dependencySet.removeAll(dependencies);
} else {
dependencySet = EMPTY_DEPENDENCY_SET;
} }
return dependencySet;
}
/** /**
* Retrieves the next temporary directory to extract an archive too. * Retrieves the next temporary directory to extract an archive too.
@@ -313,7 +312,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
return; return;
} }
FileInputStream fis = null; FileInputStream fis;
try { try {
fis = new FileInputStream(archive); fis = new FileInputStream(archive);
} catch (FileNotFoundException ex) { } catch (FileNotFoundException ex) {
@@ -445,7 +444,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
try { try {
out = new FileOutputStream(outputFile); out = new FileOutputStream(outputFile);
final byte[] buffer = new byte[BUFFER_SIZE]; final byte[] buffer = new byte[BUFFER_SIZE];
int n = 0; int n; // = 0
while (-1 != (n = inputStream.read(buffer))) { while (-1 != (n = inputStream.read(buffer))) {
out.write(buffer, 0, n); out.write(buffer, 0, n);
} }