290: Extracted some methods to reduce average method size, and eliminate some duplicate code.

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java

@@ -17,22 +17,6 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import java.io.BufferedInputStream;
-import java.io.BufferedOutputStream;
-import java.io.File;
-import java.io.FileFilter;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
 import org.apache.commons.compress.archivers.ArchiveEntry;
 import org.apache.commons.compress.archivers.ArchiveInputStream;
 import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
@@ -52,6 +36,9 @@ import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.*;
+import java.util.*;
+
 /**
  * <p>
  * An analyzer that extracts files from archives and ensures any supported files contained within the archive are added to the
@@ -113,7 +100,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
     static {
         final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
         if (additionalZipExt != null) {
-            final Set<String> ext = new HashSet<String>(Arrays.asList(additionalZipExt));
+            final Set<String> ext = new HashSet<String>(Collections.singletonList(additionalZipExt));
             ZIPPABLES.addAll(ext);
         }
         EXTENSIONS.addAll(ZIPPABLES);
@@ -205,7 +192,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
      * and added to the list of dependencies within the engine.
      *
      * @param dependency the dependency to analyze
-     * @param engine the engine scanning
+     * @param engine     the engine scanning
      * @throws AnalysisException thrown if there is an analysis exception
      */
     @Override
@@ -215,15 +202,8 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
         extractFiles(f, tmpDir, engine);
 
         //make a copy
-        List<Dependency> dependencies = new ArrayList<Dependency>(engine.getDependencies());
+        final Set<Dependency> dependencySet = findMoreDependencies(engine, tmpDir);
-        engine.scan(tmpDir);
+        if (!dependencySet.isEmpty()) {
-        List<Dependency> newDependencies = engine.getDependencies();
-        if (dependencies.size() != newDependencies.size()) {
-            //get the new dependencies
-            final Set<Dependency> dependencySet = new HashSet<Dependency>();
-            dependencySet.addAll(newDependencies);
-            dependencySet.removeAll(dependencies);
-
             for (Dependency d : dependencySet) {
                 //fix the dependency's display name and path
                 final String displayPath = String.format("%s%s",
@@ -245,41 +225,60 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
             }
         }
         if (REMOVE_FROM_ANALYSIS.accept(dependency.getActualFile())) {
-            if (ZIP_FILTER.accept(dependency.getActualFile()) && isZipFileActuallyJarFile(dependency)) {
+            addDisguisedJarsToDependencies(dependency, engine);
-                final File tdir = getNextTempDirectory();
-                final String fileName = dependency.getFileName();
-
-                LOGGER.info(String.format("The zip file '%s' appears to be a JAR file, making a copy and analyzing it as a JAR.", fileName));
-
-                final File tmpLoc = new File(tdir, fileName.substring(0, fileName.length() - 3) + "jar");
-                try {
-                    org.apache.commons.io.FileUtils.copyFile(tdir, tmpLoc);
-                    dependencies = new ArrayList<Dependency>(engine.getDependencies());
-                    engine.scan(tmpLoc);
-                    newDependencies = engine.getDependencies();
-                    if (dependencies.size() != newDependencies.size()) {
-                        //get the new dependencies
-                        final Set<Dependency> dependencySet = new HashSet<Dependency>();
-                        dependencySet.addAll(newDependencies);
-                        dependencySet.removeAll(dependencies);
-                        if (dependencySet.size() != 1) {
-                            LOGGER.info("Deep copy of ZIP to JAR file resulted in more then one dependency?");
-                        }
-                        for (Dependency d : dependencySet) {
-                            //fix the dependency's display name and path
-                            d.setFilePath(dependency.getFilePath());
-                            d.setDisplayFileName(dependency.getFileName());
-                        }
-                    }
-                } catch (IOException ex) {
-                    LOGGER.debug("Unable to perform deep copy on '{}'", dependency.getActualFile().getPath(), ex);
-                }
-            }
             engine.getDependencies().remove(dependency);
         }
         Collections.sort(engine.getDependencies());
     }
 
+    private void addDisguisedJarsToDependencies(Dependency dependency, Engine engine) throws AnalysisException {
+        if (ZIP_FILTER.accept(dependency.getActualFile()) && isZipFileActuallyJarFile(dependency)) {
+            final File tdir = getNextTempDirectory();
+            final String fileName = dependency.getFileName();
+
+            LOGGER.info(String.format("The zip file '%s' appears to be a JAR file, making a copy and analyzing it as a JAR.", fileName));
+
+            final File tmpLoc = new File(tdir, fileName.substring(0, fileName.length() - 3) + "jar");
+            try {
+                org.apache.commons.io.FileUtils.copyFile(tdir, tmpLoc);
+                final Set<Dependency> dependencySet = findMoreDependencies(engine, tmpLoc);
+                if (!dependencySet.isEmpty()) {
+                    if (dependencySet.size() != 1) {
+                        LOGGER.info("Deep copy of ZIP to JAR file resulted in more than one dependency?");
+                    }
+                    for (Dependency d : dependencySet) {
+                        //fix the dependency's display name and path
+                        d.setFilePath(dependency.getFilePath());
+                        d.setDisplayFileName(dependency.getFileName());
+                    }
+                }
+            } catch (IOException ex) {
+                LOGGER.debug("Unable to perform deep copy on '{}'", dependency.getActualFile().getPath(), ex);
+            }
+        }
+    }
+
+    private static final Set<Dependency> EMPTY_DEPENDENCY_SET = Collections.emptySet();
+
+    private Set<Dependency> findMoreDependencies(Engine engine, File tmpDir) {
+        //make a copy
+        List<Dependency> dependencies = new ArrayList<Dependency>(engine.getDependencies());
+        engine.scan(tmpDir);
+        List<Dependency> newDependencies = engine.getDependencies();
+        final boolean sizeChanged = dependencies.size() != newDependencies.size();
+        final Set<Dependency> dependencySet;
+        if (sizeChanged) {
+            //get the new dependencies
+            dependencySet = new HashSet<Dependency>();
+            dependencySet.addAll(newDependencies);
+            dependencySet.removeAll(dependencies);
+        } else {
+            dependencySet = EMPTY_DEPENDENCY_SET;
+        }
+        return dependencySet;
+    }
+
+
     /**
      * Retrieves the next temporary directory to extract an archive too.
      *
@@ -303,9 +302,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
     /**
      * Extracts the contents of an archive into the specified directory.
      *
-     * @param archive an archive file such as a WAR or EAR
+     * @param archive     an archive file such as a WAR or EAR
      * @param destination a directory to extract the contents to
-     * @param engine the scanning engine
+     * @param engine      the scanning engine
      * @throws AnalysisException thrown if the archive is not found
      */
     private void extractFiles(File archive, File destination, Engine engine) throws AnalysisException {
@@ -313,7 +312,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
             return;
         }
 
-        FileInputStream fis = null;
+        FileInputStream fis;
         try {
             fis = new FileInputStream(archive);
         } catch (FileNotFoundException ex) {
@@ -351,9 +350,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
     /**
      * Extracts files from an archive.
      *
-     * @param input the archive to extract files from
+     * @param input       the archive to extract files from
      * @param destination the location to write the files too
-     * @param engine the dependency-check engine
+     * @param engine      the dependency-check engine
      * @throws ArchiveExtractionException thrown if there is an exception extracting files from the archive
      */
     private void extractArchive(ArchiveInputStream input, File destination, Engine engine) throws ArchiveExtractionException {
@@ -436,7 +435,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
      * Decompresses a file.
      *
      * @param inputStream the compressed file
-     * @param outputFile the location to write the decompressed file
+     * @param outputFile  the location to write the decompressed file
      * @throws ArchiveExtractionException thrown if there is an exception decompressing the file
      */
     private void decompressFile(CompressorInputStream inputStream, File outputFile) throws ArchiveExtractionException {
@@ -445,7 +444,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
         try {
             out = new FileOutputStream(outputFile);
             final byte[] buffer = new byte[BUFFER_SIZE];
-            int n = 0;
+            int n; // = 0
             while (-1 != (n = inputStream.read(buffer))) {
                 out.write(buffer, 0, n);
             }