From 5f4e4fab56d5c207a3086e25e7706cab5d4ded53 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Mon, 2 Jan 2017 21:43:51 -0500 Subject: [PATCH] reduced code duplication --- .../analyzer/AbstractSuppressionAnalyzer.java | 3 +- .../xml/suppression/SuppressionParser.java | 76 ++++++------------- 2 files changed, 24 insertions(+), 55 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java index f670c0094..37052953d 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java @@ -108,7 +108,8 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer { final SuppressionParser parser = new SuppressionParser(); File file = null; try { - rules = parser.parseSuppressionRules(this.getClass().getClassLoader().getResourceAsStream("dependencycheck-base-suppression.xml")); + InputStream in = this.getClass().getClassLoader().getResourceAsStream("dependencycheck-base-suppression.xml"); + rules = parser.parseSuppressionRules(in); } catch (SAXException ex) { throw new SuppressionParseException("Unable to parse the base suppression data file", ex); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionParser.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionParser.java index 3a2aab76c..4440d3406 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionParser.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionParser.java @@ -49,7 +49,7 @@ public class SuppressionParser { /** * The suppression schema file location. */ - private static final String SUPPRESSION_SCHEMA = "schema/dependency-suppression.1.1.xsd"; + public static final String SUPPRESSION_SCHEMA = "schema/dependency-suppression.1.1.xsd"; /** * The old suppression schema file location. */ @@ -84,7 +84,11 @@ public class SuppressionParser { } catch (FileNotFoundException ex1) { throw new SuppressionParseException(ex); } - return parseOldSuppressionRules(fis); + try { + return parseSuppressionRules(fis, OLD_SUPPRESSION_SCHEMA); + } catch (SAXException ex1) { + throw new SuppressionParseException(ex); + } } finally { if (fis != null) { try { @@ -96,6 +100,7 @@ public class SuppressionParser { } } + /** * Parses the given XML stream and returns a list of the suppression rules * contained. @@ -106,21 +111,31 @@ public class SuppressionParser { * @throws SAXException thrown if the XML cannot be parsed */ public List parseSuppressionRules(InputStream inputStream) throws SuppressionParseException, SAXException { + return parseSuppressionRules(inputStream, SUPPRESSION_SCHEMA); + } + + /** + * Parses the given XML stream and returns a list of the suppression rules + * contained. + * + * @param inputStream an InputStream containing suppression rules + * @param schema the schema used to validate the XML stream + * @return a list of suppression rules + * @throws SuppressionParseException thrown if the XML cannot be parsed + * @throws SAXException thrown if the XML cannot be parsed + */ + private List parseSuppressionRules(InputStream inputStream, String schema) throws SuppressionParseException, SAXException { InputStream schemaStream = null; try { - schemaStream = this.getClass().getClassLoader().getResourceAsStream(SUPPRESSION_SCHEMA); + schemaStream = this.getClass().getClassLoader().getResourceAsStream(schema); final SuppressionHandler handler = new SuppressionHandler(); final SAXParser saxParser = XmlUtils.buildSecureSaxParser(schemaStream); final XMLReader xmlReader = saxParser.getXMLReader(); xmlReader.setErrorHandler(new SuppressionErrorHandler()); xmlReader.setContentHandler(handler); - final Reader reader = new InputStreamReader(inputStream, "UTF-8"); final InputSource in = new InputSource(reader); - //in.setEncoding("UTF-8"); - xmlReader.parse(in); - return handler.getSuppressionRules(); } catch (ParserConfigurationException ex) { LOGGER.debug("", ex); @@ -148,51 +163,4 @@ public class SuppressionParser { } } } - - /** - * Parses the given XML stream and returns a list of the suppression rules - * contained. - * - * @param inputStream an InputStream containing suppression rues - * @return a list of suppression rules - * @throws SuppressionParseException if the XML cannot be parsed - */ - private List parseOldSuppressionRules(InputStream inputStream) throws SuppressionParseException { - InputStream schemaStream = null; - try { - schemaStream = this.getClass().getClassLoader().getResourceAsStream(OLD_SUPPRESSION_SCHEMA); - final SuppressionHandler handler = new SuppressionHandler(); - final SAXParser saxParser = XmlUtils.buildSecureSaxParser(schemaStream); - final XMLReader xmlReader = saxParser.getXMLReader(); - xmlReader.setErrorHandler(new SuppressionErrorHandler()); - xmlReader.setContentHandler(handler); - - final Reader reader = new InputStreamReader(inputStream, "UTF-8"); - final InputSource in = new InputSource(reader); - - xmlReader.parse(in); - - return handler.getSuppressionRules(); - } catch (ParserConfigurationException ex) { - LOGGER.debug("", ex); - throw new SuppressionParseException(ex); - } catch (SAXException ex) { - LOGGER.debug("", ex); - throw new SuppressionParseException(ex); - } catch (FileNotFoundException ex) { - LOGGER.debug("", ex); - throw new SuppressionParseException(ex); - } catch (IOException ex) { - LOGGER.debug("", ex); - throw new SuppressionParseException(ex); - } finally { - if (schemaStream != null) { - try { - schemaStream.close(); - } catch (IOException ex) { - LOGGER.debug("Error closing old suppression file stream", ex); - } - } - } - } }