github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-19 15:54:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

minor bug fix

Browse Source 
Former-commit-id: c1417cb0cd8d0a65838feaa5b33c85e73e56a3e2
This commit is contained in:
Jeremy Long
2013-05-10 06:29:08 -04:00
parent 4d7b4ce877
commit 5f6480527e
2 changed files with 77 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -20,6 +20,7 @@ package org.owasp.dependencycheck.analyzer;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.util.Enumeration;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import javax.xml.bind.JAXBException; import javax.xml.bind.JAXBException;
@@ -357,6 +358,10 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
} }
return foundSomething; return foundSomething;
} }
/**
* Tracks whether the jar being analyzed contains classes.
*/
private boolean hasClasses = false;
/** /**
* Analyzes the path information of the classes contained within the * Analyzes the path information of the classes contained within the
@@ -372,7 +377,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
*/ */
protected boolean analyzePackageNames(Dependency dependency, boolean addPackagesAsEvidence) protected boolean analyzePackageNames(Dependency dependency, boolean addPackagesAsEvidence)
throws IOException { throws IOException {
boolean hasClasses = false; hasClasses = false;
JarFile jar = null; JarFile jar = null;
try { try {
jar = new JarFile(dependency.getActualFilePath()); jar = new JarFile(dependency.getActualFilePath());
@@ -381,56 +386,8 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
final HashMap<String, Integer> level1 = new HashMap<String, Integer>(); final HashMap<String, Integer> level1 = new HashMap<String, Integer>();
final HashMap<String, Integer> level2 = new HashMap<String, Integer>(); final HashMap<String, Integer> level2 = new HashMap<String, Integer>();
final HashMap<String, Integer> level3 = new HashMap<String, Integer>(); final HashMap<String, Integer> level3 = new HashMap<String, Integer>();
int count = 0; final int count = collectPackageNameInformation(en, level0, level1, level2, level3);
while (en.hasMoreElements()) {
final java.util.jar.JarEntry entry = (java.util.jar.JarEntry) en.nextElement();
if (entry.getName().endsWith(".class")) {
hasClasses = true;
String[] path = null;
if (entry.getName().contains("/")) {
path = entry.getName().toLowerCase().split("/");
if ("java".equals(path[0])
|| "javax".equals(path[0])
|| ("com".equals(path[0]) && "sun".equals(path[0]))) {
continue;
}
} else {
path = new String[1];
path[0] = entry.getName();
}
count += 1;
String temp = path[0];
if (level0.containsKey(temp)) {
level0.put(temp, level0.get(temp) + 1);
} else {
level0.put(temp, 1);
}
if (path.length > 2) {
temp += "/" + path[1];
if (level1.containsKey(temp)) {
level1.put(temp, level1.get(temp) + 1);
} else {
level1.put(temp, 1);
}
}
if (path.length > 3) {
temp += "/" + path[2];
if (level2.containsKey(temp)) {
level2.put(temp, level2.get(temp) + 1);
} else {
level2.put(temp, 1);
}
}
if (path.length > 4) {
temp += "/" + path[3];
if (level3.containsKey(temp)) {
level3.put(temp, level3.get(temp) + 1);
} else {
level3.put(temp, 1);
}
}
}
}
if (count == 0) { if (count == 0) {
return hasClasses; return hasClasses;
} }
@@ -740,4 +697,72 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
} }
return false; return false;
} }
/**
* Cycles through an enumeration of JarEntries and collects level 0-3 directory
* structure names. This is helpful when analyzing vendor/product as many times
* this is included in the package name. This does not analyze core Java package
* names.
*
* @param en an Enumeration of JarEntries
* @param level0 HashMap of level 0 package names (e.g. org)
* @param level1 HashMap of level 1 package names (e.g. owasp)
* @param level2 HashMap of level 2 package names (e.g. dependencycheck)
* @param level3 HashMap of level 3 package names (e.g. analyzer)
* @return the number of entries processed that were included in the above HashMaps
*/
private int collectPackageNameInformation(Enumeration en, HashMap<String, Integer> level0,
HashMap<String, Integer> level1, HashMap<String, Integer> level2, HashMap<String, Integer> level3) {
int count = 0;
while (en.hasMoreElements()) {
final java.util.jar.JarEntry entry = (java.util.jar.JarEntry) en.nextElement();
if (entry.getName().endsWith(".class")) {
hasClasses = true;
String[] path = null;
if (entry.getName().contains("/")) {
path = entry.getName().toLowerCase().split("/");
if ("java".equals(path[0])
|| "javax".equals(path[0])
|| ("com".equals(path[0]) && "sun".equals(path[0]))) {
continue;
}
} else {
path = new String[1];
path[0] = entry.getName();
}
count += 1;
String temp = path[0];
if (level0.containsKey(temp)) {
level0.put(temp, level0.get(temp) + 1);
} else {
level0.put(temp, 1);
}
if (path.length > 2) {
temp += "/" + path[1];
if (level1.containsKey(temp)) {
level1.put(temp, level1.get(temp) + 1);
} else {
level1.put(temp, 1);
}
}
if (path.length > 3) {
temp += "/" + path[2];
if (level2.containsKey(temp)) {
level2.put(temp, level2.get(temp) + 1);
} else {
level2.put(temp, 1);
}
}
if (path.length > 4) {
temp += "/" + path[3];
if (level3.containsKey(temp)) {
level3.put(temp, level3.get(temp) + 1);
} else {
level3.put(temp, 1);
}
}
}
}
return count;
}
} }

2
src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java
View File

@@ -152,7 +152,7 @@ public class ReportGenerator {
generateReports(outputDir, Format.XML); generateReports(outputDir, Format.XML);
} }
if ("HTML".equalsIgnoreCase(outputFormat)) { if ("HTML".equalsIgnoreCase(outputFormat)) {
generateReports(outputDir, Format.XML); generateReports(outputDir, Format.HTML);
} }
if ("ALL".equalsIgnoreCase(outputFormat)) { if ("ALL".equalsIgnoreCase(outputFormat)) {
generateReports(outputDir, Format.ALL); generateReports(outputDir, Format.ALL);