From 5ff9ec994292ab0f6de3d2bdd480124741fe281d Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Mon, 17 Mar 2014 00:08:04 -0400 Subject: [PATCH] improved the abstract base class to support enabling/disabling each FileTypeAnalyzer Former-commit-id: a2464c7041d292e6f3a2ec0d2b1e75f3bcfce425 --- .../analyzer/AbstractFileTypeAnalyzer.java | 100 +++++++++++++++--- .../analyzer/ArchiveAnalyzer.java | 10 +- .../analyzer/AssemblyAnalyzer.java | 8 +- .../dependencycheck/analyzer/JarAnalyzer.java | 11 +- .../analyzer/JavaScriptAnalyzer.java | 9 +- .../analyzer/NexusAnalyzer.java | 30 ++---- .../analyzer/NuspecAnalyzer.java | 4 +- 7 files changed, 111 insertions(+), 61 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java index 63ecf64fd..c8399d1db 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java @@ -22,8 +22,12 @@ import java.util.Collections; import java.util.HashSet; import java.util.Set; import java.util.logging.Level; +import org.owasp.dependencycheck.Engine; +import org.owasp.dependencycheck.analyzer.exception.AnalysisException; +import org.owasp.dependencycheck.dependency.Dependency; /** + * The base FileTypeAnalyzer that all analyzers that have specific file types they analyze should extend. * * @author Jeremy Long */ @@ -46,20 +50,48 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen protected abstract Set getSupportedExtensions(); /** - * Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a - * final static declaration.

+ * Initializes the file type analyzer. * - * This implementation was copied from - * http://stackoverflow.com/questions/2041778/initialize-java-hashset-values-by-construction - * - * @param strings a list of strings to add to the set. - * @return a Set of strings. + * @throws Exception thrown if there is an exception during initialization */ - protected static Set newHashSet(String... strings) { - final Set set = new HashSet(); + protected abstract void initializeFileTypeAnalyzer() throws Exception; - Collections.addAll(set, strings); - return set; + /** + * Initializes the analyzer. + * + * @throws Exception thrown if there is an exception during initialization + */ + public final void initialize() throws Exception { + if (filesMatched) { + initializeFileTypeAnalyzer(); + } else { + enabled = false; + } + } + + /** + * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, + * scanned, and added to the list of dependencies within the engine. + * + * @param dependency the dependency to analyze + * @param engine the engine scanning + * @throws AnalysisException thrown if there is an analysis exception + */ + protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException; + + /** + * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, + * scanned, and added to the list of dependencies within the engine. + * + * @param dependency the dependency to analyze + * @param engine the engine scanning + * @throws AnalysisException thrown if there is an analysis exception + */ + @Override + public final void analyze(Dependency dependency, Engine engine) throws AnalysisException { + if (enabled) { + analyzeFileType(dependency, engine); + } } /** @@ -89,21 +121,59 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen private boolean filesMatched = false; /** - * Get the value of filesMatched + * Get the value of filesMatched. A flag indicating whether the scan included any file types this analyzer supports. * * @return the value of filesMatched */ - public boolean isFilesMatched() { + protected boolean isFilesMatched() { return filesMatched; } /** - * Set the value of filesMatched + * Set the value of filesMatched. A flag indicating whether the scan included any file types this analyzer supports. * * @param filesMatched new value of filesMatched */ - public void setFilesMatched(boolean filesMatched) { + protected void setFilesMatched(boolean filesMatched) { this.filesMatched = filesMatched; } + private boolean enabled = true; + + /** + * Get the value of enabled + * + * @return the value of enabled + */ + public boolean isEnabled() { + return enabled; + } + + /** + * Set the value of enabled + * + * @param enabled new value of enabled + */ + public void setEnabled(boolean enabled) { + this.enabled = enabled; + } + + /** + *

+ * Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a + * final static declaration.

+ * + *

+ * This implementation was copied from + * http://stackoverflow.com/questions/2041778/initialize-java-hashset-values-by-construction

+ * + * @param strings a list of strings to add to the set. + * @return a Set of strings. + */ + protected static Set newHashSet(String... strings) { + final Set set = new HashSet(); + + Collections.addAll(set, strings); + return set; + } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index fe70332b0..888b908ef 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -53,7 +53,7 @@ import org.owasp.dependencycheck.utils.Settings; * * @author Jeremy Long */ -public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer { +public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { /** * The buffer size to use when extracting files from the archive. @@ -140,11 +140,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer implements Analyze * @throws Exception is thrown if there is an exception deleting or creating temporary files */ @Override - public void initialize() throws Exception { - super.initialize(); - if (!isFilesMatched()) { - return; - } + public void initializeFileTypeAnalyzer() throws Exception { final File baseDir = Settings.getTempDirectory(); if (!baseDir.exists()) { if (!baseDir.mkdirs()) { @@ -189,7 +185,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer implements Analyze * @throws AnalysisException thrown if there is an analysis exception */ @Override - public void analyze(Dependency dependency, Engine engine) throws AnalysisException { + public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException { final File f = new File(dependency.getActualFilePath()); final File tmpDir = getNextTempDirectory(); extractFiles(f, tmpDir, engine); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java index 6c6c4d5e9..c2dcd276a 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java @@ -101,7 +101,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { * @throws AnalysisException if anything goes sideways */ @Override - public void analyze(Dependency dependency, Engine engine) + public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException { if (grokAssemblyExe == null) { LOG.warning("GrokAssembly didn't get deployed"); @@ -156,11 +156,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { * @throws Exception if anything goes wrong */ @Override - public void initialize() throws Exception { - super.initialize(); - if (!isFilesMatched()) { - return; //no work to do, so don't initialize - } + public void initializeFileTypeAnalyzer() throws Exception { final File tempFile = File.createTempFile("GKA", ".exe", Settings.getTempDirectory()); FileOutputStream fos = null; InputStream is = null; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index c38944886..e95581067 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -79,7 +79,7 @@ import org.xml.sax.XMLReader; * * @author Jeremy Long */ -public class JarAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer { +public class JarAnalyzer extends AbstractFileTypeAnalyzer { // /** @@ -226,7 +226,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, F * @throws AnalysisException is thrown if there is an error reading the JAR file. */ @Override - public void analyze(Dependency dependency, Engine engine) throws AnalysisException { + public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException { try { final ArrayList classNames = collectClassNames(dependency); final String fileName = dependency.getFileName().toLowerCase(); @@ -900,15 +900,12 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, F private File tempFileLocation = null; /** - * The initialize method does nothing for this Analyzer. + * Initializes the JarAnalyzer. * * @throws Exception is thrown if there is an exception creating a temporary directory */ @Override - public void initialize() throws Exception { - if (!this.isFilesMatched()) { - return; //no files matched, no need to initialize - } + public void initializeFileTypeAnalyzer() throws Exception { final File baseDir = Settings.getTempDirectory(); if (!baseDir.exists()) { if (!baseDir.mkdirs()) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java index 429948692..e6b2742f8 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java @@ -36,7 +36,7 @@ import org.owasp.dependencycheck.dependency.Dependency; * * @author Jeremy Long */ -public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer { +public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer { // /** @@ -91,7 +91,7 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer implements Anal * @throws AnalysisException is thrown if there is an error reading the JavaScript file. */ @Override - public void analyze(Dependency dependency, Engine engine) throws AnalysisException { + public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException { BufferedReader fin = null;; try { // /\*([^\*][^/]|[\r\n\f])+?\*/ @@ -118,4 +118,9 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer implements Anal } } } + + @Override + protected void initializeFileTypeAnalyzer() throws Exception { + + } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java index cf8b8d63b..81ae02265 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java @@ -46,7 +46,7 @@ import org.owasp.dependencycheck.utils.Settings; * * @author colezlaw */ -public class NexusAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer { +public class NexusAnalyzer extends AbstractFileTypeAnalyzer { /** * The logger @@ -68,11 +68,6 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, */ private static final Set SUPPORTED_EXTENSIONS = newHashSet("jar"); - /** - * Whether this is actually enabled. Will get set during initialization. - */ - private boolean enabled = false; - /** * The Nexus Search to be set up for this analyzer. */ @@ -84,28 +79,24 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, * @throws Exception if there's an error during initialization */ @Override - public void initialize() throws Exception { - if (!isFilesMatched()) { - enabled = false; - return; //no work to do so don't initialize - } - enabled = Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED); + public void initializeFileTypeAnalyzer() throws Exception { + setEnabled(Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED)); LOGGER.fine("Initializing Nexus Analyzer"); - LOGGER.fine(String.format("Nexus Analyzer enabled: %s", enabled)); - if (enabled) { + LOGGER.fine(String.format("Nexus Analyzer enabled: %s", isEnabled())); + if (isEnabled()) { final String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL); LOGGER.fine(String.format("Nexus Analyzer URL: %s", searchUrl)); try { searcher = new NexusSearch(new URL(searchUrl)); if (!searcher.preflightRequest()) { LOGGER.warning("There was an issue getting Nexus status. Disabling analyzer."); - enabled = false; + setEnabled(false); } } catch (MalformedURLException mue) { // I know that initialize can throw an exception, but we'll // just disable the analyzer if the URL isn't valid LOGGER.warning(String.format("Property %s not a valid URL. Nexus Analyzer disabled", searchUrl)); - enabled = false; + setEnabled(false); } } } @@ -148,12 +139,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, * @throws AnalysisException when there's an exception during analysis */ @Override - public void analyze(Dependency dependency, Engine engine) throws AnalysisException { - // Make a quick exit if this analyzer is disabled - if (!enabled) { - return; - } - + public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException { try { final MavenArtifact ma = searcher.searchSha1(dependency.getSha1sum()); if (ma.getGroupId() != null && !"".equals(ma.getGroupId())) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java index 321f6e039..70b9c700d 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java @@ -62,7 +62,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { * @throws Exception if there's an error during initialization */ @Override - public void initialize() throws Exception { + public void initializeFileTypeAnalyzer() throws Exception { } /** @@ -103,7 +103,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { * @throws AnalysisException when there's an exception during analysis */ @Override - public void analyze(Dependency dependency, Engine engine) throws AnalysisException { + public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException { LOGGER.log(Level.FINE, "Checking Nuspec file {0}", dependency.toString()); try { final NuspecParser parser = new XPathNuspecParser();