github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-23 09:31:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

improved error handling/reporting

Browse Source 
Former-commit-id: a876ed631f9d6c69abd6d57c20cdd81d9d9bbdbb
This commit is contained in:
Jeremy Long
2013-12-20 05:36:04 -05:00
parent 26c30b013b
commit 611635a9a2
1 changed files with 37 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -281,18 +281,10 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
Model pom = null; Model pom = null;
try { try {
pom = retrievePom(path, jar); pom = retrievePom(path, jar);
} catch (JAXBException ex) { foundSomething = setPomEvidence(dependency, pom, pomProperties, classes) || foundSomething;
final String msg = String.format("Unable to parse POM '%s' in '%s'", } catch (AnalysisException ex) {
path, dependency.getFilePath()); dependency.addAnalysisException(ex);
final AnalysisException ax = new AnalysisException(msg, ex);
dependency.getAnalysisExceptions().add(ax);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ax);
} catch (IOException ex) {
final String msg = String.format("Unable to retrieve POM '%s' in '%s'",
path, dependency.getFilePath());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ex);
} }
foundSomething = setPomEvidence(dependency, pom, pomProperties, classes) || foundSomething;
} }
return foundSomething; return foundSomething;
} }
@@ -348,14 +340,14 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
* @param path the path to the pom.xml file within the jar file * @param path the path to the pom.xml file within the jar file
* @param jar the jar file to extract the pom from * @param jar the jar file to extract the pom from
* @return returns a * @return returns a
* @throws AnalysisException is thrown if there is an exception extracting
* or parsing the POM
* {@link org.owasp.dependencycheck.analyzer.pom.generated.Model} object * {@link org.owasp.dependencycheck.analyzer.pom.generated.Model} object
* @throws JAXBException is thrown if there is an exception parsing the pom
* @throws IOException is thrown if there is an exception reading the jar
*/ */
private Model retrievePom(String path, JarFile jar) throws JAXBException, IOException { private Model retrievePom(String path, JarFile jar) throws AnalysisException {
final ZipEntry entry = jar.getEntry(path); final ZipEntry entry = jar.getEntry(path);
Model model = null;
if (entry != null) { //should never be null if (entry != null) { //should never be null
Model m = null;
try { try {
final XMLFilter filter = new MavenNamespaceFilter(); final XMLFilter filter = new MavenNamespaceFilter();
final SAXParserFactory spf = SAXParserFactory.newInstance(); final SAXParserFactory spf = SAXParserFactory.newInstance();
@@ -367,17 +359,40 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
final InputSource xml = new InputSource(reader); final InputSource xml = new InputSource(reader);
final SAXSource source = new SAXSource(filter, xml); final SAXSource source = new SAXSource(filter, xml);
final JAXBElement<Model> el = pomUnmarshaller.unmarshal(source, Model.class); final JAXBElement<Model> el = pomUnmarshaller.unmarshal(source, Model.class);
m = el.getValue(); model = el.getValue();
} catch (SecurityException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s'; invalid signature", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
throw new AnalysisException(ex);
} catch (ParserConfigurationException ex) { } catch (ParserConfigurationException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s'", path, jar.getName()); final String msg = String.format("Unable to parse pom '%s' in jar '%s' (Parser Configuration Error)", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ex); Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
throw new AnalysisException(ex);
} catch (SAXException ex) { } catch (SAXException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s'", path, jar.getName()); final String msg = String.format("Unable to parse pom '%s' in jar '%s' (SAX Error)", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ex); Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
throw new AnalysisException(ex);
} catch (JAXBException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s' (JAXB Exception)", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
throw new AnalysisException(ex);
} catch (IOException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
throw new AnalysisException(ex);
} catch (Throwable ex) {
final String msg = String.format("Unexpected error during parsing of the pom '%s' in jar '%s'", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
throw new AnalysisException(ex);
} }
return m;
} }
return null; return model;
} }
/** /**