Merge branch 'master' of github.com:jeremylong/DependencyCheck

2026-01-14 15:53:36 +01:00 · 2017-07-06 19:38:15 -04:00
parent 87f327b095 8338668ab4
commit 64c824fedf
2 changed files with 72 additions and 9 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
@@ -73,6 +73,10 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
     * The temp value for GrokAssembly.exe
     */
    private File grokAssemblyExe = null;
+    /**
+     * The temp value for GrokAssembly.exe.config
+     */
+    private File grokAssemblyConfig = null;
    /**
     * Logger
     */
@@ -109,6 +113,13 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
    @Override
    public void analyzeDependency(Dependency dependency, Engine engine)
            throws AnalysisException {
+
+        File test = new File(dependency.getActualFilePath());
+        if (!test.isFile()) {
+            throw new AnalysisException(String.format("%s does not exist and cannot be analyzed by dependency-check",
+                    dependency.getActualFilePath()));
+        }
+
        if (grokAssemblyExe == null) {
            LOGGER.warn("GrokAssembly didn't get deployed");
            return;
@@ -201,22 +212,24 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
    @Override
    public void initializeFileTypeAnalyzer() throws InitializationException {
        final File tempFile;
-        final String cfg;
+        final File cfgFile;
        try {
            tempFile = File.createTempFile("GKA", ".exe", Settings.getTempDirectory());
-            cfg = tempFile.getPath() + ".config";
+            cfgFile = new File(tempFile.getPath() + ".config");
        } catch (IOException ex) {
            setEnabled(false);
            throw new InitializationException("Unable to create temporary file for the assembly analyzer", ex);
        }
        try (FileOutputStream fos = new FileOutputStream(tempFile);
-            InputStream is = FileUtils.getResourceAsStream("GrokAssembly.exe");
-            FileOutputStream fosCfg = new FileOutputStream(cfg);
-            InputStream isCfg = FileUtils.getResourceAsStream("GrokAssembly.exe.config")) {
+                InputStream is = FileUtils.getResourceAsStream("GrokAssembly.exe");
+                FileOutputStream fosCfg = new FileOutputStream(cfgFile);
+                InputStream isCfg = FileUtils.getResourceAsStream("GrokAssembly.exe.config")) {
+            IOUtils.copy(is, fos);
            grokAssemblyExe = tempFile;
            LOGGER.debug("Extracted GrokAssembly.exe to {}", grokAssemblyExe.getPath());
            IOUtils.copy(isCfg, fosCfg);
-            LOGGER.debug("Extracted GrokAssembly.exe.config to {}", cfg);
+            grokAssemblyConfig = cfgFile;
+            LOGGER.debug("Extracted GrokAssembly.exe.config to {}", cfgFile);
        } catch (IOException ioe) {
            this.setEnabled(false);
            LOGGER.warn("Could not extract GrokAssembly.exe: {}", ioe.getMessage());
@@ -287,6 +300,15 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
            LOGGER.debug("Can't delete temporary GrokAssembly.exe");
            grokAssemblyExe.deleteOnExit();
        }
+        try {
+            if (grokAssemblyConfig != null && !grokAssemblyConfig.delete()) {
+                LOGGER.debug("Unable to delete temporary GrokAssembly.exe.config; attempting delete on exit");
+                grokAssemblyConfig.deleteOnExit();
+            }
+        } catch (SecurityException se) {
+            LOGGER.debug("Can't delete temporary GrokAssembly.exe.config");
+            grokAssemblyConfig.deleteOnExit();
+        }
    }

    /**
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java
@@ -18,7 +18,14 @@
 package org.owasp.dependencycheck.analyzer;

 import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.commons.io.IOUtils;
 import org.junit.After;
+
+import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
@@ -33,6 +40,7 @@ import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Evidence;
 import org.owasp.dependencycheck.exception.InitializationException;
+import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -62,7 +70,7 @@ public class AssemblyAnalyzerTest extends BaseTest {
            analyzer = new AssemblyAnalyzer();
            analyzer.accept(new File("test.dll")); // trick into "thinking it is active"
            analyzer.initialize();
-            Assume.assumeTrue("Mono is not installed, skipping tests.", analyzer.buildArgumentList() == null);
+            assertGrokAssembly();
        } catch (Exception e) {
            if (e.getMessage().contains("Could not execute .NET AssemblyAnalyzer")) {
                LOGGER.warn("Exception setting up AssemblyAnalyzer. Tests will be incomplete");
@@ -73,6 +81,39 @@ public class AssemblyAnalyzerTest extends BaseTest {
        }
    }

+    private void assertGrokAssembly() throws IOException {
+        // There must be an .exe and a .config files created in the temp
+        // directory and they must match the resources they were created from.
+        File grokAssemblyExeFile = null;
+        File grokAssemblyConfigFile = null;
+        
+        File tempDirectory = Settings.getTempDirectory();
+        for (File file : tempDirectory.listFiles()) {
+            String filename = file.getName();
+            if (filename.startsWith("GKA") && filename.endsWith(".exe")) {
+                grokAssemblyExeFile = file;
+                break;
+            }
+        }
+        assertTrue("The GrokAssembly executable was not created.", grokAssemblyExeFile.isFile());
+        grokAssemblyConfigFile = new File(grokAssemblyExeFile.getPath() + ".config");
+        assertTrue("The GrokAssembly config was not created.", grokAssemblyConfigFile.isFile());
+
+        assertFileContent("The GrokAssembly executable has incorrect content.", "GrokAssembly.exe",
+                grokAssemblyExeFile);
+        assertFileContent("The GrokAssembly config has incorrect content.", "GrokAssembly.exe.config",
+                grokAssemblyConfigFile);
+    }
+
+    private void assertFileContent(String message, String expectedResourceName, File actualFile) throws IOException {
+        try (InputStream expectedStream = FileUtils.getResourceAsStream(expectedResourceName);
+                InputStream actualStream = new FileInputStream(actualFile)) {
+            byte[] expectedBytes = IOUtils.toByteArray(expectedStream);
+            byte[] actualBytes = IOUtils.toByteArray(actualStream);
+            assertArrayEquals(message, expectedBytes, actualBytes);
+        }
+    }
+
    /**
     * Tests to make sure the name is correct.
     */
@@ -130,7 +171,7 @@ public class AssemblyAnalyzerTest extends BaseTest {
            analyzer.analyze(d, null);
            fail("Expected an AnalysisException");
        } catch (AnalysisException ae) {
-            assertEquals("File does not exist", ae.getMessage());
+            assertTrue(ae.getMessage().contains("nonexistent.dll does not exist and cannot be analyzed by dependency-check"));
        } finally {
            System.setProperty(LOG_KEY, oldProp);
        }
@@ -179,6 +220,6 @@ public class AssemblyAnalyzerTest extends BaseTest {

    @After
    public void tearDown() throws Exception {
-        analyzer.close();
+        analyzer.closeAnalyzer();
    }
 }