update per issue #933

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java

@@ -135,12 +135,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
      */
     @Override
     protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException {
-        try {
-            getSha1MessageDigest();
-        } catch (IllegalStateException ex) {
-            setEnabled(false);
-            throw new InitializationException("Unable to create SHA1 MessageDigest", ex);
-        }
+        //do nothing
     }
 
     /**
@@ -224,8 +219,8 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
                 } catch (UnsupportedEncodingException ex) {
                     path = filePath.getBytes();
                 }
-                final MessageDigest sha1 = getSha1MessageDigest();
-                currentDep.setSha1sum(Checksum.getHex(sha1.digest(path)));
+                currentDep.setSha1sum(Checksum.getSHA1Checksum(path));
+                currentDep.setMd5sum(Checksum.getMD5Checksum(path));
                 engine.addDependency(currentDep);
             }
             final String source = currentDep.getFileName();
@@ -242,18 +237,4 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
     protected String getAnalyzerEnabledSettingKey() {
         return Settings.KEYS.ANALYZER_CMAKE_ENABLED;
     }
-
-    /**
-     * Returns the SHA1 message digest.
-     *
-     * @return the SHA1 message digest
-     */
-    private MessageDigest getSha1MessageDigest() {
-        try {
-            return MessageDigest.getInstance("SHA1");
-        } catch (NoSuchAlgorithmException e) {
-            LOGGER.error(e.getMessage());
-            throw new IllegalStateException("Failed to obtain the SHA1 message digest.", e);
-        }
-    }
 }

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java

@@ -92,12 +92,7 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
      */
     @Override
     protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException {
-        try {
-            getSha1MessageDigest();
-        } catch (IllegalStateException ex) {
-            setEnabled(false);
-            throw new InitializationException("Unable to create SHA1 MessageDigest", ex);
-        }
+        // do nothing
     }
 
     /**
@@ -122,9 +117,9 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
                 d.setName(dep.getProject());
                 d.setVersion(dep.getVersion());
                 d.setEcosystem(DEPENDENCY_ECOSYSTEM);
-                final MessageDigest sha1 = getSha1MessageDigest();
                 d.setFilePath(filePath);
-                d.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes(Charset.defaultCharset()))));
+                d.setSha1sum(Checksum.getSHA1Checksum(filePath.getBytes(Charset.defaultCharset())));
+                d.setMd5sum(Checksum.getMD5Checksum(filePath.getBytes(Charset.defaultCharset())));
                 d.addEvidence(EvidenceType.VENDOR, COMPOSER_LOCK, "vendor", dep.getGroup(), Confidence.HIGHEST);
                 d.addEvidence(EvidenceType.PRODUCT, COMPOSER_LOCK, "product", dep.getProject(), Confidence.HIGHEST);
                 d.addEvidence(EvidenceType.VERSION, COMPOSER_LOCK, "version", dep.getVersion(), Confidence.HIGHEST);
@@ -175,18 +170,4 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
     public AnalysisPhase getAnalysisPhase() {
         return AnalysisPhase.INFORMATION_COLLECTION;
     }
-
-    /**
-     * Returns the sha1 message digest.
-     *
-     * @return the sha1 message digest
-     */
-    private MessageDigest getSha1MessageDigest() {
-        try {
-            return MessageDigest.getInstance("SHA1");
-        } catch (NoSuchAlgorithmException e) {
-            LOGGER.error(e.getMessage());
-            throw new IllegalStateException("Failed to obtain the SHA1 message digest.", e);
-        }
-    }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java

@@ -17,8 +17,6 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import mockit.Mock;
-import mockit.MockUp;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -28,12 +26,8 @@ import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.dependency.Dependency;
-import org.owasp.dependencycheck.exception.InitializationException;
 
 import java.io.File;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.List;
 import java.util.regex.Pattern;
 
 import static org.hamcrest.CoreMatchers.equalTo;
@@ -197,22 +191,4 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
         }
         assertTrue("Expected version evidence to contain \"" + version + "\".", found);
     }
-
-    @Test(expected = InitializationException.class)
-    public void analyzerIsDisabledInCaseOfMissingMessageDigest() throws InitializationException {
-        new MockUp<MessageDigest>() {
-            @Mock
-            MessageDigest getInstance(String ignore) throws NoSuchAlgorithmException {
-                throw new NoSuchAlgorithmException();
-            }
-        };
-
-        analyzer = new CMakeAnalyzer();
-        analyzer.setFilesMatched(true);
-        assertTrue(analyzer.isEnabled());
-        analyzer.initialize(getSettings());
-        analyzer.prepare(null);
-
-        assertFalse(analyzer.isEnabled());
-    }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java

@@ -17,8 +17,6 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import mockit.Mock;
-import mockit.MockUp;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -27,11 +25,8 @@ import org.owasp.dependencycheck.BaseTest;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Dependency;
-import org.owasp.dependencycheck.exception.InitializationException;
 
 import java.io.File;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 import org.apache.commons.lang3.ArrayUtils;
 
 import static org.junit.Assert.assertEquals;
@@ -137,22 +132,4 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {
             assertEquals(ComposerLockAnalyzer.DEPENDENCY_ECOSYSTEM, d.getEcosystem());
         }
     }
-
-    @Test(expected = InitializationException.class)
-    public void analyzerIsDisabledInCaseOfMissingMessageDigest() throws InitializationException {
-        new MockUp<MessageDigest>() {
-            @Mock
-            MessageDigest getInstance(String ignore) throws NoSuchAlgorithmException {
-                throw new NoSuchAlgorithmException("SHA1 is missing");
-            }
-        };
-
-        analyzer = new ComposerLockAnalyzer();
-        analyzer.setFilesMatched(true);
-        analyzer.initialize(getSettings());
-        assertTrue(analyzer.isEnabled());
-        analyzer.prepare(null);
-
-        assertFalse(analyzer.isEnabled());
-    }
 }