github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

changed scan methods to return a list of dependencies instead of void

Browse Source 
Former-commit-id: f0fd1e06708de3159acff0147968b5508a54fc05
This commit is contained in:
Jeremy Long
2014-10-25 08:02:36 -04:00
parent 0c37586357
commit 766b7a940c
1 changed files with 83 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -27,7 +27,6 @@ import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
import org.owasp.dependencycheck.analyzer.Analyzer;
import org.owasp.dependencycheck.analyzer.AnalyzerService;
@@ -35,14 +34,12 @@ import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.cpe.CpeMemoryIndex;
import org.owasp.dependencycheck.data.cpe.IndexException;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.data.nvdcve.ConnectionFactory;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.update.CachedWebDataSource;
import org.owasp.dependencycheck.data.update.UpdateService;
import org.owasp.dependencycheck.data.update.exception.UpdateException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.exception.NoDataException;
import org.owasp.dependencycheck.utils.FileUtils;
@@ -171,99 +168,133 @@ public class Engine implements Serializable {
* Scans an array of files or directories. If a directory is specified, it will be scanned recursively. Any
* dependencies identified are added to the dependency collection.
*
* @since v0.3.2.5
* @param paths an array of paths to files or directories to be analyzed
* @return the list of dependencies scanned
*
* @param paths an array of paths to files or directories to be analyzed.
* @since v0.3.2.5
*/
public void scan(String[] paths) {
public List<Dependency> scan(String[] paths) {
List<Dependency> deps = new ArrayList<Dependency>();
for (String path : paths) {
final File file = new File(path);
scan(file);
List<Dependency> d = scan(file);
if (d != null) {
deps.addAll(d);
}
}
return deps;
}
/**
* Scans a given file or directory. If a directory is specified, it will be scanned recursively. Any dependencies
* identified are added to the dependency collection.
*
* @param path the path to a file or directory to be analyzed.
* @param path the path to a file or directory to be analyzed
* @return the list of dependencies scanned
*/
public void scan(String path) {
public List<Dependency> scan(String path) {
if (path.matches("^.*[\\/]\\*\\.[^\\/:*|?<>\"]+$")) {
final String[] parts = path.split("\\*\\.");
final String[] ext = new String[] { parts[parts.length - 1] };
final String[] ext = new String[]{parts[parts.length - 1]};
final File dir = new File(path.substring(0, path.length() - ext[0].length() - 2));
if (dir.isDirectory()) {
final List<File> files = (List<File>) org.apache.commons.io.FileUtils.listFiles(dir, ext, true);
scan(files);
return scan(files);
} else {
final String msg = String.format("Invalid file path provided to scan '%s'", path);
LOGGER.log(Level.SEVERE, msg);
}
} else {
final File file = new File(path);
scan(file);
return scan(file);
}
return null;
}
/**
* Scans an array of files or directories. If a directory is specified, it will be scanned recursively. Any
* dependencies identified are added to the dependency collection.
*
* @since v0.3.2.5
*
* @param files an array of paths to files or directories to be analyzed.
* @return the list of dependencies
*
* @since v0.3.2.5
*/
public void scan(File[] files) {
public List<Dependency> scan(File[] files) {
List<Dependency> deps = new ArrayList<Dependency>();
for (File file : files) {
scan(file);
List<Dependency> d = scan(file);
if (d != null) {
deps.addAll(d);
}
}
return deps;
}
/**
* Scans a list of files or directories. If a directory is specified, it will be scanned recursively. Any
* dependencies identified are added to the dependency collection.
*
* @since v0.3.2.5
* @param files a set of paths to files or directories to be analyzed
* @return the list of dependencies scanned
*
* @param files a set of paths to files or directories to be analyzed.
* @since v0.3.2.5
*/
public void scan(Set<File> files) {
public List<Dependency> scan(Set<File> files) {
List<Dependency> deps = new ArrayList<Dependency>();
for (File file : files) {
scan(file);
List<Dependency> d = scan(file);
if (d != null) {
deps.addAll(d);
}
}
return deps;
}
/**
* Scans a list of files or directories. If a directory is specified, it will be scanned recursively. Any
* dependencies identified are added to the dependency collection.
*
* @since v0.3.2.5
* @param files a set of paths to files or directories to be analyzed
* @return the list of dependencies scanned
*
* @param files a set of paths to files or directories to be analyzed.
* @since v0.3.2.5
*/
public void scan(List<File> files) {
public List<Dependency> scan(List<File> files) {
List<Dependency> deps = new ArrayList<Dependency>();
for (File file : files) {
scan(file);
List<Dependency> d = scan(file);
if (d != null) {
deps.addAll(d);
}
}
return deps;
}
/**
* Scans a given file or directory. If a directory is specified, it will be scanned recursively. Any dependencies
* identified are added to the dependency collection.
*
* @param file the path to a file or directory to be analyzed
* @return the list of dependencies scanned
*
* @since v0.3.2.4
*
* @param file the path to a file or directory to be analyzed.
*/
public void scan(File file) {
public List<Dependency> scan(File file) {
if (file.exists()) {
if (file.isDirectory()) {
scanDirectory(file);
return scanDirectory(file);
} else {
scanFile(file);
Dependency d = scanFile(file);
if (d != null) {
List<Dependency> deps = new ArrayList<Dependency>();
deps.add(d);
return deps;
}
}
}
return null;
}
/**
@@ -271,55 +302,50 @@ public class Engine implements Serializable {
*
* @param dir the directory to scan.
*/
protected void scanDirectory(File dir) {
protected List<Dependency> scanDirectory(File dir) {
final File[] files = dir.listFiles();
List<Dependency> deps = new ArrayList<Dependency>();
if (files != null) {
for (File f : files) {
if (f.isDirectory()) {
scanDirectory(f);
List<Dependency> d = scanDirectory(f);
if (d != null) {
deps.addAll(d);
}
} else {
scanFile(f);
Dependency d = scanFile(f);
deps.add(d);
}
}
}
return deps;
}
/**
* Scans a specified file. If a dependency is identified it is added to the dependency collection.
*
* @param file The file to scan.
* @param file The file to scan
* @return the scanned dependency
*/
protected void scanFile(File file) {
scan(file, null);
}
/**
* Scans a specified file. If a dependency is identified it is added to the dependency collection.
* If there is an mavenArtifact present, it will be added to
*
* @param file The file to scan.
* @param mavenArtifact The (optional) Maven artifact.
*/
public void scan(File file, MavenArtifact mavenArtifact) {
protected Dependency scanFile(File file) {
if (!file.isFile()) {
final String msg = String.format("Path passed to scanFile(File) is not a file: %s. Skipping the file.", file.toString());
LOGGER.log(Level.FINE, msg);
return;
return null;
}
final String fileName = file.getName();
final String extension = FileUtils.getFileExtension(fileName);
Dependency dependency = null;
if (extension != null) {
if (supportsExtension(extension)) {
final Dependency dependency = new Dependency(file);
if (mavenArtifact != null) {
dependency.addAsEvidence("project-pom", mavenArtifact, Confidence.HIGH);
}
dependency = new Dependency(file);
dependencies.add(dependency);
}
} else {
final String msg = String.format("No file extension found on file '%s'. The file was not analyzed.", file.toString());
LOGGER.log(Level.FINEST, msg);
}
return dependency;
}
/**
@@ -342,7 +368,9 @@ public class Engine implements Serializable {
}
final String logHeader = String.format("%n" + "----------------------------------------------------%n" + "BEGIN ANALYSIS%n"
final String logHeader = String.format("%n"
+ "----------------------------------------------------%n"
+ "BEGIN ANALYSIS%n"
+ "----------------------------------------------------");
LOGGER.log(Level.FINE, logHeader);
LOGGER.log(Level.INFO, "Analysis Starting");
@@ -395,7 +423,9 @@ public class Engine implements Serializable {
}
}
final String logFooter = String.format("%n" + "----------------------------------------------------%n" + "END ANALYSIS%n"
final String logFooter = String.format("%n"
+ "----------------------------------------------------%n"
+ "END ANALYSIS%n"
+ "----------------------------------------------------");
LOGGER.log(Level.FINE, logFooter);
LOGGER.log(Level.INFO, "Analysis Complete");
@@ -449,7 +479,8 @@ public class Engine implements Serializable {
try {
source.update();
} catch (UpdateException ex) {
LOGGER.log(Level.WARNING, "Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.");
LOGGER.log(Level.WARNING,
"Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.");
LOGGER.log(Level.FINE, String.format("Unable to update details for %s", source.getClass().getName()), ex);
}
}
@@ -513,5 +544,4 @@ public class Engine implements Serializable {
throw new NoDataException("No documents exist");
}
}
}