From 766b7a940c33ee0e832027b0ec698e757cced0fb Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 25 Oct 2014 08:02:36 -0400 Subject: [PATCH] changed scan methods to return a list of dependencies instead of void Former-commit-id: f0fd1e06708de3159acff0147968b5508a54fc05 --- .../org/owasp/dependencycheck/Engine.java | 136 +++++++++++------- 1 file changed, 83 insertions(+), 53 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index 2794cc4eb..e29454205 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -27,7 +27,6 @@ import java.util.List; import java.util.Set; import java.util.logging.Level; import java.util.logging.Logger; - import org.owasp.dependencycheck.analyzer.AnalysisPhase; import org.owasp.dependencycheck.analyzer.Analyzer; import org.owasp.dependencycheck.analyzer.AnalyzerService; @@ -35,14 +34,12 @@ import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.data.cpe.CpeMemoryIndex; import org.owasp.dependencycheck.data.cpe.IndexException; -import org.owasp.dependencycheck.data.nexus.MavenArtifact; import org.owasp.dependencycheck.data.nvdcve.ConnectionFactory; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; import org.owasp.dependencycheck.data.update.CachedWebDataSource; import org.owasp.dependencycheck.data.update.UpdateService; import org.owasp.dependencycheck.data.update.exception.UpdateException; -import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.exception.NoDataException; import org.owasp.dependencycheck.utils.FileUtils; @@ -171,99 +168,133 @@ public class Engine implements Serializable { * Scans an array of files or directories. If a directory is specified, it will be scanned recursively. Any * dependencies identified are added to the dependency collection. * - * @since v0.3.2.5 + * @param paths an array of paths to files or directories to be analyzed + * @return the list of dependencies scanned * - * @param paths an array of paths to files or directories to be analyzed. + * @since v0.3.2.5 */ - public void scan(String[] paths) { + public List scan(String[] paths) { + List deps = new ArrayList(); for (String path : paths) { final File file = new File(path); - scan(file); + List d = scan(file); + if (d != null) { + deps.addAll(d); + } } + return deps; } /** * Scans a given file or directory. If a directory is specified, it will be scanned recursively. Any dependencies * identified are added to the dependency collection. * - * @param path the path to a file or directory to be analyzed. + * @param path the path to a file or directory to be analyzed + * @return the list of dependencies scanned */ - public void scan(String path) { + public List scan(String path) { if (path.matches("^.*[\\/]\\*\\.[^\\/:*|?<>\"]+$")) { final String[] parts = path.split("\\*\\."); - final String[] ext = new String[] { parts[parts.length - 1] }; + final String[] ext = new String[]{parts[parts.length - 1]}; final File dir = new File(path.substring(0, path.length() - ext[0].length() - 2)); if (dir.isDirectory()) { final List files = (List) org.apache.commons.io.FileUtils.listFiles(dir, ext, true); - scan(files); + return scan(files); } else { final String msg = String.format("Invalid file path provided to scan '%s'", path); LOGGER.log(Level.SEVERE, msg); } } else { final File file = new File(path); - scan(file); + return scan(file); } + return null; } /** * Scans an array of files or directories. If a directory is specified, it will be scanned recursively. Any * dependencies identified are added to the dependency collection. * - * @since v0.3.2.5 - * * @param files an array of paths to files or directories to be analyzed. + * @return the list of dependencies + * + * @since v0.3.2.5 */ - public void scan(File[] files) { + public List scan(File[] files) { + List deps = new ArrayList(); for (File file : files) { - scan(file); + List d = scan(file); + if (d != null) { + deps.addAll(d); + } } + return deps; } /** * Scans a list of files or directories. If a directory is specified, it will be scanned recursively. Any * dependencies identified are added to the dependency collection. * - * @since v0.3.2.5 + * @param files a set of paths to files or directories to be analyzed + * @return the list of dependencies scanned * - * @param files a set of paths to files or directories to be analyzed. + * @since v0.3.2.5 */ - public void scan(Set files) { + public List scan(Set files) { + List deps = new ArrayList(); for (File file : files) { - scan(file); + List d = scan(file); + if (d != null) { + deps.addAll(d); + } } + return deps; } /** * Scans a list of files or directories. If a directory is specified, it will be scanned recursively. Any * dependencies identified are added to the dependency collection. * - * @since v0.3.2.5 + * @param files a set of paths to files or directories to be analyzed + * @return the list of dependencies scanned * - * @param files a set of paths to files or directories to be analyzed. + * @since v0.3.2.5 */ - public void scan(List files) { + public List scan(List files) { + List deps = new ArrayList(); for (File file : files) { - scan(file); + List d = scan(file); + if (d != null) { + deps.addAll(d); + } } + return deps; } /** * Scans a given file or directory. If a directory is specified, it will be scanned recursively. Any dependencies * identified are added to the dependency collection. * + * @param file the path to a file or directory to be analyzed + * @return the list of dependencies scanned + * * @since v0.3.2.4 * - * @param file the path to a file or directory to be analyzed. */ - public void scan(File file) { + public List scan(File file) { if (file.exists()) { if (file.isDirectory()) { - scanDirectory(file); + return scanDirectory(file); } else { - scanFile(file); + Dependency d = scanFile(file); + if (d != null) { + List deps = new ArrayList(); + deps.add(d); + return deps; + } } } + return null; } /** @@ -271,55 +302,50 @@ public class Engine implements Serializable { * * @param dir the directory to scan. */ - protected void scanDirectory(File dir) { + protected List scanDirectory(File dir) { final File[] files = dir.listFiles(); + List deps = new ArrayList(); if (files != null) { for (File f : files) { if (f.isDirectory()) { - scanDirectory(f); + List d = scanDirectory(f); + if (d != null) { + deps.addAll(d); + } } else { - scanFile(f); + Dependency d = scanFile(f); + deps.add(d); } } } + return deps; } /** * Scans a specified file. If a dependency is identified it is added to the dependency collection. * - * @param file The file to scan. + * @param file The file to scan + * @return the scanned dependency */ - protected void scanFile(File file) { - scan(file, null); - } - - /** - * Scans a specified file. If a dependency is identified it is added to the dependency collection. - * If there is an mavenArtifact present, it will be added to - * - * @param file The file to scan. - * @param mavenArtifact The (optional) Maven artifact. - */ - public void scan(File file, MavenArtifact mavenArtifact) { + protected Dependency scanFile(File file) { if (!file.isFile()) { final String msg = String.format("Path passed to scanFile(File) is not a file: %s. Skipping the file.", file.toString()); LOGGER.log(Level.FINE, msg); - return; + return null; } final String fileName = file.getName(); final String extension = FileUtils.getFileExtension(fileName); + Dependency dependency = null; if (extension != null) { if (supportsExtension(extension)) { - final Dependency dependency = new Dependency(file); - if (mavenArtifact != null) { - dependency.addAsEvidence("project-pom", mavenArtifact, Confidence.HIGH); - } + dependency = new Dependency(file); dependencies.add(dependency); } } else { final String msg = String.format("No file extension found on file '%s'. The file was not analyzed.", file.toString()); LOGGER.log(Level.FINEST, msg); } + return dependency; } /** @@ -342,7 +368,9 @@ public class Engine implements Serializable { } - final String logHeader = String.format("%n" + "----------------------------------------------------%n" + "BEGIN ANALYSIS%n" + final String logHeader = String.format("%n" + + "----------------------------------------------------%n" + + "BEGIN ANALYSIS%n" + "----------------------------------------------------"); LOGGER.log(Level.FINE, logHeader); LOGGER.log(Level.INFO, "Analysis Starting"); @@ -395,7 +423,9 @@ public class Engine implements Serializable { } } - final String logFooter = String.format("%n" + "----------------------------------------------------%n" + "END ANALYSIS%n" + final String logFooter = String.format("%n" + + "----------------------------------------------------%n" + + "END ANALYSIS%n" + "----------------------------------------------------"); LOGGER.log(Level.FINE, logFooter); LOGGER.log(Level.INFO, "Analysis Complete"); @@ -449,7 +479,8 @@ public class Engine implements Serializable { try { source.update(); } catch (UpdateException ex) { - LOGGER.log(Level.WARNING, "Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities."); + LOGGER.log(Level.WARNING, + "Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities."); LOGGER.log(Level.FINE, String.format("Unable to update details for %s", source.getClass().getName()), ex); } } @@ -513,5 +544,4 @@ public class Engine implements Serializable { throw new NoDataException("No documents exist"); } } - }