github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-22 00:59:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

checkstyle fixes

Browse Source 
Former-commit-id: 31ff9324a8acd201002e4843deb5a2cfb08f2d88
This commit is contained in:
Jeremy Long
2013-03-16 16:53:41 -04:00
parent 5ef02290dd
commit 7bce07aa0e
5 changed files with 55 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/org/owasp/dependencycheck/App.java
View File

@@ -113,7 +113,8 @@ public class App {
if (cli.isGetVersion()) { if (cli.isGetVersion()) {
cli.printVersionInfo(); cli.printVersionInfo();
} else if (cli.isRunScan()) { } else if (cli.isRunScan()) {
runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles(), cli.isAutoUpdate(), cli.isDeepScan()); runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(),
cli.getScanFiles(), cli.isAutoUpdate(), cli.isDeepScan());
} else { } else {
cli.printHelp(); cli.printHelp();
} }

7
src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
View File

@@ -80,6 +80,13 @@ public class HintAnalyzer implements Analyzer {
return ANALYSIS_PHASE; return ANALYSIS_PHASE;
} }
/**
* The HintAnalyzer uses knowledge about a dependency to add additional information
* to help in identification of identifiers or vulnerabilities.
* @param dependency The dependency being analyzed
* @param engine The scanning engine
* @throws AnalysisException is thrown if there is an exception analyzing the dependency.
*/
public void analyze(Dependency dependency, Engine engine) throws AnalysisException { public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
Evidence springTest1 = new Evidence("Manifest", Evidence springTest1 = new Evidence("Manifest",
"Implementation-Title", "Implementation-Title",

77
src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -171,7 +171,6 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
return ANALYSIS_PHASE; return ANALYSIS_PHASE;
} }
private boolean evidenceFound;
/** /**
* Loads a specified JAR file and collects information from the manifest and * Loads a specified JAR file and collects information from the manifest and
* checksums to identify the correct CPE information. * checksums to identify the correct CPE information.
@@ -182,16 +181,12 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
* file. * file.
*/ */
public void analyze(Dependency dependency, Engine engine) throws AnalysisException { public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
evidenceFound = false; boolean addPackagesAsEvidence = false;
try { try {
evidenceFound |= parseManifest(dependency); addPackagesAsEvidence ^= parseManifest(dependency);
evidenceFound |= analyzePOM(dependency); addPackagesAsEvidence ^= analyzePOM(dependency);
if (Settings.getBoolean(Settings.KEYS.PERFORM_DEEP_SCAN) || addPackagesAsEvidence ^= Settings.getBoolean(Settings.KEYS.PERFORM_DEEP_SCAN);
!evidenceFound) { analyzePackageNames(dependency, addPackagesAsEvidence);
//if no evidence was found - "they" likely stripped stuff, package names may be all we have.
analyzePackageNames(dependency);
}
} catch (IOException ex) { } catch (IOException ex) {
throw new AnalysisException("Exception occurred reading the JAR file.", ex); throw new AnalysisException("Exception occurred reading the JAR file.", ex);
} catch (JAXBException ex) { } catch (JAXBException ex) {
@@ -342,9 +337,11 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
* hashSets. * hashSets.
* *
* @param dependency A reference to the dependency. * @param dependency A reference to the dependency.
* @param addPackagesAsEvidence a flag indicating whether or not package names should be added as evidence.
* @throws IOException is thrown if there is an error reading the JAR file. * @throws IOException is thrown if there is an error reading the JAR file.
*/ */
protected void analyzePackageNames(Dependency dependency) throws IOException { protected void analyzePackageNames(Dependency dependency, boolean addPackagesAsEvidence)
throws IOException {
JarFile jar = null; JarFile jar = null;
try { try {
@@ -415,8 +412,10 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
if (!"org".equals(s) && !"com".equals(s)) { if (!"org".equals(s) && !"com".equals(s)) {
vendor.addWeighting(s); vendor.addWeighting(s);
product.addWeighting(s); product.addWeighting(s);
vendor.addEvidence("jar", "package", s, Evidence.Confidence.LOW); if (addPackagesAsEvidence) {
product.addEvidence("jar", "package", s, Evidence.Confidence.LOW); vendor.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
product.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
}
} }
} }
for (String s : level1.keySet()) { for (String s : level1.keySet()) {
@@ -426,12 +425,16 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
String[] parts = s.split("/"); String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) { if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]); vendor.addWeighting(parts[1]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW); if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
}
} else { } else {
vendor.addWeighting(parts[0]); vendor.addWeighting(parts[0]);
product.addWeighting(parts[1]); product.addWeighting(parts[1]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW); if (addPackagesAsEvidence) {
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW); vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
}
} }
} }
} }
@@ -443,17 +446,21 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
if ("org".equals(parts[0]) || "com".equals(parts[0])) { if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]); vendor.addWeighting(parts[1]);
product.addWeighting(parts[2]); product.addWeighting(parts[2]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW); if (addPackagesAsEvidence) {
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW); vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
}
} else { } else {
vendor.addWeighting(parts[0]); vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]); vendor.addWeighting(parts[1]);
product.addWeighting(parts[1]); product.addWeighting(parts[1]);
product.addWeighting(parts[2]); product.addWeighting(parts[2]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW); if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW); vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW); vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW); product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
}
} }
} }
} }
@@ -467,11 +474,12 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
vendor.addWeighting(parts[2]); vendor.addWeighting(parts[2]);
product.addWeighting(parts[2]); product.addWeighting(parts[2]);
product.addWeighting(parts[3]); product.addWeighting(parts[3]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW); if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW); vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW); vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW); product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
}
} else { } else {
vendor.addWeighting(parts[0]); vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]); vendor.addWeighting(parts[1]);
@@ -479,12 +487,14 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
product.addWeighting(parts[1]); product.addWeighting(parts[1]);
product.addWeighting(parts[2]); product.addWeighting(parts[2]);
product.addWeighting(parts[3]); product.addWeighting(parts[3]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW); if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW); vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW); vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW); vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW); product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW); product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
}
} }
} }
} }
@@ -670,7 +680,6 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
sb.append(text.substring(end + 1)); sb.append(text.substring(end + 1));
return interpolateString(sb.toString(), properties); //yes yes, this should be a loop... return interpolateString(sb.toString(), properties); //yes yes, this should be a loop...
} }
// private void addPredefinedData(Dependency dependency) { // private void addPredefinedData(Dependency dependency) {
// Evidence springTest1 = new Evidence("Manifest", // Evidence springTest1 = new Evidence("Manifest",
// "Implementation-Title", // "Implementation-Title",

4
src/main/java/org/owasp/dependencycheck/utils/CliParser.java
View File

@@ -412,12 +412,12 @@ public final class CliParser {
* The short CLI argument name asking for advanced help. * The short CLI argument name asking for advanced help.
*/ */
public static final String ADVANCED_HELP = "advancedhelp"; public static final String ADVANCED_HELP = "advancedhelp";
/* /**
* The short CLI argument name indicating a deep scan of the dependencies * The short CLI argument name indicating a deep scan of the dependencies
* should be performed. * should be performed.
*/ */
public static final String PERFORM_DEEP_SCAN_SHORT = "d"; public static final String PERFORM_DEEP_SCAN_SHORT = "d";
/* /**
* The CLI argument name indicating a deep scan of the dependencies * The CLI argument name indicating a deep scan of the dependencies
* should be performed. * should be performed.
*/ */

2
src/test/java/org/owasp/dependencycheck/data/cpe/CPEAnalyzerTest.java
View File

@@ -116,7 +116,7 @@ public class CPEAnalyzerTest extends BaseIndexTestCase {
instance.determineCPE(spring); instance.determineCPE(spring);
instance.determineCPE(spring3); instance.determineCPE(spring3);
instance.close(); instance.close();
Assert.assertTrue("Incorrect match size - struts", depends.getIdentifiers().size() == 1); Assert.assertTrue("Incorrect match size - struts", depends.getIdentifiers().size() >= 1);
Assert.assertTrue("Incorrect match - struts", depends.getIdentifiers().get(0).getValue().equals(expResult)); Assert.assertTrue("Incorrect match - struts", depends.getIdentifiers().get(0).getValue().equals(expResult));
//the following two only work if the HintAnalyzer is used. //the following two only work if the HintAnalyzer is used.
//Assert.assertTrue("Incorrect match size - spring", spring.getIdentifiers().size() == 1); //Assert.assertTrue("Incorrect match size - spring", spring.getIdentifiers().size() == 1);