AutoconfAnalyzer: Some code refactoring to eliminate duplicate code

and redundant condition checking, plus fixes/additions to Javadoc. Former-commit-id: 1c18377b6d871f354915ca210df6ee22534553ba
2026-01-15 08:13:43 +01:00 · 2015-06-02 16:14:13 -04:00
parent cc3a72f4fd
commit 7d3ac21e42
2 changed files with 46 additions and 33 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
@@ -35,14 +35,20 @@ import org.owasp.dependencycheck.utils.Settings;
 import org.owasp.dependencycheck.utils.UrlStringUtils;

 /**
- * Used to analyze a Wheel or egg distribution files, or their contents in
- * unzipped form, and collect information that can be used to determine the
- * associated CPE.
+ * Used to analyze Autoconf input files named configure.ac or configure.in.
+ * Files simply named "configure" are also analyzed, assuming they are generated
+ * by Autoconf, and contain certain special package descriptor variables.
 *
 * @author Dale Visser <dvisser@ida.org>
+ * @see <a href="https://www.gnu.org/software/autoconf/">Autoconf - GNU Project - Free Software Foundation (FSF)</a>
 */
 public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {

+	/**
+	 * Autoconf output filename.
+	 */
+	private static final String CONFIGURE = "configure";
+
 	/**
 	 * Autoconf input filename.
 	 */
@@ -67,7 +73,7 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
 	 * The set of file extensions supported by this analyzer.
 	 */
 	private static final Set<String> EXTENSIONS = newHashSet("ac", "in",
-			"configure");
+			CONFIGURE);

 	/**
 	 * Matches AC_INIT variables in the output configure script.
@@ -142,21 +148,22 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
 			throws AnalysisException {
 		final File actualFile = dependency.getActualFile();
 		final String name = actualFile.getName();
-		if (CONFIGURE_AC.equals(name) || CONFIGURE_IN.equals(name)) {
+		if (name.startsWith(CONFIGURE)) {
 			final File parent = actualFile.getParentFile();
 			final String parentName = parent.getName();
 			dependency.setDisplayFileName(parentName + "/" + name);
-			final String contents = getFileContents(actualFile);
-			if (!contents.isEmpty()) {
-				gatherEvidence(dependency, name, contents);
-			}
-		} else if ("configure".equals(name)) {
-			final File parent = actualFile.getParentFile();
-			final String parentName = parent.getName();
-			dependency.setDisplayFileName(parentName + "/" + name);
-			final String contents = getFileContents(actualFile);
-			if (!contents.isEmpty()) {
-				extractConfigureScriptEvidence(dependency, name, contents);
+			final boolean isOutputScript = CONFIGURE.equals(name);
+			if (isOutputScript || CONFIGURE_AC.equals(name)
+					|| CONFIGURE_IN.equals(name)) {
+				final String contents = getFileContents(actualFile);
+				if (!contents.isEmpty()) {
+					if (isOutputScript) {
+						extractConfigureScriptEvidence(dependency, name,
+								contents);
+					} else {
+						gatherEvidence(dependency, name, contents);
+					}
+				}
 			}
 		} else {
 			// copy, alter and set in case some other thread is iterating over
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java
@@ -32,9 +32,15 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Dependency;

 /**
- * Unit tests for PythonDistributionAnalyzer.
+ * Unit tests for AutoconfAnalyzer. The test resources under autoconf/ were
+ * obtained from outside open source software projects. Links to those projects
+ * are given below.
 *
 * @author Dale Visser <dvisser@ida.org>
+ * @see <a href="http://readable.sourceforge.net/">Readable Lisp S-expressions
+ *      Project</a>
+ * @see <a href="https://gnu.org/software/binutils/">GNU Binutils</a>
+ * @see <a href="https://gnu.org/software/ghostscript/">GNU Ghostscript</a>
 */
 public class AutoconfAnalyzerTest extends BaseTest {

@@ -43,19 +49,19 @@ public class AutoconfAnalyzerTest extends BaseTest {
 	 */
 	AutoconfAnalyzer analyzer;

-	private void assertCommonEvidence(Dependency result, String product, String version,
-			String vendor) {
+	private void assertCommonEvidence(Dependency result, String product,
+			String version, String vendor) {
 		assertProductAndVersion(result, product, version);
-		assertTrue("Expected vendor evidence to contain \"" + vendor + "\".", result
-				.getVendorEvidence().toString().contains(vendor));
+		assertTrue("Expected vendor evidence to contain \"" + vendor + "\".",
+				result.getVendorEvidence().toString().contains(vendor));
 	}

 	private void assertProductAndVersion(Dependency result, String product,
 			String version) {
 		assertTrue("Expected product evidence to contain \"" + product + "\".",
 				result.getProductEvidence().toString().contains(product));
-		assertTrue("Expected version evidence to contain \"" + version + "\".", result
-				.getVersionEvidence().toString().contains(version));
+		assertTrue("Expected version evidence to contain \"" + version + "\".",
+				result.getVersionEvidence().toString().contains(version));
 	}

 	/**
@@ -84,7 +90,8 @@ public class AutoconfAnalyzerTest extends BaseTest {
 	}

 	/**
-	 * Test of inspect method, of class PythonDistributionAnalyzer.
+	 * Test whether expected evidence is gathered from Ghostscript's
+	 * configure.ac.
 	 *
 	 * @throws AnalysisException
 	 *             is thrown when an exception occurs.
@@ -98,7 +105,7 @@ public class AutoconfAnalyzerTest extends BaseTest {
 	}

 	/**
-	 * Test of inspect method, of class PythonDistributionAnalyzer.
+	 * Test whether expected evidence is gathered from Readable's configure.ac.
 	 *
 	 * @throws AnalysisException
 	 *             is thrown when an exception occurs.
@@ -119,8 +126,8 @@ public class AutoconfAnalyzerTest extends BaseTest {
 	}

 	/**
-	 * Test of inspect method, of class PythonDistributionAnalyzer.
-	 *
+	 * Test whether expected evidence is gathered from GNU Binutil's configure.
+	 * 
 	 * @throws AnalysisException
 	 *             is thrown when an exception occurs.
 	 */
@@ -133,7 +140,8 @@ public class AutoconfAnalyzerTest extends BaseTest {
 	}

 	/**
-	 * Test of inspect method, of class PythonDistributionAnalyzer.
+	 * Test whether expected evidence is gathered from GNU Ghostscript's
+	 * configure.
 	 *
 	 * @throws AnalysisException
 	 *             is thrown when an exception occurs.
@@ -147,7 +155,7 @@ public class AutoconfAnalyzerTest extends BaseTest {
 	}

 	/**
-	 * Test of getName method, of class PythonDistributionAnalyzer.
+	 * Test of getName method, of {@link AutoconfAnalyzer}.
 	 */
 	@Test
 	public void testGetName() {
@@ -156,8 +164,7 @@ public class AutoconfAnalyzerTest extends BaseTest {
 	}

 	/**
-	 * Test of getSupportedExtensions method, of class
-	 * PythonDistributionAnalyzer.
+	 * Test of {@link AutoconfAnalyzer#getSupportedExtensions}.
 	 */
 	@Test
 	public void testGetSupportedExtensions() {
@@ -169,7 +176,7 @@ public class AutoconfAnalyzerTest extends BaseTest {
 	}

 	/**
-	 * Test of supportsExtension method, of class PythonDistributionAnalyzer.
+	 * Test of {@link AutoconfAnalyzer#supportsExtension}.
 	 */
 	@Test
 	public void testSupportsExtension() {
@@ -180,5 +187,4 @@ public class AutoconfAnalyzerTest extends BaseTest {
 		assertTrue("Should support \"configure\" extension.",
 				analyzer.supportsExtension("configure"));
 	}
-
 }