From 7d3ac21e4280f43bfa14807f72a814424e6707c0 Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Tue, 2 Jun 2015 16:14:13 -0400 Subject: [PATCH] AutoconfAnalyzer: Some code refactoring to eliminate duplicate code and redundant condition checking, plus fixes/additions to Javadoc. Former-commit-id: 1c18377b6d871f354915ca210df6ee22534553ba --- .../analyzer/AutoconfAnalyzer.java | 39 ++++++++++-------- .../analyzer/AutoconfAnalyzerTest.java | 40 +++++++++++-------- 2 files changed, 46 insertions(+), 33 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java index ef2d1f283..47d038d66 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java @@ -35,14 +35,20 @@ import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.UrlStringUtils; /** - * Used to analyze a Wheel or egg distribution files, or their contents in - * unzipped form, and collect information that can be used to determine the - * associated CPE. + * Used to analyze Autoconf input files named configure.ac or configure.in. + * Files simply named "configure" are also analyzed, assuming they are generated + * by Autoconf, and contain certain special package descriptor variables. * * @author Dale Visser + * @see Autoconf - GNU Project - Free Software Foundation (FSF) */ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer { + /** + * Autoconf output filename. + */ + private static final String CONFIGURE = "configure"; + /** * Autoconf input filename. */ @@ -67,7 +73,7 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer { * The set of file extensions supported by this analyzer. */ private static final Set EXTENSIONS = newHashSet("ac", "in", - "configure"); + CONFIGURE); /** * Matches AC_INIT variables in the output configure script. @@ -142,21 +148,22 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer { throws AnalysisException { final File actualFile = dependency.getActualFile(); final String name = actualFile.getName(); - if (CONFIGURE_AC.equals(name) || CONFIGURE_IN.equals(name)) { + if (name.startsWith(CONFIGURE)) { final File parent = actualFile.getParentFile(); final String parentName = parent.getName(); dependency.setDisplayFileName(parentName + "/" + name); - final String contents = getFileContents(actualFile); - if (!contents.isEmpty()) { - gatherEvidence(dependency, name, contents); - } - } else if ("configure".equals(name)) { - final File parent = actualFile.getParentFile(); - final String parentName = parent.getName(); - dependency.setDisplayFileName(parentName + "/" + name); - final String contents = getFileContents(actualFile); - if (!contents.isEmpty()) { - extractConfigureScriptEvidence(dependency, name, contents); + final boolean isOutputScript = CONFIGURE.equals(name); + if (isOutputScript || CONFIGURE_AC.equals(name) + || CONFIGURE_IN.equals(name)) { + final String contents = getFileContents(actualFile); + if (!contents.isEmpty()) { + if (isOutputScript) { + extractConfigureScriptEvidence(dependency, name, + contents); + } else { + gatherEvidence(dependency, name, contents); + } + } } } else { // copy, alter and set in case some other thread is iterating over diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java index 9fda7c13b..0d50a2bb6 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java @@ -32,9 +32,15 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Dependency; /** - * Unit tests for PythonDistributionAnalyzer. + * Unit tests for AutoconfAnalyzer. The test resources under autoconf/ were + * obtained from outside open source software projects. Links to those projects + * are given below. * * @author Dale Visser + * @see Readable Lisp S-expressions + * Project + * @see GNU Binutils + * @see GNU Ghostscript */ public class AutoconfAnalyzerTest extends BaseTest { @@ -43,19 +49,19 @@ public class AutoconfAnalyzerTest extends BaseTest { */ AutoconfAnalyzer analyzer; - private void assertCommonEvidence(Dependency result, String product, String version, - String vendor) { + private void assertCommonEvidence(Dependency result, String product, + String version, String vendor) { assertProductAndVersion(result, product, version); - assertTrue("Expected vendor evidence to contain \"" + vendor + "\".", result - .getVendorEvidence().toString().contains(vendor)); + assertTrue("Expected vendor evidence to contain \"" + vendor + "\".", + result.getVendorEvidence().toString().contains(vendor)); } private void assertProductAndVersion(Dependency result, String product, String version) { assertTrue("Expected product evidence to contain \"" + product + "\".", result.getProductEvidence().toString().contains(product)); - assertTrue("Expected version evidence to contain \"" + version + "\".", result - .getVersionEvidence().toString().contains(version)); + assertTrue("Expected version evidence to contain \"" + version + "\".", + result.getVersionEvidence().toString().contains(version)); } /** @@ -84,7 +90,8 @@ public class AutoconfAnalyzerTest extends BaseTest { } /** - * Test of inspect method, of class PythonDistributionAnalyzer. + * Test whether expected evidence is gathered from Ghostscript's + * configure.ac. * * @throws AnalysisException * is thrown when an exception occurs. @@ -98,7 +105,7 @@ public class AutoconfAnalyzerTest extends BaseTest { } /** - * Test of inspect method, of class PythonDistributionAnalyzer. + * Test whether expected evidence is gathered from Readable's configure.ac. * * @throws AnalysisException * is thrown when an exception occurs. @@ -119,8 +126,8 @@ public class AutoconfAnalyzerTest extends BaseTest { } /** - * Test of inspect method, of class PythonDistributionAnalyzer. - * + * Test whether expected evidence is gathered from GNU Binutil's configure. + * * @throws AnalysisException * is thrown when an exception occurs. */ @@ -133,7 +140,8 @@ public class AutoconfAnalyzerTest extends BaseTest { } /** - * Test of inspect method, of class PythonDistributionAnalyzer. + * Test whether expected evidence is gathered from GNU Ghostscript's + * configure. * * @throws AnalysisException * is thrown when an exception occurs. @@ -147,7 +155,7 @@ public class AutoconfAnalyzerTest extends BaseTest { } /** - * Test of getName method, of class PythonDistributionAnalyzer. + * Test of getName method, of {@link AutoconfAnalyzer}. */ @Test public void testGetName() { @@ -156,8 +164,7 @@ public class AutoconfAnalyzerTest extends BaseTest { } /** - * Test of getSupportedExtensions method, of class - * PythonDistributionAnalyzer. + * Test of {@link AutoconfAnalyzer#getSupportedExtensions}. */ @Test public void testGetSupportedExtensions() { @@ -169,7 +176,7 @@ public class AutoconfAnalyzerTest extends BaseTest { } /** - * Test of supportsExtension method, of class PythonDistributionAnalyzer. + * Test of {@link AutoconfAnalyzer#supportsExtension}. */ @Test public void testSupportsExtension() { @@ -180,5 +187,4 @@ public class AutoconfAnalyzerTest extends BaseTest { assertTrue("Should support \"configure\" extension.", analyzer.supportsExtension("configure")); } - } \ No newline at end of file