github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-25 02:21:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

improved exception handling

Browse Source 
Former-commit-id: d47fd5bc34d2894d09a40b42040aa080748e5c6f
This commit is contained in:
Jeremy Long
2013-06-25 22:31:59 -04:00
parent 07fbf2ae3b
commit 8323dbc7b5
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -55,6 +55,7 @@ import org.owasp.dependencycheck.jaxb.pom.MavenNamespaceFilter;
import org.owasp.dependencycheck.jaxb.pom.generated.License; import org.owasp.dependencycheck.jaxb.pom.generated.License;
import org.owasp.dependencycheck.jaxb.pom.generated.Model; import org.owasp.dependencycheck.jaxb.pom.generated.Model;
import org.owasp.dependencycheck.jaxb.pom.generated.Organization; import org.owasp.dependencycheck.jaxb.pom.generated.Organization;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.NonClosingStream; import org.owasp.dependencycheck.utils.NonClosingStream;
import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.Settings;
import org.xml.sax.InputSource; import org.xml.sax.InputSource;
@@ -199,13 +200,18 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
* file. * file.
*/ */
public void analyze(Dependency dependency, Engine engine) throws AnalysisException { public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
boolean addPackagesAsEvidence = false;
//todo - catch should be more granular here, one for each call likely
//todo - think about sources/javadoc jars, should we remove or move to related dependency?
try { try {
boolean addPackagesAsEvidence = false;
final boolean hasManifest = parseManifest(dependency); final boolean hasManifest = parseManifest(dependency);
final boolean hasPOM = analyzePOM(dependency); final boolean hasPOM = analyzePOM(dependency);
final boolean deepScan = Settings.getBoolean(Settings.KEYS.PERFORM_DEEP_SCAN); boolean deepScan;
try {
deepScan = Settings.getBoolean(Settings.KEYS.PERFORM_DEEP_SCAN);
} catch (InvalidSettingException ex) {
deepScan = false;
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, "The deep scan configuration is invalid, defaulting to false.");
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
}
if ((!hasManifest && !hasPOM) || deepScan) { if ((!hasManifest && !hasPOM) || deepScan) {
addPackagesAsEvidence = true; addPackagesAsEvidence = true;
} }