From 877a584a26e08ed81bca325ea618fbb8c617ef5d Mon Sep 17 00:00:00 2001
From: Dale Visser <dvisser@ida.org>
Date: Tue, 15 Sep 2015 12:27:26 -0400
Subject: [PATCH] Ruby Bundler: Disable Gemspec analysis if successful init.
 Moved to new analysis phase after init, before info collection.

---
 .../analyzer/AnalysisPhase.java               |  4 ++++
 .../analyzer/RubyBundleAuditAnalyzer.java     | 23 ++++++++++++++++++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalysisPhase.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalysisPhase.java
index 5e63d4a77..61d128a18 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalysisPhase.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalysisPhase.java
@@ -28,6 +28,10 @@ public enum AnalysisPhase {
      * Initialization phase.
      */
     INITIAL,
+    /**
+     * Pre information collection phase
+     */
+    PRE_INFORMATION_COLLECTION,
     /**
      * Information collection phase.
      */
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
index 217de39b7..1164efddc 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
@@ -49,7 +49,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
     /**
      * The phase that this analyzer is intended to run in.
      */
-    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
+    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_INFORMATION_COLLECTION;
 
     private static final FileFilter FILTER =
             FileFilterBuilder.newInstance().addFilenames("Gemfile.lock").build();
@@ -165,9 +165,30 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
         return Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED;
     }
 
+    /**
+     * If {@link #analyzeFileType(Dependency, Engine)} is called, then we have successfully initialized, and it will
+     * be necessary to disable {@link RubyGemspecAnalyzer}.
+     */
+    private boolean needToDisableGemspecAnalyzer = true;
+
     @Override
     protected void analyzeFileType(Dependency dependency, Engine engine)
             throws AnalysisException {
+        if (needToDisableGemspecAnalyzer) {
+            boolean failed = true;
+            final String className = RubyGemspecAnalyzer.class.getName();
+            for (FileTypeAnalyzer analyzer : engine.getFileTypeAnalyzers()) {
+                if (analyzer instanceof RubyGemspecAnalyzer) {
+                    ((RubyGemspecAnalyzer) analyzer).setEnabled(false);
+                    LOGGER.info("Disabled " + className + " to avoid noisy duplicate results.");
+                    failed = false;
+                }
+            }
+            if (failed) {
+                LOGGER.warn("Did not find" + className + '.');
+            }
+            needToDisableGemspecAnalyzer = false;
+        }
         final File parentFile = dependency.getActualFile().getParentFile();
         final Process process = launchBundleAudit(parentFile);
         try {