github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 00:29:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby Bundler: Disable Gemspec analysis if successful init. Moved to new analysis phase after init, before info collection.

Browse Source
This commit is contained in:
Dale Visser
2015-09-15 12:27:26 -04:00
parent 0c60c9ff75
commit 877a584a26
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalysisPhase.java
View File

@@ -28,6 +28,10 @@ public enum AnalysisPhase {
* Initialization phase. * Initialization phase.
*/ */
INITIAL, INITIAL,
/**
* Pre information collection phase
*/
PRE_INFORMATION_COLLECTION,
/** /**
* Information collection phase. * Information collection phase.
*/ */

23
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View File

@@ -49,7 +49,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
/** /**
* The phase that this analyzer is intended to run in. * The phase that this analyzer is intended to run in.
*/ */
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION; private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_INFORMATION_COLLECTION;
private static final FileFilter FILTER = private static final FileFilter FILTER =
FileFilterBuilder.newInstance().addFilenames("Gemfile.lock").build(); FileFilterBuilder.newInstance().addFilenames("Gemfile.lock").build();
@@ -165,9 +165,30 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
return Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED; return Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED;
} }
/**
* If {@link #analyzeFileType(Dependency, Engine)} is called, then we have successfully initialized, and it will
* be necessary to disable {@link RubyGemspecAnalyzer}.
*/
private boolean needToDisableGemspecAnalyzer = true;
@Override @Override
protected void analyzeFileType(Dependency dependency, Engine engine) protected void analyzeFileType(Dependency dependency, Engine engine)
throws AnalysisException { throws AnalysisException {
if (needToDisableGemspecAnalyzer) {
boolean failed = true;
final String className = RubyGemspecAnalyzer.class.getName();
for (FileTypeAnalyzer analyzer : engine.getFileTypeAnalyzers()) {
if (analyzer instanceof RubyGemspecAnalyzer) {
((RubyGemspecAnalyzer) analyzer).setEnabled(false);
LOGGER.info("Disabled " + className + " to avoid noisy duplicate results.");
failed = false;
}
}
if (failed) {
LOGGER.warn("Did not find" + className + '.');
}
needToDisableGemspecAnalyzer = false;
}
final File parentFile = dependency.getActualFile().getParentFile(); final File parentFile = dependency.getActualFile().getParentFile();
final Process process = launchBundleAudit(parentFile); final Process process = launchBundleAudit(parentFile);
try { try {