mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-28 03:51:33 +01:00
v1.3.4 documentation
This commit is contained in:
Jeremy Long
@@ -328,7 +328,7 @@
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> foundSomething |= setPomEvidence(dependency, pom, classes);
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> }
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> } <strong class="jxr_keyword">catch</strong> (AnalysisException ex) {
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> LOGGER.warn(<span class="jxr_string">"An error occured while analyzing '{}'."</span>, dependency.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> LOGGER.warn(<span class="jxr_string">"An error occurred while analyzing '{}'."</span>, dependency.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> LOGGER.trace(<span class="jxr_string">""</span>, ex);
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> }
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> }
|
||||
@@ -843,351 +843,348 @@
|
||||
<a class="jxr_linenumber" name="L835" href="#L835">835</a> }
|
||||
<a class="jxr_linenumber" name="L836" href="#L836">836</a>
|
||||
<a class="jxr_linenumber" name="L837" href="#L837">837</a> <strong class="jxr_keyword">if</strong> (pos > 0) {
|
||||
<a class="jxr_linenumber" name="L838" href="#L838">838</a> <strong class="jxr_keyword">final</strong> StringBuilder sb = <strong class="jxr_keyword">new</strong> StringBuilder(pos + 3);
|
||||
<a class="jxr_linenumber" name="L839" href="#L839">839</a> sb.append(desc.substring(0, pos));
|
||||
<a class="jxr_linenumber" name="L840" href="#L840">840</a> sb.append(<span class="jxr_string">"..."</span>);
|
||||
<a class="jxr_linenumber" name="L841" href="#L841">841</a> desc = sb.toString();
|
||||
<a class="jxr_linenumber" name="L842" href="#L842">842</a> }
|
||||
<a class="jxr_linenumber" name="L843" href="#L843">843</a> dependency.getProductEvidence().addEvidence(source, key, desc, Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L844" href="#L844">844</a> dependency.getVendorEvidence().addEvidence(source, key, desc, Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L845" href="#L845">845</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L846" href="#L846">846</a> dependency.getProductEvidence().addEvidence(source, key, desc, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L847" href="#L847">847</a> dependency.getVendorEvidence().addEvidence(source, key, desc, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L848" href="#L848">848</a> }
|
||||
<a class="jxr_linenumber" name="L849" href="#L849">849</a> <strong class="jxr_keyword">return</strong> desc;
|
||||
<a class="jxr_linenumber" name="L850" href="#L850">850</a> }
|
||||
<a class="jxr_linenumber" name="L851" href="#L851">851</a>
|
||||
<a class="jxr_linenumber" name="L852" href="#L852">852</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L853" href="#L853">853</a> <em class="jxr_javadoccomment"> * Adds a license to the given dependency.</em>
|
||||
<a class="jxr_linenumber" name="L854" href="#L854">854</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L855" href="#L855">855</a> <em class="jxr_javadoccomment"> * @param d a dependency</em>
|
||||
<a class="jxr_linenumber" name="L856" href="#L856">856</a> <em class="jxr_javadoccomment"> * @param license the license</em>
|
||||
<a class="jxr_linenumber" name="L857" href="#L857">857</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L858" href="#L858">858</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addLicense(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> d, String license) {
|
||||
<a class="jxr_linenumber" name="L859" href="#L859">859</a> <strong class="jxr_keyword">if</strong> (d.getLicense() == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L860" href="#L860">860</a> d.setLicense(license);
|
||||
<a class="jxr_linenumber" name="L861" href="#L861">861</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (!d.getLicense().contains(license)) {
|
||||
<a class="jxr_linenumber" name="L862" href="#L862">862</a> d.setLicense(d.getLicense() + NEWLINE + license);
|
||||
<a class="jxr_linenumber" name="L863" href="#L863">863</a> }
|
||||
<a class="jxr_linenumber" name="L864" href="#L864">864</a> }
|
||||
<a class="jxr_linenumber" name="L865" href="#L865">865</a>
|
||||
<a class="jxr_linenumber" name="L866" href="#L866">866</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L867" href="#L867">867</a> <em class="jxr_javadoccomment"> * The parent directory for the individual directories per archive.</em>
|
||||
<a class="jxr_linenumber" name="L868" href="#L868">868</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L869" href="#L869">869</a> <strong class="jxr_keyword">private</strong> File tempFileLocation = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L870" href="#L870">870</a>
|
||||
<a class="jxr_linenumber" name="L871" href="#L871">871</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L872" href="#L872">872</a> <em class="jxr_javadoccomment"> * Initializes the JarAnalyzer.</em>
|
||||
<a class="jxr_linenumber" name="L873" href="#L873">873</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L874" href="#L874">874</a> <em class="jxr_javadoccomment"> * @throws Exception is thrown if there is an exception creating a temporary directory</em>
|
||||
<a class="jxr_linenumber" name="L875" href="#L875">875</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L876" href="#L876">876</a> @Override
|
||||
<a class="jxr_linenumber" name="L877" href="#L877">877</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L878" href="#L878">878</a> <strong class="jxr_keyword">final</strong> File baseDir = Settings.getTempDirectory();
|
||||
<a class="jxr_linenumber" name="L879" href="#L879">879</a> tempFileLocation = File.createTempFile(<span class="jxr_string">"check"</span>, <span class="jxr_string">"tmp"</span>, baseDir);
|
||||
<a class="jxr_linenumber" name="L880" href="#L880">880</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.delete()) {
|
||||
<a class="jxr_linenumber" name="L881" href="#L881">881</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to delete temporary file '%s'."</span>, tempFileLocation.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L882" href="#L882">882</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L883" href="#L883">883</a> }
|
||||
<a class="jxr_linenumber" name="L884" href="#L884">884</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L885" href="#L885">885</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to create directory '%s'."</span>, tempFileLocation.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L886" href="#L886">886</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L887" href="#L887">887</a> }
|
||||
<a class="jxr_linenumber" name="L888" href="#L888">888</a> }
|
||||
<a class="jxr_linenumber" name="L889" href="#L889">889</a>
|
||||
<a class="jxr_linenumber" name="L890" href="#L890">890</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L891" href="#L891">891</a> <em class="jxr_javadoccomment"> * Deletes any files extracted from the JAR during analysis.</em>
|
||||
<a class="jxr_linenumber" name="L892" href="#L892">892</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L893" href="#L893">893</a> @Override
|
||||
<a class="jxr_linenumber" name="L894" href="#L894">894</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() {
|
||||
<a class="jxr_linenumber" name="L895" href="#L895">895</a> <strong class="jxr_keyword">if</strong> (tempFileLocation != <strong class="jxr_keyword">null</strong> && tempFileLocation.exists()) {
|
||||
<a class="jxr_linenumber" name="L896" href="#L896">896</a> LOGGER.debug(<span class="jxr_string">"Attempting to delete temporary files"</span>);
|
||||
<a class="jxr_linenumber" name="L897" href="#L897">897</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> success = FileUtils.delete(tempFileLocation);
|
||||
<a class="jxr_linenumber" name="L898" href="#L898">898</a> <strong class="jxr_keyword">if</strong> (!success) {
|
||||
<a class="jxr_linenumber" name="L899" href="#L899">899</a> LOGGER.warn(<span class="jxr_string">"Failed to delete some temporary files, see the log for more details"</span>);
|
||||
<a class="jxr_linenumber" name="L900" href="#L900">900</a> }
|
||||
<a class="jxr_linenumber" name="L901" href="#L901">901</a> }
|
||||
<a class="jxr_linenumber" name="L902" href="#L902">902</a> }
|
||||
<a class="jxr_linenumber" name="L903" href="#L903">903</a>
|
||||
<a class="jxr_linenumber" name="L904" href="#L904">904</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L905" href="#L905">905</a> <em class="jxr_javadoccomment"> * Determines if the key value pair from the manifest is for an "import" type entry for package names.</em>
|
||||
<a class="jxr_linenumber" name="L906" href="#L906">906</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L907" href="#L907">907</a> <em class="jxr_javadoccomment"> * @param key the key from the manifest</em>
|
||||
<a class="jxr_linenumber" name="L908" href="#L908">908</a> <em class="jxr_javadoccomment"> * @param value the value from the manifest</em>
|
||||
<a class="jxr_linenumber" name="L909" href="#L909">909</a> <em class="jxr_javadoccomment"> * @return true or false depending on if it is believed the entry is an "import" entry</em>
|
||||
<a class="jxr_linenumber" name="L910" href="#L910">910</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L911" href="#L911">911</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isImportPackage(String key, String value) {
|
||||
<a class="jxr_linenumber" name="L912" href="#L912">912</a> <strong class="jxr_keyword">final</strong> Pattern packageRx = Pattern.compile(<span class="jxr_string">"^([a-zA-Z0-9_#\\$\\*\\.]+\\s*[,;]\\s*)+([a-zA-Z0-9_#\\$\\*\\.]+\\s*)?$"</span>);
|
||||
<a class="jxr_linenumber" name="L913" href="#L913">913</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> matches = packageRx.matcher(value).matches();
|
||||
<a class="jxr_linenumber" name="L914" href="#L914">914</a> <strong class="jxr_keyword">return</strong> matches && (key.contains(<span class="jxr_string">"import"</span>) || key.contains(<span class="jxr_string">"include"</span>) || value.length() > 10);
|
||||
<a class="jxr_linenumber" name="L915" href="#L915">915</a> }
|
||||
<a class="jxr_linenumber" name="L916" href="#L916">916</a>
|
||||
<a class="jxr_linenumber" name="L917" href="#L917">917</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L918" href="#L918">918</a> <em class="jxr_javadoccomment"> * Cycles through an enumeration of JarEntries, contained within the dependency, and returns a list of the class names. This</em>
|
||||
<a class="jxr_linenumber" name="L919" href="#L919">919</a> <em class="jxr_javadoccomment"> * does not include core Java package names (i.e. java.* or javax.*).</em>
|
||||
<a class="jxr_linenumber" name="L920" href="#L920">920</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L921" href="#L921">921</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L922" href="#L922">922</a> <em class="jxr_javadoccomment"> * @return an list of fully qualified class names</em>
|
||||
<a class="jxr_linenumber" name="L923" href="#L923">923</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L924" href="#L924">924</a> <strong class="jxr_keyword">private</strong> List<ClassNameInformation> collectClassNames(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L925" href="#L925">925</a> <strong class="jxr_keyword">final</strong> List<ClassNameInformation> classNames = <strong class="jxr_keyword">new</strong> ArrayList<ClassNameInformation>();
|
||||
<a class="jxr_linenumber" name="L926" href="#L926">926</a> JarFile jar = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L927" href="#L927">927</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L928" href="#L928">928</a> jar = <strong class="jxr_keyword">new</strong> JarFile(dependency.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L929" href="#L929">929</a> <strong class="jxr_keyword">final</strong> Enumeration<JarEntry> entries = jar.entries();
|
||||
<a class="jxr_linenumber" name="L930" href="#L930">930</a> <strong class="jxr_keyword">while</strong> (entries.hasMoreElements()) {
|
||||
<a class="jxr_linenumber" name="L931" href="#L931">931</a> <strong class="jxr_keyword">final</strong> JarEntry entry = entries.nextElement();
|
||||
<a class="jxr_linenumber" name="L932" href="#L932">932</a> <strong class="jxr_keyword">final</strong> String name = entry.getName().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L933" href="#L933">933</a> <em class="jxr_comment">//no longer stripping "|com\\.sun" - there are some com.sun jar files with CVEs.</em>
|
||||
<a class="jxr_linenumber" name="L934" href="#L934">934</a> <strong class="jxr_keyword">if</strong> (name.endsWith(<span class="jxr_string">".class"</span>) && !name.matches(<span class="jxr_string">"^javax?\\..*$"</span>)) {
|
||||
<a class="jxr_linenumber" name="L935" href="#L935">935</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/JarAnalyzer.html">ClassNameInformation</a> className = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/JarAnalyzer.html">ClassNameInformation</a>(name.substring(0, name.length() - 6));
|
||||
<a class="jxr_linenumber" name="L936" href="#L936">936</a> classNames.add(className);
|
||||
<a class="jxr_linenumber" name="L937" href="#L937">937</a> }
|
||||
<a class="jxr_linenumber" name="L938" href="#L938">938</a> }
|
||||
<a class="jxr_linenumber" name="L939" href="#L939">939</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L940" href="#L940">940</a> LOGGER.warn(<span class="jxr_string">"Unable to open jar file '{}'."</span>, dependency.getFileName());
|
||||
<a class="jxr_linenumber" name="L941" href="#L941">941</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
|
||||
<a class="jxr_linenumber" name="L942" href="#L942">942</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L943" href="#L943">943</a> <strong class="jxr_keyword">if</strong> (jar != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L944" href="#L944">944</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L945" href="#L945">945</a> jar.close();
|
||||
<a class="jxr_linenumber" name="L946" href="#L946">946</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L947" href="#L947">947</a> LOGGER.trace(<span class="jxr_string">""</span>, ex);
|
||||
<a class="jxr_linenumber" name="L948" href="#L948">948</a> }
|
||||
<a class="jxr_linenumber" name="L949" href="#L949">949</a> }
|
||||
<a class="jxr_linenumber" name="L950" href="#L950">950</a> }
|
||||
<a class="jxr_linenumber" name="L951" href="#L951">951</a> <strong class="jxr_keyword">return</strong> classNames;
|
||||
<a class="jxr_linenumber" name="L952" href="#L952">952</a> }
|
||||
<a class="jxr_linenumber" name="L953" href="#L953">953</a>
|
||||
<a class="jxr_linenumber" name="L954" href="#L954">954</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L955" href="#L955">955</a> <em class="jxr_javadoccomment"> * Cycles through the list of class names and places the package levels 0-3 into the provided maps for vendor and product.</em>
|
||||
<a class="jxr_linenumber" name="L956" href="#L956">956</a> <em class="jxr_javadoccomment"> * This is helpful when analyzing vendor/product as many times this is included in the package name.</em>
|
||||
<a class="jxr_linenumber" name="L957" href="#L957">957</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L958" href="#L958">958</a> <em class="jxr_javadoccomment"> * @param classNames a list of class names</em>
|
||||
<a class="jxr_linenumber" name="L959" href="#L959">959</a> <em class="jxr_javadoccomment"> * @param vendor HashMap of possible vendor names from package names (e.g. owasp)</em>
|
||||
<a class="jxr_linenumber" name="L960" href="#L960">960</a> <em class="jxr_javadoccomment"> * @param product HashMap of possible product names from package names (e.g. dependencycheck)</em>
|
||||
<a class="jxr_linenumber" name="L961" href="#L961">961</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L962" href="#L962">962</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> analyzeFullyQualifiedClassNames(List<ClassNameInformation> classNames,
|
||||
<a class="jxr_linenumber" name="L963" href="#L963">963</a> Map<String, Integer> vendor, Map<String, Integer> product) {
|
||||
<a class="jxr_linenumber" name="L964" href="#L964">964</a> <strong class="jxr_keyword">for</strong> (ClassNameInformation entry : classNames) {
|
||||
<a class="jxr_linenumber" name="L965" href="#L965">965</a> <strong class="jxr_keyword">final</strong> List<String> list = entry.getPackageStructure();
|
||||
<a class="jxr_linenumber" name="L966" href="#L966">966</a> addEntry(vendor, list.get(0));
|
||||
<a class="jxr_linenumber" name="L967" href="#L967">967</a>
|
||||
<a class="jxr_linenumber" name="L968" href="#L968">968</a> <strong class="jxr_keyword">if</strong> (list.size() == 2) {
|
||||
<a class="jxr_linenumber" name="L969" href="#L969">969</a> addEntry(product, list.get(1));
|
||||
<a class="jxr_linenumber" name="L970" href="#L970">970</a> }
|
||||
<a class="jxr_linenumber" name="L971" href="#L971">971</a> <strong class="jxr_keyword">if</strong> (list.size() == 3) {
|
||||
<a class="jxr_linenumber" name="L972" href="#L972">972</a> addEntry(vendor, list.get(1));
|
||||
<a class="jxr_linenumber" name="L973" href="#L973">973</a> addEntry(product, list.get(1));
|
||||
<a class="jxr_linenumber" name="L974" href="#L974">974</a> addEntry(product, list.get(2));
|
||||
<a class="jxr_linenumber" name="L975" href="#L975">975</a> }
|
||||
<a class="jxr_linenumber" name="L976" href="#L976">976</a> <strong class="jxr_keyword">if</strong> (list.size() >= 4) {
|
||||
<a class="jxr_linenumber" name="L977" href="#L977">977</a> addEntry(vendor, list.get(1));
|
||||
<a class="jxr_linenumber" name="L978" href="#L978">978</a> addEntry(vendor, list.get(2));
|
||||
<a class="jxr_linenumber" name="L979" href="#L979">979</a> addEntry(product, list.get(1));
|
||||
<a class="jxr_linenumber" name="L980" href="#L980">980</a> addEntry(product, list.get(2));
|
||||
<a class="jxr_linenumber" name="L981" href="#L981">981</a> addEntry(product, list.get(3));
|
||||
<a class="jxr_linenumber" name="L982" href="#L982">982</a> }
|
||||
<a class="jxr_linenumber" name="L983" href="#L983">983</a> }
|
||||
<a class="jxr_linenumber" name="L984" href="#L984">984</a> }
|
||||
<a class="jxr_linenumber" name="L985" href="#L985">985</a>
|
||||
<a class="jxr_linenumber" name="L986" href="#L986">986</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L987" href="#L987">987</a> <em class="jxr_javadoccomment"> * Adds an entry to the specified collection and sets the Integer (e.g. the count) to 1. If the entry already exists in the</em>
|
||||
<a class="jxr_linenumber" name="L988" href="#L988">988</a> <em class="jxr_javadoccomment"> * collection then the Integer is incremented by 1.</em>
|
||||
<a class="jxr_linenumber" name="L989" href="#L989">989</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L990" href="#L990">990</a> <em class="jxr_javadoccomment"> * @param collection a collection of strings and their occurrence count</em>
|
||||
<a class="jxr_linenumber" name="L991" href="#L991">991</a> <em class="jxr_javadoccomment"> * @param key the key to add to the collection</em>
|
||||
<a class="jxr_linenumber" name="L992" href="#L992">992</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L993" href="#L993">993</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addEntry(Map<String, Integer> collection, String key) {
|
||||
<a class="jxr_linenumber" name="L994" href="#L994">994</a> <strong class="jxr_keyword">if</strong> (collection.containsKey(key)) {
|
||||
<a class="jxr_linenumber" name="L995" href="#L995">995</a> collection.put(key, collection.get(key) + 1);
|
||||
<a class="jxr_linenumber" name="L996" href="#L996">996</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L997" href="#L997">997</a> collection.put(key, 1);
|
||||
<a class="jxr_linenumber" name="L998" href="#L998">998</a> }
|
||||
<a class="jxr_linenumber" name="L999" href="#L999">999</a> }
|
||||
<a class="jxr_linenumber" name="L1000" href="#L1000">1000</a>
|
||||
<a class="jxr_linenumber" name="L1001" href="#L1001">1001</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1002" href="#L1002">1002</a> <em class="jxr_javadoccomment"> * Cycles through the collection of class name information to see if parts of the package names are contained in the provided</em>
|
||||
<a class="jxr_linenumber" name="L1003" href="#L1003">1003</a> <em class="jxr_javadoccomment"> * value. If found, it will be added as the HIGHEST confidence evidence because we have more then one source corroborating the</em>
|
||||
<a class="jxr_linenumber" name="L1004" href="#L1004">1004</a> <em class="jxr_javadoccomment"> * value.</em>
|
||||
<a class="jxr_linenumber" name="L1005" href="#L1005">1005</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1006" href="#L1006">1006</a> <em class="jxr_javadoccomment"> * @param classes a collection of class name information</em>
|
||||
<a class="jxr_linenumber" name="L1007" href="#L1007">1007</a> <em class="jxr_javadoccomment"> * @param value the value to check to see if it contains a package name</em>
|
||||
<a class="jxr_linenumber" name="L1008" href="#L1008">1008</a> <em class="jxr_javadoccomment"> * @param evidence the evidence collection to add new entries too</em>
|
||||
<a class="jxr_linenumber" name="L1009" href="#L1009">1009</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1010" href="#L1010">1010</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> addMatchingValues(List<ClassNameInformation> classes, String value, <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence) {
|
||||
<a class="jxr_linenumber" name="L1011" href="#L1011">1011</a> <strong class="jxr_keyword">if</strong> (value == <strong class="jxr_keyword">null</strong> || value.isEmpty() || classes == <strong class="jxr_keyword">null</strong> || classes.isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L1012" href="#L1012">1012</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L1013" href="#L1013">1013</a> }
|
||||
<a class="jxr_linenumber" name="L1014" href="#L1014">1014</a> <strong class="jxr_keyword">final</strong> String text = value.toLowerCase();
|
||||
<a class="jxr_linenumber" name="L1015" href="#L1015">1015</a> <strong class="jxr_keyword">for</strong> (ClassNameInformation cni : classes) {
|
||||
<a class="jxr_linenumber" name="L1016" href="#L1016">1016</a> <strong class="jxr_keyword">for</strong> (String key : cni.getPackageStructure()) {
|
||||
<a class="jxr_linenumber" name="L1017" href="#L1017">1017</a> <strong class="jxr_keyword">if</strong> (text.contains(key)) { <em class="jxr_comment">//note, package structure elements are already lowercase.</em>
|
||||
<a class="jxr_linenumber" name="L1018" href="#L1018">1018</a> evidence.addEvidence(<span class="jxr_string">"jar"</span>, <span class="jxr_string">"package name"</span>, key, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L1019" href="#L1019">1019</a> }
|
||||
<a class="jxr_linenumber" name="L1020" href="#L1020">1020</a> }
|
||||
<a class="jxr_linenumber" name="L1021" href="#L1021">1021</a> }
|
||||
<a class="jxr_linenumber" name="L1022" href="#L1022">1022</a> }
|
||||
<a class="jxr_linenumber" name="L1023" href="#L1023">1023</a>
|
||||
<a class="jxr_linenumber" name="L1024" href="#L1024">1024</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1025" href="#L1025">1025</a> <em class="jxr_javadoccomment"> * Simple check to see if the attribute from a manifest is just a package name.</em>
|
||||
<a class="jxr_linenumber" name="L1026" href="#L1026">1026</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1027" href="#L1027">1027</a> <em class="jxr_javadoccomment"> * @param key the key of the value to check</em>
|
||||
<a class="jxr_linenumber" name="L1028" href="#L1028">1028</a> <em class="jxr_javadoccomment"> * @param value the value to check</em>
|
||||
<a class="jxr_linenumber" name="L1029" href="#L1029">1029</a> <em class="jxr_javadoccomment"> * @return true if the value looks like a java package name, otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L1030" href="#L1030">1030</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1031" href="#L1031">1031</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isPackage(String key, String value) {
|
||||
<a class="jxr_linenumber" name="L838" href="#L838">838</a> desc = desc.substring(0, pos) + <span class="jxr_string">"..."</span>;
|
||||
<a class="jxr_linenumber" name="L839" href="#L839">839</a> }
|
||||
<a class="jxr_linenumber" name="L840" href="#L840">840</a> dependency.getProductEvidence().addEvidence(source, key, desc, Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L841" href="#L841">841</a> dependency.getVendorEvidence().addEvidence(source, key, desc, Confidence.LOW);
|
||||
<a class="jxr_linenumber" name="L842" href="#L842">842</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L843" href="#L843">843</a> dependency.getProductEvidence().addEvidence(source, key, desc, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L844" href="#L844">844</a> dependency.getVendorEvidence().addEvidence(source, key, desc, Confidence.MEDIUM);
|
||||
<a class="jxr_linenumber" name="L845" href="#L845">845</a> }
|
||||
<a class="jxr_linenumber" name="L846" href="#L846">846</a> <strong class="jxr_keyword">return</strong> desc;
|
||||
<a class="jxr_linenumber" name="L847" href="#L847">847</a> }
|
||||
<a class="jxr_linenumber" name="L848" href="#L848">848</a>
|
||||
<a class="jxr_linenumber" name="L849" href="#L849">849</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L850" href="#L850">850</a> <em class="jxr_javadoccomment"> * Adds a license to the given dependency.</em>
|
||||
<a class="jxr_linenumber" name="L851" href="#L851">851</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L852" href="#L852">852</a> <em class="jxr_javadoccomment"> * @param d a dependency</em>
|
||||
<a class="jxr_linenumber" name="L853" href="#L853">853</a> <em class="jxr_javadoccomment"> * @param license the license</em>
|
||||
<a class="jxr_linenumber" name="L854" href="#L854">854</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L855" href="#L855">855</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addLicense(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> d, String license) {
|
||||
<a class="jxr_linenumber" name="L856" href="#L856">856</a> <strong class="jxr_keyword">if</strong> (d.getLicense() == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L857" href="#L857">857</a> d.setLicense(license);
|
||||
<a class="jxr_linenumber" name="L858" href="#L858">858</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (!d.getLicense().contains(license)) {
|
||||
<a class="jxr_linenumber" name="L859" href="#L859">859</a> d.setLicense(d.getLicense() + NEWLINE + license);
|
||||
<a class="jxr_linenumber" name="L860" href="#L860">860</a> }
|
||||
<a class="jxr_linenumber" name="L861" href="#L861">861</a> }
|
||||
<a class="jxr_linenumber" name="L862" href="#L862">862</a>
|
||||
<a class="jxr_linenumber" name="L863" href="#L863">863</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L864" href="#L864">864</a> <em class="jxr_javadoccomment"> * The parent directory for the individual directories per archive.</em>
|
||||
<a class="jxr_linenumber" name="L865" href="#L865">865</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L866" href="#L866">866</a> <strong class="jxr_keyword">private</strong> File tempFileLocation = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L867" href="#L867">867</a>
|
||||
<a class="jxr_linenumber" name="L868" href="#L868">868</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L869" href="#L869">869</a> <em class="jxr_javadoccomment"> * Initializes the JarAnalyzer.</em>
|
||||
<a class="jxr_linenumber" name="L870" href="#L870">870</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L871" href="#L871">871</a> <em class="jxr_javadoccomment"> * @throws Exception is thrown if there is an exception creating a temporary directory</em>
|
||||
<a class="jxr_linenumber" name="L872" href="#L872">872</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L873" href="#L873">873</a> @Override
|
||||
<a class="jxr_linenumber" name="L874" href="#L874">874</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L875" href="#L875">875</a> <strong class="jxr_keyword">final</strong> File baseDir = Settings.getTempDirectory();
|
||||
<a class="jxr_linenumber" name="L876" href="#L876">876</a> tempFileLocation = File.createTempFile(<span class="jxr_string">"check"</span>, <span class="jxr_string">"tmp"</span>, baseDir);
|
||||
<a class="jxr_linenumber" name="L877" href="#L877">877</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.delete()) {
|
||||
<a class="jxr_linenumber" name="L878" href="#L878">878</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to delete temporary file '%s'."</span>, tempFileLocation.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L879" href="#L879">879</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L880" href="#L880">880</a> }
|
||||
<a class="jxr_linenumber" name="L881" href="#L881">881</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L882" href="#L882">882</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to create directory '%s'."</span>, tempFileLocation.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L883" href="#L883">883</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L884" href="#L884">884</a> }
|
||||
<a class="jxr_linenumber" name="L885" href="#L885">885</a> }
|
||||
<a class="jxr_linenumber" name="L886" href="#L886">886</a>
|
||||
<a class="jxr_linenumber" name="L887" href="#L887">887</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L888" href="#L888">888</a> <em class="jxr_javadoccomment"> * Deletes any files extracted from the JAR during analysis.</em>
|
||||
<a class="jxr_linenumber" name="L889" href="#L889">889</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L890" href="#L890">890</a> @Override
|
||||
<a class="jxr_linenumber" name="L891" href="#L891">891</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() {
|
||||
<a class="jxr_linenumber" name="L892" href="#L892">892</a> <strong class="jxr_keyword">if</strong> (tempFileLocation != <strong class="jxr_keyword">null</strong> && tempFileLocation.exists()) {
|
||||
<a class="jxr_linenumber" name="L893" href="#L893">893</a> LOGGER.debug(<span class="jxr_string">"Attempting to delete temporary files"</span>);
|
||||
<a class="jxr_linenumber" name="L894" href="#L894">894</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> success = FileUtils.delete(tempFileLocation);
|
||||
<a class="jxr_linenumber" name="L895" href="#L895">895</a> <strong class="jxr_keyword">if</strong> (!success) {
|
||||
<a class="jxr_linenumber" name="L896" href="#L896">896</a> LOGGER.warn(<span class="jxr_string">"Failed to delete some temporary files, see the log for more details"</span>);
|
||||
<a class="jxr_linenumber" name="L897" href="#L897">897</a> }
|
||||
<a class="jxr_linenumber" name="L898" href="#L898">898</a> }
|
||||
<a class="jxr_linenumber" name="L899" href="#L899">899</a> }
|
||||
<a class="jxr_linenumber" name="L900" href="#L900">900</a>
|
||||
<a class="jxr_linenumber" name="L901" href="#L901">901</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L902" href="#L902">902</a> <em class="jxr_javadoccomment"> * Determines if the key value pair from the manifest is for an "import" type entry for package names.</em>
|
||||
<a class="jxr_linenumber" name="L903" href="#L903">903</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L904" href="#L904">904</a> <em class="jxr_javadoccomment"> * @param key the key from the manifest</em>
|
||||
<a class="jxr_linenumber" name="L905" href="#L905">905</a> <em class="jxr_javadoccomment"> * @param value the value from the manifest</em>
|
||||
<a class="jxr_linenumber" name="L906" href="#L906">906</a> <em class="jxr_javadoccomment"> * @return true or false depending on if it is believed the entry is an "import" entry</em>
|
||||
<a class="jxr_linenumber" name="L907" href="#L907">907</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L908" href="#L908">908</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isImportPackage(String key, String value) {
|
||||
<a class="jxr_linenumber" name="L909" href="#L909">909</a> <strong class="jxr_keyword">final</strong> Pattern packageRx = Pattern.compile(<span class="jxr_string">"^([a-zA-Z0-9_#\\$\\*\\.]+\\s*[,;]\\s*)+([a-zA-Z0-9_#\\$\\*\\.]+\\s*)?$"</span>);
|
||||
<a class="jxr_linenumber" name="L910" href="#L910">910</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> matches = packageRx.matcher(value).matches();
|
||||
<a class="jxr_linenumber" name="L911" href="#L911">911</a> <strong class="jxr_keyword">return</strong> matches && (key.contains(<span class="jxr_string">"import"</span>) || key.contains(<span class="jxr_string">"include"</span>) || value.length() > 10);
|
||||
<a class="jxr_linenumber" name="L912" href="#L912">912</a> }
|
||||
<a class="jxr_linenumber" name="L913" href="#L913">913</a>
|
||||
<a class="jxr_linenumber" name="L914" href="#L914">914</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L915" href="#L915">915</a> <em class="jxr_javadoccomment"> * Cycles through an enumeration of JarEntries, contained within the dependency, and returns a list of the class names. This</em>
|
||||
<a class="jxr_linenumber" name="L916" href="#L916">916</a> <em class="jxr_javadoccomment"> * does not include core Java package names (i.e. java.* or javax.*).</em>
|
||||
<a class="jxr_linenumber" name="L917" href="#L917">917</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L918" href="#L918">918</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L919" href="#L919">919</a> <em class="jxr_javadoccomment"> * @return an list of fully qualified class names</em>
|
||||
<a class="jxr_linenumber" name="L920" href="#L920">920</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L921" href="#L921">921</a> <strong class="jxr_keyword">private</strong> List<ClassNameInformation> collectClassNames(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L922" href="#L922">922</a> <strong class="jxr_keyword">final</strong> List<ClassNameInformation> classNames = <strong class="jxr_keyword">new</strong> ArrayList<ClassNameInformation>();
|
||||
<a class="jxr_linenumber" name="L923" href="#L923">923</a> JarFile jar = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L924" href="#L924">924</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L925" href="#L925">925</a> jar = <strong class="jxr_keyword">new</strong> JarFile(dependency.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L926" href="#L926">926</a> <strong class="jxr_keyword">final</strong> Enumeration<JarEntry> entries = jar.entries();
|
||||
<a class="jxr_linenumber" name="L927" href="#L927">927</a> <strong class="jxr_keyword">while</strong> (entries.hasMoreElements()) {
|
||||
<a class="jxr_linenumber" name="L928" href="#L928">928</a> <strong class="jxr_keyword">final</strong> JarEntry entry = entries.nextElement();
|
||||
<a class="jxr_linenumber" name="L929" href="#L929">929</a> <strong class="jxr_keyword">final</strong> String name = entry.getName().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L930" href="#L930">930</a> <em class="jxr_comment">//no longer stripping "|com\\.sun" - there are some com.sun jar files with CVEs.</em>
|
||||
<a class="jxr_linenumber" name="L931" href="#L931">931</a> <strong class="jxr_keyword">if</strong> (name.endsWith(<span class="jxr_string">".class"</span>) && !name.matches(<span class="jxr_string">"^javax?\\..*$"</span>)) {
|
||||
<a class="jxr_linenumber" name="L932" href="#L932">932</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/JarAnalyzer.html">ClassNameInformation</a> className = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/JarAnalyzer.html">ClassNameInformation</a>(name.substring(0, name.length() - 6));
|
||||
<a class="jxr_linenumber" name="L933" href="#L933">933</a> classNames.add(className);
|
||||
<a class="jxr_linenumber" name="L934" href="#L934">934</a> }
|
||||
<a class="jxr_linenumber" name="L935" href="#L935">935</a> }
|
||||
<a class="jxr_linenumber" name="L936" href="#L936">936</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L937" href="#L937">937</a> LOGGER.warn(<span class="jxr_string">"Unable to open jar file '{}'."</span>, dependency.getFileName());
|
||||
<a class="jxr_linenumber" name="L938" href="#L938">938</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
|
||||
<a class="jxr_linenumber" name="L939" href="#L939">939</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L940" href="#L940">940</a> <strong class="jxr_keyword">if</strong> (jar != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L941" href="#L941">941</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L942" href="#L942">942</a> jar.close();
|
||||
<a class="jxr_linenumber" name="L943" href="#L943">943</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L944" href="#L944">944</a> LOGGER.trace(<span class="jxr_string">""</span>, ex);
|
||||
<a class="jxr_linenumber" name="L945" href="#L945">945</a> }
|
||||
<a class="jxr_linenumber" name="L946" href="#L946">946</a> }
|
||||
<a class="jxr_linenumber" name="L947" href="#L947">947</a> }
|
||||
<a class="jxr_linenumber" name="L948" href="#L948">948</a> <strong class="jxr_keyword">return</strong> classNames;
|
||||
<a class="jxr_linenumber" name="L949" href="#L949">949</a> }
|
||||
<a class="jxr_linenumber" name="L950" href="#L950">950</a>
|
||||
<a class="jxr_linenumber" name="L951" href="#L951">951</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L952" href="#L952">952</a> <em class="jxr_javadoccomment"> * Cycles through the list of class names and places the package levels 0-3 into the provided maps for vendor and product.</em>
|
||||
<a class="jxr_linenumber" name="L953" href="#L953">953</a> <em class="jxr_javadoccomment"> * This is helpful when analyzing vendor/product as many times this is included in the package name.</em>
|
||||
<a class="jxr_linenumber" name="L954" href="#L954">954</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L955" href="#L955">955</a> <em class="jxr_javadoccomment"> * @param classNames a list of class names</em>
|
||||
<a class="jxr_linenumber" name="L956" href="#L956">956</a> <em class="jxr_javadoccomment"> * @param vendor HashMap of possible vendor names from package names (e.g. owasp)</em>
|
||||
<a class="jxr_linenumber" name="L957" href="#L957">957</a> <em class="jxr_javadoccomment"> * @param product HashMap of possible product names from package names (e.g. dependencycheck)</em>
|
||||
<a class="jxr_linenumber" name="L958" href="#L958">958</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L959" href="#L959">959</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> analyzeFullyQualifiedClassNames(List<ClassNameInformation> classNames,
|
||||
<a class="jxr_linenumber" name="L960" href="#L960">960</a> Map<String, Integer> vendor, Map<String, Integer> product) {
|
||||
<a class="jxr_linenumber" name="L961" href="#L961">961</a> <strong class="jxr_keyword">for</strong> (ClassNameInformation entry : classNames) {
|
||||
<a class="jxr_linenumber" name="L962" href="#L962">962</a> <strong class="jxr_keyword">final</strong> List<String> list = entry.getPackageStructure();
|
||||
<a class="jxr_linenumber" name="L963" href="#L963">963</a> addEntry(vendor, list.get(0));
|
||||
<a class="jxr_linenumber" name="L964" href="#L964">964</a>
|
||||
<a class="jxr_linenumber" name="L965" href="#L965">965</a> <strong class="jxr_keyword">if</strong> (list.size() == 2) {
|
||||
<a class="jxr_linenumber" name="L966" href="#L966">966</a> addEntry(product, list.get(1));
|
||||
<a class="jxr_linenumber" name="L967" href="#L967">967</a> }
|
||||
<a class="jxr_linenumber" name="L968" href="#L968">968</a> <strong class="jxr_keyword">if</strong> (list.size() == 3) {
|
||||
<a class="jxr_linenumber" name="L969" href="#L969">969</a> addEntry(vendor, list.get(1));
|
||||
<a class="jxr_linenumber" name="L970" href="#L970">970</a> addEntry(product, list.get(1));
|
||||
<a class="jxr_linenumber" name="L971" href="#L971">971</a> addEntry(product, list.get(2));
|
||||
<a class="jxr_linenumber" name="L972" href="#L972">972</a> }
|
||||
<a class="jxr_linenumber" name="L973" href="#L973">973</a> <strong class="jxr_keyword">if</strong> (list.size() >= 4) {
|
||||
<a class="jxr_linenumber" name="L974" href="#L974">974</a> addEntry(vendor, list.get(1));
|
||||
<a class="jxr_linenumber" name="L975" href="#L975">975</a> addEntry(vendor, list.get(2));
|
||||
<a class="jxr_linenumber" name="L976" href="#L976">976</a> addEntry(product, list.get(1));
|
||||
<a class="jxr_linenumber" name="L977" href="#L977">977</a> addEntry(product, list.get(2));
|
||||
<a class="jxr_linenumber" name="L978" href="#L978">978</a> addEntry(product, list.get(3));
|
||||
<a class="jxr_linenumber" name="L979" href="#L979">979</a> }
|
||||
<a class="jxr_linenumber" name="L980" href="#L980">980</a> }
|
||||
<a class="jxr_linenumber" name="L981" href="#L981">981</a> }
|
||||
<a class="jxr_linenumber" name="L982" href="#L982">982</a>
|
||||
<a class="jxr_linenumber" name="L983" href="#L983">983</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L984" href="#L984">984</a> <em class="jxr_javadoccomment"> * Adds an entry to the specified collection and sets the Integer (e.g. the count) to 1. If the entry already exists in the</em>
|
||||
<a class="jxr_linenumber" name="L985" href="#L985">985</a> <em class="jxr_javadoccomment"> * collection then the Integer is incremented by 1.</em>
|
||||
<a class="jxr_linenumber" name="L986" href="#L986">986</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L987" href="#L987">987</a> <em class="jxr_javadoccomment"> * @param collection a collection of strings and their occurrence count</em>
|
||||
<a class="jxr_linenumber" name="L988" href="#L988">988</a> <em class="jxr_javadoccomment"> * @param key the key to add to the collection</em>
|
||||
<a class="jxr_linenumber" name="L989" href="#L989">989</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L990" href="#L990">990</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addEntry(Map<String, Integer> collection, String key) {
|
||||
<a class="jxr_linenumber" name="L991" href="#L991">991</a> <strong class="jxr_keyword">if</strong> (collection.containsKey(key)) {
|
||||
<a class="jxr_linenumber" name="L992" href="#L992">992</a> collection.put(key, collection.get(key) + 1);
|
||||
<a class="jxr_linenumber" name="L993" href="#L993">993</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L994" href="#L994">994</a> collection.put(key, 1);
|
||||
<a class="jxr_linenumber" name="L995" href="#L995">995</a> }
|
||||
<a class="jxr_linenumber" name="L996" href="#L996">996</a> }
|
||||
<a class="jxr_linenumber" name="L997" href="#L997">997</a>
|
||||
<a class="jxr_linenumber" name="L998" href="#L998">998</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L999" href="#L999">999</a> <em class="jxr_javadoccomment"> * Cycles through the collection of class name information to see if parts of the package names are contained in the provided</em>
|
||||
<a class="jxr_linenumber" name="L1000" href="#L1000">1000</a> <em class="jxr_javadoccomment"> * value. If found, it will be added as the HIGHEST confidence evidence because we have more then one source corroborating the</em>
|
||||
<a class="jxr_linenumber" name="L1001" href="#L1001">1001</a> <em class="jxr_javadoccomment"> * value.</em>
|
||||
<a class="jxr_linenumber" name="L1002" href="#L1002">1002</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1003" href="#L1003">1003</a> <em class="jxr_javadoccomment"> * @param classes a collection of class name information</em>
|
||||
<a class="jxr_linenumber" name="L1004" href="#L1004">1004</a> <em class="jxr_javadoccomment"> * @param value the value to check to see if it contains a package name</em>
|
||||
<a class="jxr_linenumber" name="L1005" href="#L1005">1005</a> <em class="jxr_javadoccomment"> * @param evidence the evidence collection to add new entries too</em>
|
||||
<a class="jxr_linenumber" name="L1006" href="#L1006">1006</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1007" href="#L1007">1007</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> addMatchingValues(List<ClassNameInformation> classes, String value, <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence) {
|
||||
<a class="jxr_linenumber" name="L1008" href="#L1008">1008</a> <strong class="jxr_keyword">if</strong> (value == <strong class="jxr_keyword">null</strong> || value.isEmpty() || classes == <strong class="jxr_keyword">null</strong> || classes.isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L1009" href="#L1009">1009</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L1010" href="#L1010">1010</a> }
|
||||
<a class="jxr_linenumber" name="L1011" href="#L1011">1011</a> <strong class="jxr_keyword">final</strong> String text = value.toLowerCase();
|
||||
<a class="jxr_linenumber" name="L1012" href="#L1012">1012</a> <strong class="jxr_keyword">for</strong> (ClassNameInformation cni : classes) {
|
||||
<a class="jxr_linenumber" name="L1013" href="#L1013">1013</a> <strong class="jxr_keyword">for</strong> (String key : cni.getPackageStructure()) {
|
||||
<a class="jxr_linenumber" name="L1014" href="#L1014">1014</a> <strong class="jxr_keyword">if</strong> (text.contains(key)) { <em class="jxr_comment">//note, package structure elements are already lowercase.</em>
|
||||
<a class="jxr_linenumber" name="L1015" href="#L1015">1015</a> evidence.addEvidence(<span class="jxr_string">"jar"</span>, <span class="jxr_string">"package name"</span>, key, Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L1016" href="#L1016">1016</a> }
|
||||
<a class="jxr_linenumber" name="L1017" href="#L1017">1017</a> }
|
||||
<a class="jxr_linenumber" name="L1018" href="#L1018">1018</a> }
|
||||
<a class="jxr_linenumber" name="L1019" href="#L1019">1019</a> }
|
||||
<a class="jxr_linenumber" name="L1020" href="#L1020">1020</a>
|
||||
<a class="jxr_linenumber" name="L1021" href="#L1021">1021</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1022" href="#L1022">1022</a> <em class="jxr_javadoccomment"> * Simple check to see if the attribute from a manifest is just a package name.</em>
|
||||
<a class="jxr_linenumber" name="L1023" href="#L1023">1023</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1024" href="#L1024">1024</a> <em class="jxr_javadoccomment"> * @param key the key of the value to check</em>
|
||||
<a class="jxr_linenumber" name="L1025" href="#L1025">1025</a> <em class="jxr_javadoccomment"> * @param value the value to check</em>
|
||||
<a class="jxr_linenumber" name="L1026" href="#L1026">1026</a> <em class="jxr_javadoccomment"> * @return true if the value looks like a java package name, otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L1027" href="#L1027">1027</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1028" href="#L1028">1028</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isPackage(String key, String value) {
|
||||
<a class="jxr_linenumber" name="L1029" href="#L1029">1029</a>
|
||||
<a class="jxr_linenumber" name="L1030" href="#L1030">1030</a> <strong class="jxr_keyword">return</strong> !key.matches(<span class="jxr_string">".*(version|title|vendor|name|license|description).*"</span>)
|
||||
<a class="jxr_linenumber" name="L1031" href="#L1031">1031</a> && value.matches(<span class="jxr_string">"^([a-zA-Z_][a-zA-Z0-9_\\$]*(\\.[a-zA-Z_][a-zA-Z0-9_\\$]*)*)?$"</span>);
|
||||
<a class="jxr_linenumber" name="L1032" href="#L1032">1032</a>
|
||||
<a class="jxr_linenumber" name="L1033" href="#L1033">1033</a> <strong class="jxr_keyword">return</strong> !key.matches(<span class="jxr_string">".*(version|title|vendor|name|license|description).*"</span>)
|
||||
<a class="jxr_linenumber" name="L1034" href="#L1034">1034</a> && value.matches(<span class="jxr_string">"^([a-zA-Z_][a-zA-Z0-9_\\$]*(\\.[a-zA-Z_][a-zA-Z0-9_\\$]*)*)?$"</span>);
|
||||
<a class="jxr_linenumber" name="L1035" href="#L1035">1035</a>
|
||||
<a class="jxr_linenumber" name="L1036" href="#L1036">1036</a> }
|
||||
<a class="jxr_linenumber" name="L1037" href="#L1037">1037</a>
|
||||
<a class="jxr_linenumber" name="L1038" href="#L1038">1038</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1039" href="#L1039">1039</a> <em class="jxr_javadoccomment"> * Extracts the license information from the pom and adds it to the dependency.</em>
|
||||
<a class="jxr_linenumber" name="L1040" href="#L1040">1040</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1041" href="#L1041">1041</a> <em class="jxr_javadoccomment"> * @param pom the pom object</em>
|
||||
<a class="jxr_linenumber" name="L1042" href="#L1042">1042</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to add license information too</em>
|
||||
<a class="jxr_linenumber" name="L1043" href="#L1043">1043</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1044" href="#L1044">1044</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> extractLicense(<a href="../../../../org/owasp/dependencycheck/xml/pom/Model.html">Model</a> pom, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L1045" href="#L1045">1045</a> <em class="jxr_comment">//license</em>
|
||||
<a class="jxr_linenumber" name="L1046" href="#L1046">1046</a> <strong class="jxr_keyword">if</strong> (pom.getLicenses() != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1047" href="#L1047">1047</a> String license = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L1048" href="#L1048">1048</a> <strong class="jxr_keyword">for</strong> (License lic : pom.getLicenses()) {
|
||||
<a class="jxr_linenumber" name="L1049" href="#L1049">1049</a> String tmp = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L1050" href="#L1050">1050</a> <strong class="jxr_keyword">if</strong> (lic.getName() != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1051" href="#L1051">1051</a> tmp = lic.getName();
|
||||
<a class="jxr_linenumber" name="L1052" href="#L1052">1052</a> }
|
||||
<a class="jxr_linenumber" name="L1053" href="#L1053">1053</a> <strong class="jxr_keyword">if</strong> (lic.getUrl() != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1054" href="#L1054">1054</a> <strong class="jxr_keyword">if</strong> (tmp == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1055" href="#L1055">1055</a> tmp = lic.getUrl();
|
||||
<a class="jxr_linenumber" name="L1056" href="#L1056">1056</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L1057" href="#L1057">1057</a> tmp += <span class="jxr_string">": "</span> + lic.getUrl();
|
||||
<a class="jxr_linenumber" name="L1058" href="#L1058">1058</a> }
|
||||
<a class="jxr_linenumber" name="L1033" href="#L1033">1033</a> }
|
||||
<a class="jxr_linenumber" name="L1034" href="#L1034">1034</a>
|
||||
<a class="jxr_linenumber" name="L1035" href="#L1035">1035</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1036" href="#L1036">1036</a> <em class="jxr_javadoccomment"> * Extracts the license information from the pom and adds it to the dependency.</em>
|
||||
<a class="jxr_linenumber" name="L1037" href="#L1037">1037</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1038" href="#L1038">1038</a> <em class="jxr_javadoccomment"> * @param pom the pom object</em>
|
||||
<a class="jxr_linenumber" name="L1039" href="#L1039">1039</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to add license information too</em>
|
||||
<a class="jxr_linenumber" name="L1040" href="#L1040">1040</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1041" href="#L1041">1041</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> extractLicense(<a href="../../../../org/owasp/dependencycheck/xml/pom/Model.html">Model</a> pom, <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L1042" href="#L1042">1042</a> <em class="jxr_comment">//license</em>
|
||||
<a class="jxr_linenumber" name="L1043" href="#L1043">1043</a> <strong class="jxr_keyword">if</strong> (pom.getLicenses() != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1044" href="#L1044">1044</a> String license = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L1045" href="#L1045">1045</a> <strong class="jxr_keyword">for</strong> (License lic : pom.getLicenses()) {
|
||||
<a class="jxr_linenumber" name="L1046" href="#L1046">1046</a> String tmp = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L1047" href="#L1047">1047</a> <strong class="jxr_keyword">if</strong> (lic.getName() != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1048" href="#L1048">1048</a> tmp = lic.getName();
|
||||
<a class="jxr_linenumber" name="L1049" href="#L1049">1049</a> }
|
||||
<a class="jxr_linenumber" name="L1050" href="#L1050">1050</a> <strong class="jxr_keyword">if</strong> (lic.getUrl() != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1051" href="#L1051">1051</a> <strong class="jxr_keyword">if</strong> (tmp == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1052" href="#L1052">1052</a> tmp = lic.getUrl();
|
||||
<a class="jxr_linenumber" name="L1053" href="#L1053">1053</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L1054" href="#L1054">1054</a> tmp += <span class="jxr_string">": "</span> + lic.getUrl();
|
||||
<a class="jxr_linenumber" name="L1055" href="#L1055">1055</a> }
|
||||
<a class="jxr_linenumber" name="L1056" href="#L1056">1056</a> }
|
||||
<a class="jxr_linenumber" name="L1057" href="#L1057">1057</a> <strong class="jxr_keyword">if</strong> (tmp == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1058" href="#L1058">1058</a> <strong class="jxr_keyword">continue</strong>;
|
||||
<a class="jxr_linenumber" name="L1059" href="#L1059">1059</a> }
|
||||
<a class="jxr_linenumber" name="L1060" href="#L1060">1060</a> <strong class="jxr_keyword">if</strong> (tmp == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1061" href="#L1061">1061</a> <strong class="jxr_keyword">continue</strong>;
|
||||
<a class="jxr_linenumber" name="L1060" href="#L1060">1060</a> <strong class="jxr_keyword">if</strong> (HTML_DETECTION_PATTERN.matcher(tmp).find()) {
|
||||
<a class="jxr_linenumber" name="L1061" href="#L1061">1061</a> tmp = Jsoup.parse(tmp).text();
|
||||
<a class="jxr_linenumber" name="L1062" href="#L1062">1062</a> }
|
||||
<a class="jxr_linenumber" name="L1063" href="#L1063">1063</a> <strong class="jxr_keyword">if</strong> (HTML_DETECTION_PATTERN.matcher(tmp).find()) {
|
||||
<a class="jxr_linenumber" name="L1064" href="#L1064">1064</a> tmp = Jsoup.parse(tmp).text();
|
||||
<a class="jxr_linenumber" name="L1065" href="#L1065">1065</a> }
|
||||
<a class="jxr_linenumber" name="L1066" href="#L1066">1066</a> <strong class="jxr_keyword">if</strong> (license == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1067" href="#L1067">1067</a> license = tmp;
|
||||
<a class="jxr_linenumber" name="L1068" href="#L1068">1068</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L1069" href="#L1069">1069</a> license += <span class="jxr_string">"\n"</span> + tmp;
|
||||
<a class="jxr_linenumber" name="L1070" href="#L1070">1070</a> }
|
||||
<a class="jxr_linenumber" name="L1071" href="#L1071">1071</a> }
|
||||
<a class="jxr_linenumber" name="L1072" href="#L1072">1072</a> <strong class="jxr_keyword">if</strong> (license != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1073" href="#L1073">1073</a> dependency.setLicense(license);
|
||||
<a class="jxr_linenumber" name="L1074" href="#L1074">1074</a>
|
||||
<a class="jxr_linenumber" name="L1075" href="#L1075">1075</a> }
|
||||
<a class="jxr_linenumber" name="L1076" href="#L1076">1076</a> }
|
||||
<a class="jxr_linenumber" name="L1077" href="#L1077">1077</a> }
|
||||
<a class="jxr_linenumber" name="L1078" href="#L1078">1078</a>
|
||||
<a class="jxr_linenumber" name="L1079" href="#L1079">1079</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1080" href="#L1080">1080</a> <em class="jxr_javadoccomment"> * Stores information about a class name.</em>
|
||||
<a class="jxr_linenumber" name="L1081" href="#L1081">1081</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1082" href="#L1082">1082</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/JarAnalyzer.html">ClassNameInformation</a> {
|
||||
<a class="jxr_linenumber" name="L1083" href="#L1083">1083</a>
|
||||
<a class="jxr_linenumber" name="L1084" href="#L1084">1084</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1085" href="#L1085">1085</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L1086" href="#L1086">1086</a> <em class="jxr_javadoccomment"> * Stores information about a given class name. This class will keep the fully qualified class name and a list of the</em>
|
||||
<a class="jxr_linenumber" name="L1087" href="#L1087">1087</a> <em class="jxr_javadoccomment"> * important parts of the package structure. Up to the first four levels of the package structure are stored, excluding a</em>
|
||||
<a class="jxr_linenumber" name="L1088" href="#L1088">1088</a> <em class="jxr_javadoccomment"> * leading "org" or "com". Example:</p></em>
|
||||
<a class="jxr_linenumber" name="L1089" href="#L1089">1089</a> <em class="jxr_javadoccomment"> * <code>ClassNameInformation obj = new ClassNameInformation("org.owasp.dependencycheck.analyzer.JarAnalyzer");</em>
|
||||
<a class="jxr_linenumber" name="L1090" href="#L1090">1090</a> <em class="jxr_javadoccomment"> * System.out.println(obj.getName());</em>
|
||||
<a class="jxr_linenumber" name="L1091" href="#L1091">1091</a> <em class="jxr_javadoccomment"> * for (String p : obj.getPackageStructure())</em>
|
||||
<a class="jxr_linenumber" name="L1092" href="#L1092">1092</a> <em class="jxr_javadoccomment"> * System.out.println(p);</em>
|
||||
<a class="jxr_linenumber" name="L1093" href="#L1093">1093</a> <em class="jxr_javadoccomment"> * </code></em>
|
||||
<a class="jxr_linenumber" name="L1094" href="#L1094">1094</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L1095" href="#L1095">1095</a> <em class="jxr_javadoccomment"> * Would result in:</p></em>
|
||||
<a class="jxr_linenumber" name="L1096" href="#L1096">1096</a> <em class="jxr_javadoccomment"> * <code>org.owasp.dependencycheck.analyzer.JarAnalyzer</em>
|
||||
<a class="jxr_linenumber" name="L1097" href="#L1097">1097</a> <em class="jxr_javadoccomment"> * owasp</em>
|
||||
<a class="jxr_linenumber" name="L1098" href="#L1098">1098</a> <em class="jxr_javadoccomment"> * dependencycheck</em>
|
||||
<a class="jxr_linenumber" name="L1099" href="#L1099">1099</a> <em class="jxr_javadoccomment"> * analyzer</em>
|
||||
<a class="jxr_linenumber" name="L1100" href="#L1100">1100</a> <em class="jxr_javadoccomment"> * jaranalyzer</code></em>
|
||||
<a class="jxr_linenumber" name="L1101" href="#L1101">1101</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1102" href="#L1102">1102</a> <em class="jxr_javadoccomment"> * @param className a fully qualified class name</em>
|
||||
<a class="jxr_linenumber" name="L1103" href="#L1103">1103</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1104" href="#L1104">1104</a> <a href="../../../../org/owasp/dependencycheck/analyzer/JarAnalyzer.html">ClassNameInformation</a>(String className) {
|
||||
<a class="jxr_linenumber" name="L1105" href="#L1105">1105</a> name = className;
|
||||
<a class="jxr_linenumber" name="L1106" href="#L1106">1106</a> <strong class="jxr_keyword">if</strong> (name.contains(<span class="jxr_string">"/"</span>)) {
|
||||
<a class="jxr_linenumber" name="L1107" href="#L1107">1107</a> <strong class="jxr_keyword">final</strong> String[] tmp = className.toLowerCase().split(<span class="jxr_string">"/"</span>);
|
||||
<a class="jxr_linenumber" name="L1108" href="#L1108">1108</a> <strong class="jxr_keyword">int</strong> start = 0;
|
||||
<a class="jxr_linenumber" name="L1109" href="#L1109">1109</a> <strong class="jxr_keyword">int</strong> end = 3;
|
||||
<a class="jxr_linenumber" name="L1110" href="#L1110">1110</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"com"</span>.equals(tmp[0]) || <span class="jxr_string">"org"</span>.equals(tmp[0])) {
|
||||
<a class="jxr_linenumber" name="L1111" href="#L1111">1111</a> start = 1;
|
||||
<a class="jxr_linenumber" name="L1112" href="#L1112">1112</a> end = 4;
|
||||
<a class="jxr_linenumber" name="L1063" href="#L1063">1063</a> <strong class="jxr_keyword">if</strong> (license == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1064" href="#L1064">1064</a> license = tmp;
|
||||
<a class="jxr_linenumber" name="L1065" href="#L1065">1065</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L1066" href="#L1066">1066</a> license += <span class="jxr_string">"\n"</span> + tmp;
|
||||
<a class="jxr_linenumber" name="L1067" href="#L1067">1067</a> }
|
||||
<a class="jxr_linenumber" name="L1068" href="#L1068">1068</a> }
|
||||
<a class="jxr_linenumber" name="L1069" href="#L1069">1069</a> <strong class="jxr_keyword">if</strong> (license != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L1070" href="#L1070">1070</a> dependency.setLicense(license);
|
||||
<a class="jxr_linenumber" name="L1071" href="#L1071">1071</a>
|
||||
<a class="jxr_linenumber" name="L1072" href="#L1072">1072</a> }
|
||||
<a class="jxr_linenumber" name="L1073" href="#L1073">1073</a> }
|
||||
<a class="jxr_linenumber" name="L1074" href="#L1074">1074</a> }
|
||||
<a class="jxr_linenumber" name="L1075" href="#L1075">1075</a>
|
||||
<a class="jxr_linenumber" name="L1076" href="#L1076">1076</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1077" href="#L1077">1077</a> <em class="jxr_javadoccomment"> * Stores information about a class name.</em>
|
||||
<a class="jxr_linenumber" name="L1078" href="#L1078">1078</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1079" href="#L1079">1079</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/JarAnalyzer.html">ClassNameInformation</a> {
|
||||
<a class="jxr_linenumber" name="L1080" href="#L1080">1080</a>
|
||||
<a class="jxr_linenumber" name="L1081" href="#L1081">1081</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1082" href="#L1082">1082</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L1083" href="#L1083">1083</a> <em class="jxr_javadoccomment"> * Stores information about a given class name. This class will keep the fully qualified class name and a list of the</em>
|
||||
<a class="jxr_linenumber" name="L1084" href="#L1084">1084</a> <em class="jxr_javadoccomment"> * important parts of the package structure. Up to the first four levels of the package structure are stored, excluding a</em>
|
||||
<a class="jxr_linenumber" name="L1085" href="#L1085">1085</a> <em class="jxr_javadoccomment"> * leading "org" or "com". Example:</p></em>
|
||||
<a class="jxr_linenumber" name="L1086" href="#L1086">1086</a> <em class="jxr_javadoccomment"> * <code>ClassNameInformation obj = new ClassNameInformation("org.owasp.dependencycheck.analyzer.JarAnalyzer");</em>
|
||||
<a class="jxr_linenumber" name="L1087" href="#L1087">1087</a> <em class="jxr_javadoccomment"> * System.out.println(obj.getName());</em>
|
||||
<a class="jxr_linenumber" name="L1088" href="#L1088">1088</a> <em class="jxr_javadoccomment"> * for (String p : obj.getPackageStructure())</em>
|
||||
<a class="jxr_linenumber" name="L1089" href="#L1089">1089</a> <em class="jxr_javadoccomment"> * System.out.println(p);</em>
|
||||
<a class="jxr_linenumber" name="L1090" href="#L1090">1090</a> <em class="jxr_javadoccomment"> * </code></em>
|
||||
<a class="jxr_linenumber" name="L1091" href="#L1091">1091</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L1092" href="#L1092">1092</a> <em class="jxr_javadoccomment"> * Would result in:</p></em>
|
||||
<a class="jxr_linenumber" name="L1093" href="#L1093">1093</a> <em class="jxr_javadoccomment"> * <code>org.owasp.dependencycheck.analyzer.JarAnalyzer</em>
|
||||
<a class="jxr_linenumber" name="L1094" href="#L1094">1094</a> <em class="jxr_javadoccomment"> * owasp</em>
|
||||
<a class="jxr_linenumber" name="L1095" href="#L1095">1095</a> <em class="jxr_javadoccomment"> * dependencycheck</em>
|
||||
<a class="jxr_linenumber" name="L1096" href="#L1096">1096</a> <em class="jxr_javadoccomment"> * analyzer</em>
|
||||
<a class="jxr_linenumber" name="L1097" href="#L1097">1097</a> <em class="jxr_javadoccomment"> * jaranalyzer</code></em>
|
||||
<a class="jxr_linenumber" name="L1098" href="#L1098">1098</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1099" href="#L1099">1099</a> <em class="jxr_javadoccomment"> * @param className a fully qualified class name</em>
|
||||
<a class="jxr_linenumber" name="L1100" href="#L1100">1100</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1101" href="#L1101">1101</a> <a href="../../../../org/owasp/dependencycheck/analyzer/JarAnalyzer.html">ClassNameInformation</a>(String className) {
|
||||
<a class="jxr_linenumber" name="L1102" href="#L1102">1102</a> name = className;
|
||||
<a class="jxr_linenumber" name="L1103" href="#L1103">1103</a> <strong class="jxr_keyword">if</strong> (name.contains(<span class="jxr_string">"/"</span>)) {
|
||||
<a class="jxr_linenumber" name="L1104" href="#L1104">1104</a> <strong class="jxr_keyword">final</strong> String[] tmp = className.toLowerCase().split(<span class="jxr_string">"/"</span>);
|
||||
<a class="jxr_linenumber" name="L1105" href="#L1105">1105</a> <strong class="jxr_keyword">int</strong> start = 0;
|
||||
<a class="jxr_linenumber" name="L1106" href="#L1106">1106</a> <strong class="jxr_keyword">int</strong> end = 3;
|
||||
<a class="jxr_linenumber" name="L1107" href="#L1107">1107</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"com"</span>.equals(tmp[0]) || <span class="jxr_string">"org"</span>.equals(tmp[0])) {
|
||||
<a class="jxr_linenumber" name="L1108" href="#L1108">1108</a> start = 1;
|
||||
<a class="jxr_linenumber" name="L1109" href="#L1109">1109</a> end = 4;
|
||||
<a class="jxr_linenumber" name="L1110" href="#L1110">1110</a> }
|
||||
<a class="jxr_linenumber" name="L1111" href="#L1111">1111</a> <strong class="jxr_keyword">if</strong> (tmp.length <= end) {
|
||||
<a class="jxr_linenumber" name="L1112" href="#L1112">1112</a> end = tmp.length - 1;
|
||||
<a class="jxr_linenumber" name="L1113" href="#L1113">1113</a> }
|
||||
<a class="jxr_linenumber" name="L1114" href="#L1114">1114</a> <strong class="jxr_keyword">if</strong> (tmp.length <= end) {
|
||||
<a class="jxr_linenumber" name="L1115" href="#L1115">1115</a> end = tmp.length - 1;
|
||||
<a class="jxr_linenumber" name="L1114" href="#L1114">1114</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> i = start; i <= end; i++) {
|
||||
<a class="jxr_linenumber" name="L1115" href="#L1115">1115</a> packageStructure.add(tmp[i]);
|
||||
<a class="jxr_linenumber" name="L1116" href="#L1116">1116</a> }
|
||||
<a class="jxr_linenumber" name="L1117" href="#L1117">1117</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> i = start; i <= end; i++) {
|
||||
<a class="jxr_linenumber" name="L1118" href="#L1118">1118</a> packageStructure.add(tmp[i]);
|
||||
<a class="jxr_linenumber" name="L1119" href="#L1119">1119</a> }
|
||||
<a class="jxr_linenumber" name="L1120" href="#L1120">1120</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L1121" href="#L1121">1121</a> packageStructure.add(name);
|
||||
<a class="jxr_linenumber" name="L1122" href="#L1122">1122</a> }
|
||||
<a class="jxr_linenumber" name="L1123" href="#L1123">1123</a> }
|
||||
<a class="jxr_linenumber" name="L1124" href="#L1124">1124</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1125" href="#L1125">1125</a> <em class="jxr_javadoccomment"> * The fully qualified class name.</em>
|
||||
<a class="jxr_linenumber" name="L1126" href="#L1126">1126</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1127" href="#L1127">1127</a> <strong class="jxr_keyword">private</strong> String name;
|
||||
<a class="jxr_linenumber" name="L1128" href="#L1128">1128</a>
|
||||
<a class="jxr_linenumber" name="L1129" href="#L1129">1129</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1130" href="#L1130">1130</a> <em class="jxr_javadoccomment"> * Get the value of name</em>
|
||||
<a class="jxr_linenumber" name="L1131" href="#L1131">1131</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1132" href="#L1132">1132</a> <em class="jxr_javadoccomment"> * @return the value of name</em>
|
||||
<a class="jxr_linenumber" name="L1133" href="#L1133">1133</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1134" href="#L1134">1134</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L1135" href="#L1135">1135</a> <strong class="jxr_keyword">return</strong> name;
|
||||
<a class="jxr_linenumber" name="L1136" href="#L1136">1136</a> }
|
||||
<a class="jxr_linenumber" name="L1137" href="#L1137">1137</a>
|
||||
<a class="jxr_linenumber" name="L1138" href="#L1138">1138</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1139" href="#L1139">1139</a> <em class="jxr_javadoccomment"> * Set the value of name</em>
|
||||
<a class="jxr_linenumber" name="L1140" href="#L1140">1140</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1141" href="#L1141">1141</a> <em class="jxr_javadoccomment"> * @param name new value of name</em>
|
||||
<a class="jxr_linenumber" name="L1142" href="#L1142">1142</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1143" href="#L1143">1143</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setName(String name) {
|
||||
<a class="jxr_linenumber" name="L1144" href="#L1144">1144</a> <strong class="jxr_keyword">this</strong>.name = name;
|
||||
<a class="jxr_linenumber" name="L1145" href="#L1145">1145</a> }
|
||||
<a class="jxr_linenumber" name="L1146" href="#L1146">1146</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1147" href="#L1147">1147</a> <em class="jxr_javadoccomment"> * Up to the first four levels of the package structure, excluding a leading "org" or "com".</em>
|
||||
<a class="jxr_linenumber" name="L1148" href="#L1148">1148</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1149" href="#L1149">1149</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> ArrayList<String> packageStructure = <strong class="jxr_keyword">new</strong> ArrayList<String>();
|
||||
<a class="jxr_linenumber" name="L1150" href="#L1150">1150</a>
|
||||
<a class="jxr_linenumber" name="L1151" href="#L1151">1151</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1152" href="#L1152">1152</a> <em class="jxr_javadoccomment"> * Get the value of packageStructure</em>
|
||||
<a class="jxr_linenumber" name="L1153" href="#L1153">1153</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1154" href="#L1154">1154</a> <em class="jxr_javadoccomment"> * @return the value of packageStructure</em>
|
||||
<a class="jxr_linenumber" name="L1155" href="#L1155">1155</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1156" href="#L1156">1156</a> <strong class="jxr_keyword">public</strong> ArrayList<String> getPackageStructure() {
|
||||
<a class="jxr_linenumber" name="L1157" href="#L1157">1157</a> <strong class="jxr_keyword">return</strong> packageStructure;
|
||||
<a class="jxr_linenumber" name="L1158" href="#L1158">1158</a> }
|
||||
<a class="jxr_linenumber" name="L1159" href="#L1159">1159</a> }
|
||||
<a class="jxr_linenumber" name="L1160" href="#L1160">1160</a>
|
||||
<a class="jxr_linenumber" name="L1161" href="#L1161">1161</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1162" href="#L1162">1162</a> <em class="jxr_javadoccomment"> * Retrieves the next temporary directory to extract an archive too.</em>
|
||||
<a class="jxr_linenumber" name="L1163" href="#L1163">1163</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1164" href="#L1164">1164</a> <em class="jxr_javadoccomment"> * @return a directory</em>
|
||||
<a class="jxr_linenumber" name="L1165" href="#L1165">1165</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if unable to create temporary directory</em>
|
||||
<a class="jxr_linenumber" name="L1166" href="#L1166">1166</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1167" href="#L1167">1167</a> <strong class="jxr_keyword">private</strong> File getNextTempDirectory() <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L1168" href="#L1168">1168</a> dirCount += 1;
|
||||
<a class="jxr_linenumber" name="L1169" href="#L1169">1169</a> <strong class="jxr_keyword">final</strong> File directory = <strong class="jxr_keyword">new</strong> File(tempFileLocation, String.valueOf(dirCount));
|
||||
<a class="jxr_linenumber" name="L1170" href="#L1170">1170</a> <em class="jxr_comment">//getting an exception for some directories not being able to be created; might be because the directory already exists?</em>
|
||||
<a class="jxr_linenumber" name="L1171" href="#L1171">1171</a> <strong class="jxr_keyword">if</strong> (directory.exists()) {
|
||||
<a class="jxr_linenumber" name="L1172" href="#L1172">1172</a> <strong class="jxr_keyword">return</strong> getNextTempDirectory();
|
||||
<a class="jxr_linenumber" name="L1173" href="#L1173">1173</a> }
|
||||
<a class="jxr_linenumber" name="L1174" href="#L1174">1174</a> <strong class="jxr_keyword">if</strong> (!directory.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L1175" href="#L1175">1175</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to create temp directory '%s'."</span>, directory.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L1176" href="#L1176">1176</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L1177" href="#L1177">1177</a> }
|
||||
<a class="jxr_linenumber" name="L1178" href="#L1178">1178</a> <strong class="jxr_keyword">return</strong> directory;
|
||||
<a class="jxr_linenumber" name="L1179" href="#L1179">1179</a> }
|
||||
<a class="jxr_linenumber" name="L1180" href="#L1180">1180</a> }
|
||||
<a class="jxr_linenumber" name="L1117" href="#L1117">1117</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L1118" href="#L1118">1118</a> packageStructure.add(name);
|
||||
<a class="jxr_linenumber" name="L1119" href="#L1119">1119</a> }
|
||||
<a class="jxr_linenumber" name="L1120" href="#L1120">1120</a> }
|
||||
<a class="jxr_linenumber" name="L1121" href="#L1121">1121</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1122" href="#L1122">1122</a> <em class="jxr_javadoccomment"> * The fully qualified class name.</em>
|
||||
<a class="jxr_linenumber" name="L1123" href="#L1123">1123</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1124" href="#L1124">1124</a> <strong class="jxr_keyword">private</strong> String name;
|
||||
<a class="jxr_linenumber" name="L1125" href="#L1125">1125</a>
|
||||
<a class="jxr_linenumber" name="L1126" href="#L1126">1126</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1127" href="#L1127">1127</a> <em class="jxr_javadoccomment"> * Get the value of name</em>
|
||||
<a class="jxr_linenumber" name="L1128" href="#L1128">1128</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1129" href="#L1129">1129</a> <em class="jxr_javadoccomment"> * @return the value of name</em>
|
||||
<a class="jxr_linenumber" name="L1130" href="#L1130">1130</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1131" href="#L1131">1131</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L1132" href="#L1132">1132</a> <strong class="jxr_keyword">return</strong> name;
|
||||
<a class="jxr_linenumber" name="L1133" href="#L1133">1133</a> }
|
||||
<a class="jxr_linenumber" name="L1134" href="#L1134">1134</a>
|
||||
<a class="jxr_linenumber" name="L1135" href="#L1135">1135</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1136" href="#L1136">1136</a> <em class="jxr_javadoccomment"> * Set the value of name</em>
|
||||
<a class="jxr_linenumber" name="L1137" href="#L1137">1137</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1138" href="#L1138">1138</a> <em class="jxr_javadoccomment"> * @param name new value of name</em>
|
||||
<a class="jxr_linenumber" name="L1139" href="#L1139">1139</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1140" href="#L1140">1140</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setName(String name) {
|
||||
<a class="jxr_linenumber" name="L1141" href="#L1141">1141</a> <strong class="jxr_keyword">this</strong>.name = name;
|
||||
<a class="jxr_linenumber" name="L1142" href="#L1142">1142</a> }
|
||||
<a class="jxr_linenumber" name="L1143" href="#L1143">1143</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1144" href="#L1144">1144</a> <em class="jxr_javadoccomment"> * Up to the first four levels of the package structure, excluding a leading "org" or "com".</em>
|
||||
<a class="jxr_linenumber" name="L1145" href="#L1145">1145</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1146" href="#L1146">1146</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> ArrayList<String> packageStructure = <strong class="jxr_keyword">new</strong> ArrayList<String>();
|
||||
<a class="jxr_linenumber" name="L1147" href="#L1147">1147</a>
|
||||
<a class="jxr_linenumber" name="L1148" href="#L1148">1148</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1149" href="#L1149">1149</a> <em class="jxr_javadoccomment"> * Get the value of packageStructure</em>
|
||||
<a class="jxr_linenumber" name="L1150" href="#L1150">1150</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1151" href="#L1151">1151</a> <em class="jxr_javadoccomment"> * @return the value of packageStructure</em>
|
||||
<a class="jxr_linenumber" name="L1152" href="#L1152">1152</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1153" href="#L1153">1153</a> <strong class="jxr_keyword">public</strong> ArrayList<String> getPackageStructure() {
|
||||
<a class="jxr_linenumber" name="L1154" href="#L1154">1154</a> <strong class="jxr_keyword">return</strong> packageStructure;
|
||||
<a class="jxr_linenumber" name="L1155" href="#L1155">1155</a> }
|
||||
<a class="jxr_linenumber" name="L1156" href="#L1156">1156</a> }
|
||||
<a class="jxr_linenumber" name="L1157" href="#L1157">1157</a>
|
||||
<a class="jxr_linenumber" name="L1158" href="#L1158">1158</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L1159" href="#L1159">1159</a> <em class="jxr_javadoccomment"> * Retrieves the next temporary directory to extract an archive too.</em>
|
||||
<a class="jxr_linenumber" name="L1160" href="#L1160">1160</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L1161" href="#L1161">1161</a> <em class="jxr_javadoccomment"> * @return a directory</em>
|
||||
<a class="jxr_linenumber" name="L1162" href="#L1162">1162</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if unable to create temporary directory</em>
|
||||
<a class="jxr_linenumber" name="L1163" href="#L1163">1163</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L1164" href="#L1164">1164</a> <strong class="jxr_keyword">private</strong> File getNextTempDirectory() <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L1165" href="#L1165">1165</a> dirCount += 1;
|
||||
<a class="jxr_linenumber" name="L1166" href="#L1166">1166</a> <strong class="jxr_keyword">final</strong> File directory = <strong class="jxr_keyword">new</strong> File(tempFileLocation, String.valueOf(dirCount));
|
||||
<a class="jxr_linenumber" name="L1167" href="#L1167">1167</a> <em class="jxr_comment">//getting an exception for some directories not being able to be created; might be because the directory already exists?</em>
|
||||
<a class="jxr_linenumber" name="L1168" href="#L1168">1168</a> <strong class="jxr_keyword">if</strong> (directory.exists()) {
|
||||
<a class="jxr_linenumber" name="L1169" href="#L1169">1169</a> <strong class="jxr_keyword">return</strong> getNextTempDirectory();
|
||||
<a class="jxr_linenumber" name="L1170" href="#L1170">1170</a> }
|
||||
<a class="jxr_linenumber" name="L1171" href="#L1171">1171</a> <strong class="jxr_keyword">if</strong> (!directory.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L1172" href="#L1172">1172</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to create temp directory '%s'."</span>, directory.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L1173" href="#L1173">1173</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L1174" href="#L1174">1174</a> }
|
||||
<a class="jxr_linenumber" name="L1175" href="#L1175">1175</a> <strong class="jxr_keyword">return</strong> directory;
|
||||
<a class="jxr_linenumber" name="L1176" href="#L1176">1176</a> }
|
||||
<a class="jxr_linenumber" name="L1177" href="#L1177">1177</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2015 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
<div id="footer">Copyright © 2012–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
Reference in New Issue
Block a user