github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-17 17:21:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

major rework of Analyzers and applicatioin in general.

Browse Source 
Former-commit-id: 3b081380f586686762f8a6fcb102778bfc42b17b
This commit is contained in:
Jeremy Long
2012-09-25 11:36:04 -04:00
parent 0643c68da1
commit 8c4d02c909
41 changed files with 1379 additions and 378 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisException.java Normal file
View File

@@ -0,0 +1,61 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* DependencyCheck is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
/**
* An exception thrown when the analysis of a dependency fails.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class AnalysisException extends RuntimeException {
private static final long serialVersionUID = 1L;
/**
* Creates a new AnalysisException.
*/
public AnalysisException() {
super();
}
/**
* Creates a new AnalysisException.
* @param msg a message for the exception.
*/
public AnalysisException(String msg) {
super(msg);
}
/**
* Creates a new AnalysisException.
* @param ex the cause of the failure.
*/
public AnalysisException(Throwable ex) {
super(ex);
}
/**
* Creates a new DownloadFailedException.
* @param msg a message for the exception.
* @param ex the cause of the failure.
*/
public AnalysisException(String msg, Throwable ex) {
super(msg, ex);
}
}

4
src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisPhase.java
View File

@@ -20,11 +20,11 @@ package org.codesecure.dependencycheck.analyzer;
/**
* An enumeration defining the phases of analysis.
*
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public enum AnalysisPhase {
/**
* The first phase of analysis.
*/

24
src/main/java/org/codesecure/dependencycheck/analyzer/Analyzer.java
View File

@@ -19,7 +19,6 @@ package org.codesecure.dependencycheck.analyzer;
*/
import org.codesecure.dependencycheck.dependency.Dependency;
import java.io.IOException;
import java.util.Set;
/**
@@ -35,18 +34,18 @@ public interface Analyzer {
* Analyzes the given dependency.
*
* @param dependency a dependency to analyze.
* @throws IOException is thrown if there is an error reading the dependency file
* @throws AnalysisException is thrown if there is an error analyzing the dependency file
*/
void analyze(Dependency dependency) throws IOException;
void analyze(Dependency dependency) throws AnalysisException;
/**
* <p>Returns a list of supported file extensions. An example would be an analyzer
* that inpected java jar files. The getSupportedExtensions function would return
* a set with a single element "jar".</p>
*
* <p><b>Note:</b> when implementing this the extensions returned MUST be lowercase.</p>
* <p><b>Note:</b> when implementing this the extensions returned MUST be lowercase.</p>
* @return The file extensions supported by this analyzer.
*
*
* <p>If the analyzer returns null it will not cause additional files to be analyzed
* but will be executed against every file loaded</p>
*/
@@ -57,27 +56,32 @@ public interface Analyzer {
* @return the name of the analyzer.
*/
String getName();
/**
* Returns whether or not this analyzer can process the given extension.
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by tihs analyzer.
*/
boolean supportsExtension(String extension);
/**
* Returns the phase that the analyzer is intended to run in.
* @return the phase that the analyzer is intended to run in.
*/
AnalysisPhase getAnalysisPhase();
/**
* The initialize method is called (once) prior to the analyze method being called on
* all of the dependencies.
*
* @throws Exception is thrown if an exception occurs initializing the analyzer.
*/
void initialize();
void initialize() throws Exception;
/**
* The close method is called after all of the dependencies have been analyzed.
*
* @throws Exception is thrown if an exception occurs closing the analyzer.
*/
void close();
void close() throws Exception;
}

1
src/main/java/org/codesecure/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -35,6 +35,7 @@ public interface ArchiveAnalyzer {
* the exploded contents.
*
* @param dependency a dependency to analyze.
* @param engine the engine that is scanning the dependencies.
* @throws IOException is thrown if there is an error reading the dependency file
*/
void analyze(Dependency dependency, Engine engine) throws IOException;

7
src/main/java/org/codesecure/dependencycheck/analyzer/FileNameAnalyzer.java
View File

@@ -20,7 +20,6 @@ package org.codesecure.dependencycheck.analyzer;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.dependency.Evidence;
import java.io.IOException;
import java.util.Set;
import java.util.regex.Pattern;
@@ -35,7 +34,7 @@ public class FileNameAnalyzer implements Analyzer {
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "File Analyzer";
private static final String ANALYZER_NAME = "File Name Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
@@ -111,9 +110,9 @@ public class FileNameAnalyzer implements Analyzer {
* Collects information about the file such as hashsums.
*
* @param dependency the dependency to analyze.
* @throws IOException is thrown if there is an error reading the JAR file.
* @throws AnalysisException is thrown if there is an error reading the JAR file.
*/
public void analyze(Dependency dependency) throws IOException {
public void analyze(Dependency dependency) throws AnalysisException {
analyzeFileName(dependency);

17
src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -149,12 +149,15 @@ public class JarAnalyzer extends AbstractAnalyzer {
* checksums to identify the correct CPE information.
*
* @param dependency the dependency to analyze.
* @throws IOException is thrown if there is an error reading the JAR file.
* @throws AnalysisException is thrown if there is an error reading the JAR file.
*/
public void analyze(Dependency dependency) throws IOException {
parseManifest(dependency);
analyzePackageNames(dependency);
public void analyze(Dependency dependency) throws AnalysisException {
try {
parseManifest(dependency);
analyzePackageNames(dependency);
} catch (IOException ex) {
throw new AnalysisException("Exception occured reading the JAR file.", ex);
}
}
@@ -362,7 +365,9 @@ public class JarAnalyzer extends AbstractAnalyzer {
} else {
key = key.toLowerCase();
if (!IGNORE_LIST.contains(key) && !key.contains("license") && !key.endsWith("jdk")) {
if (!IGNORE_LIST.contains(key) && !key.contains("license") && !key.endsWith("jdk")
&& !key.contains("lastmodified")) {
if (key.contains("version")) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("title")) {