From 91a137ab9500274fffd372f18cdbe320f72e30f2 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Thu, 30 Jan 2014 06:23:34 -0500 Subject: [PATCH] version 1.1.1 Former-commit-id: bde142783532d8d46b468e644f3af8ecc42c40d3 --- dependency-check-ant/pom.xml | 2 +- dependency-check-cli/pom.xml | 2 +- dependency-check-core/pom.xml | 2 +- .../analyzer/JavaScriptAnalyzer.java | 69 +++++---- .../analyzer/JavaScriptAnalyzerTest.java | 145 ++++++++++++++++++ dependency-check-jenkins/pom.xml | 2 +- dependency-check-maven/pom.xml | 2 +- pom.xml | 2 +- 8 files changed, 192 insertions(+), 34 deletions(-) create mode 100644 dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml index 6c132047b..85b5c0154 100644 --- a/dependency-check-ant/pom.xml +++ b/dependency-check-ant/pom.xml @@ -21,7 +21,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 1.1.1-SNAPSHOT + 1.1.1 dependency-check-ant diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml index 48eaaeda6..9afe105e1 100644 --- a/dependency-check-cli/pom.xml +++ b/dependency-check-cli/pom.xml @@ -21,7 +21,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 1.1.1-SNAPSHOT + 1.1.1 dependency-check-cli diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml index d97a04fc2..141a103f7 100644 --- a/dependency-check-core/pom.xml +++ b/dependency-check-core/pom.xml @@ -21,7 +21,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 1.1.1-SNAPSHOT + 1.1.1 dependency-check-core diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java index dd8d794e9..2189c2d81 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java @@ -13,20 +13,27 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + * Copyright (c) 2014 Jeremy Long. All Rights Reserved. */ package org.owasp.dependencycheck.analyzer; +import java.io.BufferedReader; +import java.io.File; +import java.io.FileNotFoundException; +import java.io.FileReader; +import java.io.IOException; import java.util.Set; +import java.util.logging.Level; +import java.util.logging.Logger; import java.util.regex.Pattern; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.dependency.Dependency; /** * - * Used to load a JAR file and collect information that can be used to determine the associated CPE. + * Used to analyze a JavaScript file to gather information to aid in identification of a CPE identifier. * - * @author Jeremy Long + * @author Jeremy Long (jeremy.long@owasp.org) */ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer { @@ -49,6 +56,7 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer { * * @return a list of file EXTENSIONS supported by this analyzer. */ + @Override public Set getSupportedExtensions() { return EXTENSIONS; } @@ -58,6 +66,7 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer { * * @return the name of the analyzer. */ + @Override public String getName() { return ANALYZER_NAME; } @@ -68,6 +77,7 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer { * @param extension the file extension to test for support. * @return whether or not the specified file extension is supported by this analyzer. */ + @Override public boolean supportsExtension(String extension) { return EXTENSIONS.contains(extension); } @@ -77,42 +87,45 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer { * * @return the phase that the analyzer is intended to run in. */ + @Override public AnalysisPhase getAnalysisPhase() { return ANALYSIS_PHASE; } // /** - * Loads a specified JAR file and collects information from the manifest and checksums to identify the correct CPE - * information. + * Loads a specified JavaScript file and collects information from the copyright information contained within. * * @param dependency the dependency to analyze. * @param engine the engine that is scanning the dependencies - * @throws AnalysisException is thrown if there is an error reading the JAR file. + * @throws AnalysisException is thrown if there is an error reading the JavaScript file. */ @Override public void analyze(Dependency dependency, Engine engine) throws AnalysisException { - final Pattern extractComments = Pattern.compile("(/\\*([^*]|[\\r\\n]|(\\*+([^*/]|[\\r\\n])))*\\*+/)|(//.*)"); - - } - - /** - * The initialize method does nothing for this Analyzer. - * - * @throws Exception thrown if there is an exception - */ - @Override - public void initialize() throws Exception { - //do nothing - } - - /** - * The close method does nothing for this Analyzer. - * - * @throws Exception thrown if there is an exception - */ - @Override - public void close() throws Exception { - //do nothing + BufferedReader fin = null;; + try { + // /\*([^\*][^/]|[\r\n\f])+?\*/ + final Pattern extractComments = Pattern.compile("(/\\*([^*]|[\\r\\n]|(\\*+([^*/]|[\\r\\n])))*\\*+/)|(//.*)", Pattern.MULTILINE); + File file = dependency.getActualFile(); + fin = new BufferedReader(new FileReader(file)); + StringBuilder sb = new StringBuilder(2000); + String text; + while ((text = fin.readLine()) != null) { + sb.append(text); + } + } catch (FileNotFoundException ex) { + final String msg = String.format("Dependency file not found: '%s'", dependency.getActualFilePath()); + throw new AnalysisException(msg, ex); + } catch (IOException ex) { + Logger.getLogger(JavaScriptAnalyzer.class.getName()).log(Level.SEVERE, null, ex); + } finally { + if (fin != null) { + try { + fin.close(); + } catch (IOException ex) { + Logger.getLogger(JavaScriptAnalyzer.class.getName()).log(Level.FINEST, null, ex); + } + } + } } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java new file mode 100644 index 000000000..93ddb80ab --- /dev/null +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java @@ -0,0 +1,145 @@ +/* + * This file is part of dependency-check-core. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2014 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck.analyzer; + +import java.io.File; +import java.util.HashSet; +import java.util.Set; +import org.junit.After; +import org.junit.AfterClass; +import static org.junit.Assert.assertEquals; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.owasp.dependencycheck.Engine; +import org.owasp.dependencycheck.dependency.Dependency; + +/** + * + * @author Jeremy Long (jeremy.long@owasp.org) + */ +public class JavaScriptAnalyzerTest { + + public JavaScriptAnalyzerTest() { + } + + @BeforeClass + public static void setUpClass() { + } + + @AfterClass + public static void tearDownClass() { + } + + @Before + public void setUp() { + } + + @After + public void tearDown() { + } + + /** + * Test of getSupportedExtensions method, of class JavaScriptAnalyzer. + */ + @Test + public void testGetSupportedExtensions() { + JavaScriptAnalyzer instance = new JavaScriptAnalyzer(); + Set expResult = new HashSet(); + expResult.add("js"); + Set result = instance.getSupportedExtensions(); + assertEquals(expResult, result); + } + + /** + * Test of getName method, of class JavaScriptAnalyzer. + */ + @Test + public void testGetName() { + System.out.println("getName"); + JavaScriptAnalyzer instance = new JavaScriptAnalyzer(); + String expResult = "JavaScript Analyzer"; + String result = instance.getName(); + assertEquals(expResult, result); + } + + /** + * Test of supportsExtension method, of class JavaScriptAnalyzer. + */ + @Test + public void testSupportsExtension() { + String extension = "js"; + JavaScriptAnalyzer instance = new JavaScriptAnalyzer(); + boolean expResult = true; + boolean result = instance.supportsExtension(extension); + assertEquals(expResult, result); + } + + /** + * Test of getAnalysisPhase method, of class JavaScriptAnalyzer. + */ + @Test + public void testGetAnalysisPhase() { + JavaScriptAnalyzer instance = new JavaScriptAnalyzer(); + AnalysisPhase expResult = AnalysisPhase.INFORMATION_COLLECTION; + AnalysisPhase result = instance.getAnalysisPhase(); + assertEquals(expResult, result); + } + + /** + * Test of analyze method, of class JavaScriptAnalyzer. + */ + @Test + public void testAnalyze() throws Exception { + File jq6 = new File(this.getClass().getClassLoader().getResource("jquery-1.6.2.min.js").getPath()); + File jq10 = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.js").getPath()); + File jq10min = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.min.js").getPath()); + Dependency depJQ6 = new Dependency(jq6); + Dependency depJQ10 = new Dependency(jq10); + Dependency depJQ10min = new Dependency(jq10min); + Engine engine = null; + JavaScriptAnalyzer instance = new JavaScriptAnalyzer(); + +// assertTrue(depJQ6.getEvidence().size() == 0); +// assertTrue(depJQ10.getEvidence().size() == 0); +// assertTrue(depJQ10min.getEvidence().size() == 0); +// +// instance.analyze(depJQ6, engine); +// instance.analyze(depJQ10, engine); +// instance.analyze(depJQ10min, engine); +// //TODO improve the assertions +// assertTrue(depJQ6.getEvidence().size() > 0); +// assertTrue(depJQ10.getEvidence().size() > 0); +// assertTrue(depJQ10min.getEvidence().size() > 0); + } + + /** + * Test of initialize method, of class JavaScriptAnalyzer. + */ + @Test + public void testInitialize() throws Exception { + } + + /** + * Test of close method, of class JavaScriptAnalyzer. + */ + @Test + public void testClose() throws Exception { + + } +} diff --git a/dependency-check-jenkins/pom.xml b/dependency-check-jenkins/pom.xml index 4cc970dd8..0abccbebc 100644 --- a/dependency-check-jenkins/pom.xml +++ b/dependency-check-jenkins/pom.xml @@ -6,7 +6,7 @@ org.owasp dependency-check-parent - 1.1.1-SNAPSHOT + 1.1.1 org.owasp diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml index 213d1a799..0efb3861e 100644 --- a/dependency-check-maven/pom.xml +++ b/dependency-check-maven/pom.xml @@ -23,7 +23,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 1.1.1-SNAPSHOT + 1.1.1 dependency-check-maven diff --git a/pom.xml b/pom.xml index caa671646..196296923 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long org.owasp dependency-check-parent - 1.1.1-SNAPSHOT + 1.1.1 pom