mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-26 11:01:44 +01:00
checkstyle suggestions
This commit is contained in:
Jeremy Long
@@ -207,7 +207,7 @@ public abstract class AbstractNpmAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
protected Dependency findDependency(Engine engine, String name, String version) {
|
protected Dependency findDependency(Engine engine, String name, String version) {
|
||||||
for (Dependency d : engine.getDependencies()) {
|
for (Dependency d : engine.getDependencies()) {
|
||||||
if (NPM_DEPENDENCY_ECOSYSTEM.equals(d.getEcosystem()) && name.equals(d.getName()) && version != null && d.getVersion() != null) {
|
if (NPM_DEPENDENCY_ECOSYSTEM.equals(d.getEcosystem()) && name.equals(d.getName()) && version != null && d.getVersion() != null) {
|
||||||
String dependencyVersion = d.getVersion();
|
final String dependencyVersion = d.getVersion();
|
||||||
if (DependencyBundlingAnalyzer.npmVersionsMatch(version, dependencyVersion)) {
|
if (DependencyBundlingAnalyzer.npmVersionsMatch(version, dependencyVersion)) {
|
||||||
return d;
|
return d;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -162,7 +162,8 @@ public class DependencyBundlingAnalyzer extends AbstractDependencyComparingAnaly
|
|||||||
* removed from the main analysis loop, this function adds to this
|
* removed from the main analysis loop, this function adds to this
|
||||||
* collection
|
* collection
|
||||||
*/
|
*/
|
||||||
public static void mergeDependencies(final Dependency dependency, final Dependency relatedDependency, final Set<Dependency> dependenciesToRemove) {
|
public static void mergeDependencies(final Dependency dependency,
|
||||||
|
final Dependency relatedDependency, final Set<Dependency> dependenciesToRemove) {
|
||||||
dependency.addRelatedDependency(relatedDependency);
|
dependency.addRelatedDependency(relatedDependency);
|
||||||
for (Dependency d : relatedDependency.getRelatedDependencies()) {
|
for (Dependency d : relatedDependency.getRelatedDependencies()) {
|
||||||
dependency.addRelatedDependency(d);
|
dependency.addRelatedDependency(d);
|
||||||
@@ -496,7 +497,7 @@ public class DependencyBundlingAnalyzer extends AbstractDependencyComparingAnaly
|
|||||||
* This method attempts to evaluate version range checks.
|
* This method attempts to evaluate version range checks.
|
||||||
*
|
*
|
||||||
* @param current a dependency version to compare
|
* @param current a dependency version to compare
|
||||||
* @param nextDependency a dependency version to compare
|
* @param next a dependency version to compare
|
||||||
* @return true if the version is equal in both dependencies; otherwise
|
* @return true if the version is equal in both dependencies; otherwise
|
||||||
* false
|
* false
|
||||||
*/
|
*/
|
||||||
@@ -520,7 +521,7 @@ public class DependencyBundlingAnalyzer extends AbstractDependencyComparingAnaly
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
Semver v = new Semver(right, SemverType.NPM);
|
final Semver v = new Semver(right, SemverType.NPM);
|
||||||
return v.satisfies(left);
|
return v.satisfies(left);
|
||||||
} catch (SemverException ex) {
|
} catch (SemverException ex) {
|
||||||
LOGGER.trace("ignore", ex);
|
LOGGER.trace("ignore", ex);
|
||||||
@@ -552,6 +553,13 @@ public class DependencyBundlingAnalyzer extends AbstractDependencyComparingAnaly
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Strips leading non-numeric values from the start of the string. If no
|
||||||
|
* numbers are present this will return null.
|
||||||
|
*
|
||||||
|
* @param str the string to modify
|
||||||
|
* @return the string without leading non-numeric characters
|
||||||
|
*/
|
||||||
private static String stripLeadingNonNumeric(String str) {
|
private static String stripLeadingNonNumeric(String str) {
|
||||||
for (int x = 0; x < str.length(); x++) {
|
for (int x = 0; x < str.length(); x++) {
|
||||||
if (Character.isDigit(str.codePointAt(x))) {
|
if (Character.isDigit(str.codePointAt(x))) {
|
||||||
|
|||||||
@@ -165,7 +165,7 @@ public class NodePackageAnalyzer extends AbstractNpmAnalyzer {
|
|||||||
@Override
|
@Override
|
||||||
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
|
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
|
||||||
engine.removeDependency(dependency);
|
engine.removeDependency(dependency);
|
||||||
File dependencyFile = dependency.getActualFile();
|
final File dependencyFile = dependency.getActualFile();
|
||||||
if (!dependencyFile.isFile() || dependencyFile.length() == 0) {
|
if (!dependencyFile.isFile() || dependencyFile.length() == 0) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -178,9 +178,9 @@ public class NodePackageAnalyzer extends AbstractNpmAnalyzer {
|
|||||||
} catch (IOException ex) {
|
} catch (IOException ex) {
|
||||||
throw new RuntimeException(ex);
|
throw new RuntimeException(ex);
|
||||||
}
|
}
|
||||||
File baseDir = dependencyFile.getParentFile();
|
final File baseDir = dependencyFile.getParentFile();
|
||||||
if (PACKAGE_LOCK_JSON.equals(dependency.getFileName())) {
|
if (PACKAGE_LOCK_JSON.equals(dependency.getFileName())) {
|
||||||
File shrinkwrap = new File(baseDir, SHRINKWRAP_JSON);
|
final File shrinkwrap = new File(baseDir, SHRINKWRAP_JSON);
|
||||||
if (shrinkwrap.exists()) {
|
if (shrinkwrap.exists()) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -205,15 +205,27 @@ public class NodePackageAnalyzer extends AbstractNpmAnalyzer {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Process the dependencies in the lock file by first parsing its
|
||||||
|
* dependencies and then finding the package.json for the module and adding
|
||||||
|
* it as a dependency.
|
||||||
|
*
|
||||||
|
* @param json
|
||||||
|
* @param baseDir
|
||||||
|
* @param rootFile
|
||||||
|
* @param parentPackage
|
||||||
|
* @param engine
|
||||||
|
* @throws AnalysisException
|
||||||
|
*/
|
||||||
private void processDependencies(final JsonObject json, File baseDir, File rootFile, final String parentPackage, Engine engine) throws AnalysisException {
|
private void processDependencies(final JsonObject json, File baseDir, File rootFile, final String parentPackage, Engine engine) throws AnalysisException {
|
||||||
if (json.containsKey("dependencies")) {
|
if (json.containsKey("dependencies")) {
|
||||||
JsonObject deps = json.getJsonObject("dependencies");
|
final JsonObject deps = json.getJsonObject("dependencies");
|
||||||
for (Map.Entry<String, JsonValue> entry : deps.entrySet()) {
|
for (Map.Entry<String, JsonValue> entry : deps.entrySet()) {
|
||||||
JsonObject jo = (JsonObject) entry.getValue();
|
final JsonObject jo = (JsonObject) entry.getValue();
|
||||||
final String name = entry.getKey();
|
final String name = entry.getKey();
|
||||||
final String version = jo.getString("version");
|
final String version = jo.getString("version");
|
||||||
File base = Paths.get(baseDir.getPath(), "node_modules", name).toFile();
|
final File base = Paths.get(baseDir.getPath(), "node_modules", name).toFile();
|
||||||
File f = new File(base, PACKAGE_JSON);
|
final File f = new File(base, PACKAGE_JSON);
|
||||||
|
|
||||||
if (jo.containsKey("dependencies")) {
|
if (jo.containsKey("dependencies")) {
|
||||||
final String subPackageName = String.format("%s/%s:%s", parentPackage, name, version);
|
final String subPackageName = String.format("%s/%s:%s", parentPackage, name, version);
|
||||||
@@ -225,7 +237,7 @@ public class NodePackageAnalyzer extends AbstractNpmAnalyzer {
|
|||||||
//TOOD - we should use the integrity value instead of calculating the SHA1/MD5
|
//TOOD - we should use the integrity value instead of calculating the SHA1/MD5
|
||||||
child = new Dependency(f);
|
child = new Dependency(f);
|
||||||
try (JsonReader jr = Json.createReader(FileUtils.openInputStream(f))) {
|
try (JsonReader jr = Json.createReader(FileUtils.openInputStream(f))) {
|
||||||
JsonObject childJson = jr.readObject();
|
final JsonObject childJson = jr.readObject();
|
||||||
gatherEvidence(childJson, child);
|
gatherEvidence(childJson, child);
|
||||||
|
|
||||||
} catch (JsonException e) {
|
} catch (JsonException e) {
|
||||||
@@ -248,7 +260,7 @@ public class NodePackageAnalyzer extends AbstractNpmAnalyzer {
|
|||||||
child.addProjectReference(parentPackage);
|
child.addProjectReference(parentPackage);
|
||||||
child.setEcosystem(DEPENDENCY_ECOSYSTEM);
|
child.setEcosystem(DEPENDENCY_ECOSYSTEM);
|
||||||
|
|
||||||
Dependency existing = findDependency(engine, name, version);
|
final Dependency existing = findDependency(engine, name, version);
|
||||||
if (existing != null) {
|
if (existing != null) {
|
||||||
if (existing.isVirtual()) {
|
if (existing.isVirtual()) {
|
||||||
DependencyMergingAnalyzer.mergeDependencies(child, existing, null);
|
DependencyMergingAnalyzer.mergeDependencies(child, existing, null);
|
||||||
|
|||||||
@@ -43,7 +43,6 @@ import javax.json.JsonException;
|
|||||||
import javax.json.JsonObject;
|
import javax.json.JsonObject;
|
||||||
import javax.json.JsonObjectBuilder;
|
import javax.json.JsonObjectBuilder;
|
||||||
import javax.json.JsonReader;
|
import javax.json.JsonReader;
|
||||||
import static org.owasp.dependencycheck.analyzer.NodePackageAnalyzer.DEPENDENCY_ECOSYSTEM;
|
|
||||||
import org.owasp.dependencycheck.exception.InitializationException;
|
import org.owasp.dependencycheck.exception.InitializationException;
|
||||||
import org.owasp.dependencycheck.utils.InvalidSettingException;
|
import org.owasp.dependencycheck.utils.InvalidSettingException;
|
||||||
import org.owasp.dependencycheck.utils.URLConnectionFailureException;
|
import org.owasp.dependencycheck.utils.URLConnectionFailureException;
|
||||||
|
|||||||
Reference in New Issue
Block a user