mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-23 17:41:28 +01:00
updated so that all scanned dependencies are correctly kept in the dependency list
This commit is contained in:
Jeremy Long
@@ -115,7 +115,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
*/
|
*/
|
||||||
private static final FileFilter REMOVE_FROM_ANALYSIS = FileFilterBuilder.newInstance().addExtensions("zip", "tar", "gz", "tgz", "bz2", "tbz2")
|
private static final FileFilter REMOVE_FROM_ANALYSIS = FileFilterBuilder.newInstance().addExtensions("zip", "tar", "gz", "tgz", "bz2", "tbz2")
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
static {
|
static {
|
||||||
final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
|
final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
|
||||||
if (additionalZipExt != null) {
|
if (additionalZipExt != null) {
|
||||||
@@ -129,7 +129,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
* The file filter used to filter supported files.
|
* The file filter used to filter supported files.
|
||||||
*/
|
*/
|
||||||
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
|
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected FileFilter getFileFilter() {
|
protected FileFilter getFileFilter() {
|
||||||
return FILTER;
|
return FILTER;
|
||||||
@@ -248,27 +248,42 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
extractFiles(f, tmpDir, engine);
|
extractFiles(f, tmpDir, engine);
|
||||||
|
|
||||||
//make a copy
|
//make a copy
|
||||||
final Set<Dependency> dependencySet = findMoreDependencies(engine, tmpDir);
|
final List<Dependency> dependencySet = findMoreDependencies(engine, tmpDir);
|
||||||
|
|
||||||
if (!dependencySet.isEmpty()) {
|
if (!dependencySet.isEmpty()) {
|
||||||
for (Dependency d : dependencySet) {
|
for (Dependency d : dependencySet) {
|
||||||
//fix the dependency's display name and path
|
if (d.getFilePath().startsWith(tmpDir.getAbsolutePath())) {
|
||||||
final String displayPath = String.format("%s%s",
|
//fix the dependency's display name and path
|
||||||
dependency.getFilePath(),
|
final String displayPath = String.format("%s%s",
|
||||||
d.getActualFilePath().substring(tmpDir.getAbsolutePath().length()));
|
dependency.getFilePath(),
|
||||||
final String displayName = String.format("%s: %s",
|
d.getActualFilePath().substring(tmpDir.getAbsolutePath().length()));
|
||||||
dependency.getFileName(),
|
final String displayName = String.format("%s: %s",
|
||||||
d.getFileName());
|
dependency.getFileName(),
|
||||||
d.setFilePath(displayPath);
|
d.getFileName());
|
||||||
d.setFileName(displayName);
|
d.setFilePath(displayPath);
|
||||||
d.setProjectReferences(dependency.getProjectReferences());
|
d.setFileName(displayName);
|
||||||
|
d.setProjectReferences(dependency.getProjectReferences());
|
||||||
|
|
||||||
//TODO - can we get more evidence from the parent? EAR contains module name, etc.
|
//TODO - can we get more evidence from the parent? EAR contains module name, etc.
|
||||||
//analyze the dependency (i.e. extract files) if it is a supported type.
|
//analyze the dependency (i.e. extract files) if it is a supported type.
|
||||||
if (this.accept(d.getActualFile()) && scanDepth < MAX_SCAN_DEPTH) {
|
if (this.accept(d.getActualFile()) && scanDepth < MAX_SCAN_DEPTH) {
|
||||||
scanDepth += 1;
|
scanDepth += 1;
|
||||||
analyze(d, engine);
|
analyze(d, engine);
|
||||||
scanDepth -= 1;
|
scanDepth -= 1;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
for (Dependency sub : dependencySet) {
|
||||||
|
if (sub.getFilePath().startsWith(tmpDir.getAbsolutePath())) {
|
||||||
|
final String displayPath = String.format("%s%s",
|
||||||
|
dependency.getFilePath(),
|
||||||
|
sub.getActualFilePath().substring(tmpDir.getAbsolutePath().length()));
|
||||||
|
final String displayName = String.format("%s: %s",
|
||||||
|
dependency.getFileName(),
|
||||||
|
sub.getFileName());
|
||||||
|
sub.setFilePath(displayPath);
|
||||||
|
sub.setFileName(displayName);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -291,32 +306,39 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
if (ZIP_FILTER.accept(dependency.getActualFile()) && isZipFileActuallyJarFile(dependency)) {
|
if (ZIP_FILTER.accept(dependency.getActualFile()) && isZipFileActuallyJarFile(dependency)) {
|
||||||
final File tdir = getNextTempDirectory();
|
final File tdir = getNextTempDirectory();
|
||||||
final String fileName = dependency.getFileName();
|
final String fileName = dependency.getFileName();
|
||||||
|
|
||||||
LOGGER.info("The zip file '{}' appears to be a JAR file, making a copy and analyzing it as a JAR.", fileName);
|
LOGGER.info("The zip file '{}' appears to be a JAR file, making a copy and analyzing it as a JAR.", fileName);
|
||||||
|
|
||||||
final File tmpLoc = new File(tdir, fileName.substring(0, fileName.length() - 3) + "jar");
|
final File tmpLoc = new File(tdir, fileName.substring(0, fileName.length() - 3) + "jar");
|
||||||
|
//store the archives sha1 and change it so that the engine doesn't think the zip and jar file are the same
|
||||||
|
// and add it is a related dependency.
|
||||||
|
String archiveSha1 = dependency.getSha1sum();
|
||||||
try {
|
try {
|
||||||
org.apache.commons.io.FileUtils.copyFile(tdir, tmpLoc);
|
dependency.setSha1sum("");
|
||||||
final Set<Dependency> dependencySet = findMoreDependencies(engine, tmpLoc);
|
org.apache.commons.io.FileUtils.copyFile(dependency.getActualFile(), tmpLoc);
|
||||||
|
final List<Dependency> dependencySet = findMoreDependencies(engine, tmpLoc);
|
||||||
if (!dependencySet.isEmpty()) {
|
if (!dependencySet.isEmpty()) {
|
||||||
if (dependencySet.size() != 1) {
|
|
||||||
LOGGER.info("Deep copy of ZIP to JAR file resulted in more than one dependency?");
|
|
||||||
}
|
|
||||||
for (Dependency d : dependencySet) {
|
for (Dependency d : dependencySet) {
|
||||||
//fix the dependency's display name and path
|
//fix the dependency's display name and path
|
||||||
d.setFilePath(dependency.getFilePath());
|
if (d.getActualFile().equals(tmpLoc)) {
|
||||||
d.setDisplayFileName(dependency.getFileName());
|
d.setFilePath(dependency.getFilePath());
|
||||||
|
d.setDisplayFileName(dependency.getFileName());
|
||||||
|
} else {
|
||||||
|
for (Dependency sub : d.getRelatedDependencies()) {
|
||||||
|
if (sub.getActualFile().equals(tmpLoc)) {
|
||||||
|
sub.setFilePath(dependency.getFilePath());
|
||||||
|
sub.setDisplayFileName(dependency.getFileName());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (IOException ex) {
|
} catch (IOException ex) {
|
||||||
LOGGER.debug("Unable to perform deep copy on '{}'", dependency.getActualFile().getPath(), ex);
|
LOGGER.debug("Unable to perform deep copy on '{}'", dependency.getActualFile().getPath(), ex);
|
||||||
|
} finally {
|
||||||
|
dependency.setSha1sum(archiveSha1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/**
|
|
||||||
* An empty dependency set.
|
|
||||||
*/
|
|
||||||
private static final Set<Dependency> EMPTY_DEPENDENCY_SET = Collections.emptySet();
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Scan the given file/folder, and return any new dependencies found.
|
* Scan the given file/folder, and return any new dependencies found.
|
||||||
@@ -325,20 +347,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
* @param file target of scanning
|
* @param file target of scanning
|
||||||
* @return any dependencies that weren't known to the engine before
|
* @return any dependencies that weren't known to the engine before
|
||||||
*/
|
*/
|
||||||
private static Set<Dependency> findMoreDependencies(Engine engine, File file) {
|
private static List<Dependency> findMoreDependencies(Engine engine, File file) {
|
||||||
final List<Dependency> before = new ArrayList<Dependency>(engine.getDependencies());
|
List<Dependency> added = engine.scan(file);
|
||||||
engine.scan(file);
|
return added;
|
||||||
final List<Dependency> after = engine.getDependencies();
|
|
||||||
final boolean sizeChanged = before.size() != after.size();
|
|
||||||
final Set<Dependency> newDependencies;
|
|
||||||
if (sizeChanged) {
|
|
||||||
//get the new dependencies
|
|
||||||
newDependencies = new HashSet<Dependency>(after);
|
|
||||||
newDependencies.removeAll(before);
|
|
||||||
} else {
|
|
||||||
newDependencies = EMPTY_DEPENDENCY_SET;
|
|
||||||
}
|
|
||||||
return newDependencies;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -376,7 +387,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
archiveExt = archiveExt.toLowerCase();
|
archiveExt = archiveExt.toLowerCase();
|
||||||
|
|
||||||
final FileInputStream fis;
|
final FileInputStream fis;
|
||||||
try {
|
try {
|
||||||
fis = new FileInputStream(archive);
|
fis = new FileInputStream(archive);
|
||||||
@@ -618,7 +629,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
} finally {
|
} finally {
|
||||||
ZipFile.closeQuietly(zip);
|
ZipFile.closeQuietly(zip);
|
||||||
}
|
}
|
||||||
|
|
||||||
return isJar;
|
return isJar;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user