github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-04-30 20:24:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

centralized string converversion to bytes

Browse Source
This commit is contained in:
Jeremy Long
2017-10-25 06:47:48 -04:00
parent 644f4ca6c2
commit 988d1d5147
4 changed files with 118 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
View File

@@ -32,10 +32,7 @@ import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.owasp.dependencycheck.dependency.EvidenceType;
@@ -186,9 +183,6 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
* @param engine the dependency-check engine
* @param contents the version information
*/
@edu.umd.cs.findbugs.annotations.SuppressFBWarnings(
value = "DM_DEFAULT_ENCODING",
justification = "Default encoding is only used if UTF-8 is not available")
private void analyzeSetVersionCommand(Dependency dependency, Engine engine, String contents) {
Dependency currentDep = dependency;
@@ -213,14 +207,8 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
final String filePath = String.format("%s:%s", dependency.getFilePath(), product);
currentDep.setFilePath(filePath);
byte[] path;
try {
path = filePath.getBytes("UTF-8");
} catch (UnsupportedEncodingException ex) {
path = filePath.getBytes();
}
currentDep.setSha1sum(Checksum.getSHA1Checksum(path));
currentDep.setMd5sum(Checksum.getMD5Checksum(path));
currentDep.setSha1sum(Checksum.getSHA1Checksum(filePath));
currentDep.setMd5sum(Checksum.getMD5Checksum(filePath));
engine.addDependency(currentDep);
}
final String source = currentDep.getFileName();

7
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java
View File

@@ -34,9 +34,6 @@ import org.slf4j.LoggerFactory;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.owasp.dependencycheck.dependency.EvidenceType;
/**
@@ -118,8 +115,8 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
d.setVersion(dep.getVersion());
d.setEcosystem(DEPENDENCY_ECOSYSTEM);
d.setFilePath(filePath);
d.setSha1sum(Checksum.getSHA1Checksum(filePath.getBytes(Charset.defaultCharset())));
d.setMd5sum(Checksum.getMD5Checksum(filePath.getBytes(Charset.defaultCharset())));
d.setSha1sum(Checksum.getSHA1Checksum(filePath));
d.setMd5sum(Checksum.getMD5Checksum(filePath));
d.addEvidence(EvidenceType.VENDOR, COMPOSER_LOCK, "vendor", dep.getGroup(), Confidence.HIGHEST);
d.addEvidence(EvidenceType.PRODUCT, COMPOSER_LOCK, "product", dep.getProject(), Confidence.HIGHEST);
d.addEvidence(EvidenceType.VERSION, COMPOSER_LOCK, "version", dep.getVersion(), Confidence.HIGHEST);