github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-27 03:21:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

code cleanup with more comments

Browse Source
This commit is contained in:
bjiang
2016-05-06 10:24:28 -04:00
parent d25f6e813c
commit 99355d993a
1 changed files with 6 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java
View File

@@ -46,11 +46,6 @@ import org.slf4j.LoggerFactory;
*/ */
public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer { public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The logger.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(SwiftPackageManagerAnalyzer.class);
/** /**
* The name of the analyzer. * The name of the analyzer.
*/ */
@@ -65,6 +60,7 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
* The file name to scan. * The file name to scan.
*/ */
public static final String SPM_FILE_NAME = "Package.swift"; public static final String SPM_FILE_NAME = "Package.swift";
/** /**
* Filter that detects files named "package.json". * Filter that detects files named "package.json".
*/ */
@@ -144,20 +140,15 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
if(packageDescription.isEmpty()) if(packageDescription.isEmpty())
return; return;
final EvidenceCollection vendor = dependency.getVendorEvidence();
final EvidenceCollection product = dependency.getProductEvidence(); final EvidenceCollection product = dependency.getProductEvidence();
// final EvidenceCollection version = dependency.getVersionEvidence(); final EvidenceCollection vendor = dependency.getVendorEvidence();
//SPM is currently under development for SWIFT 3. Its current metadata includes package name and dependencies.
//Future interesting metadata: version, license, homepage, author, summary, etc.
final String name = addStringEvidence(product, packageDescription, "name", "name", Confidence.HIGHEST); final String name = addStringEvidence(product, packageDescription, "name", "name", Confidence.HIGHEST);
if (!name.isEmpty()) { if (!name.isEmpty()) {
vendor.addEvidence(SPM_FILE_NAME, "name_project", name, Confidence.HIGHEST); vendor.addEvidence(SPM_FILE_NAME, "name_project", name, Confidence.HIGHEST);
} }
// addStringEvidence(product, contents, blockVariable, "summary", "summary", Confidence.LOW);
// addStringEvidence(vendor, contents, blockVariable, "author", "authors?", Confidence.HIGHEST);
// addStringEvidence(vendor, contents, blockVariable, "homepage", "homepage", Confidence.HIGHEST);
// addStringEvidence(vendor, contents, blockVariable, "license", "licen[cs]es?", Confidence.HIGHEST);
// addStringEvidence(version, contents, blockVariable, "version", "version", Confidence.HIGHEST);
setPackagePath(dependency); setPackagePath(dependency);
} }
} }
@@ -166,7 +157,6 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
String packageDescription, String field, String fieldPattern, Confidence confidence) { String packageDescription, String field, String fieldPattern, Confidence confidence) {
String value = ""; String value = "";
//capture array value between [ ]
final Matcher matcher = Pattern.compile( final Matcher matcher = Pattern.compile(
String.format("%s *:\\s*\"([^\"]*)", fieldPattern), Pattern.DOTALL).matcher(packageDescription); String.format("%s *:\\s*\"([^\"]*)", fieldPattern), Pattern.DOTALL).matcher(packageDescription);
if(matcher.find()) { if(matcher.find()) {
@@ -179,7 +169,6 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
evidences.addEvidence (SPM_FILE_NAME, field, value, confidence); evidences.addEvidence (SPM_FILE_NAME, field, value, confidence);
} }
return value; return value;
} }
@@ -189,36 +178,4 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
if(parent != null) if(parent != null)
dep.setPackagePath(parent); dep.setPackagePath(parent);
} }
/**
* Adds information to an evidence collection from the node json configuration.
*
* @param json information from node.js
* @param collection a set of evidence about a dependency
* @param key the key to obtain the data from the json information
*/
private void addToEvidence(JsonObject json, EvidenceCollection collection, String key) {
if (json.containsKey(key)) {
final JsonValue value = json.get(key);
if (value instanceof JsonString) {
collection.addEvidence(SPM_FILE_NAME, key, ((JsonString) value).getString(), Confidence.HIGHEST);
} else if (value instanceof JsonObject) {
final JsonObject jsonObject = (JsonObject) value;
for (final Map.Entry<String, JsonValue> entry : jsonObject.entrySet()) {
final String property = entry.getKey();
final JsonValue subValue = entry.getValue();
if (subValue instanceof JsonString) {
collection.addEvidence(SPM_FILE_NAME,
String.format("%s.%s", key, property),
((JsonString) subValue).getString(),
Confidence.HIGHEST);
} else {
LOGGER.warn("JSON sub-value not string as expected: {}", subValue);
}
}
} else {
LOGGER.warn("JSON value not string or JSON object as expected: {}", value);
}
}
}
} }