mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 07:43:40 +01:00
Normailze Cmake names
This commit is contained in:
brianf
@@ -57,6 +57,11 @@ import org.owasp.dependencycheck.exception.InitializationException;
|
||||
@Experimental
|
||||
public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
|
||||
/**
|
||||
* The dependency Ecosystem
|
||||
*/
|
||||
static final String DEPENDENCY_ECOSYSTEM = "CMAKE";
|
||||
|
||||
/**
|
||||
* The logger.
|
||||
*/
|
||||
@@ -149,10 +154,10 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
@Override
|
||||
protected void analyzeDependency(Dependency dependency, Engine engine)
|
||||
throws AnalysisException {
|
||||
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
|
||||
final File file = dependency.getActualFile();
|
||||
final String parentName = file.getParentFile().getName();
|
||||
final String name = file.getName();
|
||||
dependency.setDisplayFileName(String.format("%s%c%s", parentName, File.separatorChar, name));
|
||||
String contents;
|
||||
try {
|
||||
contents = FileUtils.readFileToString(file, Charset.defaultCharset()).trim();
|
||||
@@ -173,6 +178,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
LOGGER.debug("Group 1: {}", group);
|
||||
dependency.getProductEvidence().addEvidence(name, "Project",
|
||||
group, Confidence.HIGH);
|
||||
dependency.setName(group);
|
||||
}
|
||||
LOGGER.debug("Found {} matches.", count);
|
||||
analyzeSetVersionCommand(dependency, engine, contents);
|
||||
@@ -211,7 +217,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
if (count > 1) {
|
||||
//TODO - refactor so we do not assign to the parameter (checkstyle)
|
||||
currentDep = new Dependency(dependency.getActualFile());
|
||||
currentDep.setDisplayFileName(String.format("%s:%s", dependency.getDisplayFileName(), product));
|
||||
currentDep.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
|
||||
final String filePath = String.format("%s:%s", dependency.getFilePath(), product);
|
||||
currentDep.setFilePath(filePath);
|
||||
|
||||
@@ -225,11 +231,13 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
currentDep.setSha1sum(Checksum.getHex(sha1.digest(path)));
|
||||
engine.getDependencies().add(currentDep);
|
||||
}
|
||||
final String source = currentDep.getDisplayFileName();
|
||||
final String source = currentDep.getFileName();
|
||||
currentDep.getProductEvidence().addEvidence(source, "Product",
|
||||
product, Confidence.MEDIUM);
|
||||
currentDep.getVersionEvidence().addEvidence(source, "Version",
|
||||
version, Confidence.MEDIUM);
|
||||
currentDep.setName(product);
|
||||
currentDep.setVersion(version);
|
||||
}
|
||||
LOGGER.debug("Found {} matches.", count);
|
||||
}
|
||||
|
||||
@@ -123,11 +123,32 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
|
||||
analyzer.analyze(result, null);
|
||||
final String product = "zlib";
|
||||
assertProductEvidence(result, product);
|
||||
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Test whether expected evidence is gathered from OpenCV's CVDetectPython.
|
||||
*
|
||||
* @throws AnalysisException is thrown when an exception occurs.
|
||||
*/
|
||||
@Test
|
||||
public void testAnalyzeCMakeListsPython() throws AnalysisException {
|
||||
final Dependency result = new Dependency(BaseTest.getResourceAsFile(
|
||||
this, "cmake/opencv/cmake/OpenCVDetectPython.cmake"));
|
||||
analyzer.analyze(result, null);
|
||||
|
||||
//this one finds nothing so it falls through to the filename. Can we do better?
|
||||
assertEquals("OpenCVDetectPython.cmake",result.getDisplayFileName());
|
||||
|
||||
|
||||
}
|
||||
|
||||
private void assertProductEvidence(Dependency result, String product) {
|
||||
assertTrue("Expected product evidence to contain \"" + product + "\".",
|
||||
assertEquals(product,result.getName());
|
||||
assertTrue("Expected product evidence to contain \"" + product + "\".",
|
||||
result.getProductEvidence().toString().contains(product));
|
||||
assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -150,11 +171,13 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
|
||||
final Dependency last = dependencies.get(3);
|
||||
assertProductEvidence(last, "libavresample");
|
||||
assertVersionEvidence(last, "1.0.1");
|
||||
|
||||
}
|
||||
|
||||
private void assertVersionEvidence(Dependency result, String version) {
|
||||
assertTrue("Expected version evidence to contain \"" + version + "\".",
|
||||
result.getVersionEvidence().toString().contains(version));
|
||||
assertEquals(version,result.getVersion());
|
||||
}
|
||||
|
||||
@Test(expected = InitializationException.class)
|
||||
|
||||
Reference in New Issue
Block a user