mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-22 17:19:30 +01:00
Normailze Cmake names
This commit is contained in:
brianf
@@ -57,6 +57,11 @@ import org.owasp.dependencycheck.exception.InitializationException;
|
|||||||
@Experimental
|
@Experimental
|
||||||
public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The dependency Ecosystem
|
||||||
|
*/
|
||||||
|
static final String DEPENDENCY_ECOSYSTEM = "CMAKE";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The logger.
|
* The logger.
|
||||||
*/
|
*/
|
||||||
@@ -149,10 +154,10 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
@Override
|
@Override
|
||||||
protected void analyzeDependency(Dependency dependency, Engine engine)
|
protected void analyzeDependency(Dependency dependency, Engine engine)
|
||||||
throws AnalysisException {
|
throws AnalysisException {
|
||||||
|
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
|
||||||
final File file = dependency.getActualFile();
|
final File file = dependency.getActualFile();
|
||||||
final String parentName = file.getParentFile().getName();
|
final String parentName = file.getParentFile().getName();
|
||||||
final String name = file.getName();
|
final String name = file.getName();
|
||||||
dependency.setDisplayFileName(String.format("%s%c%s", parentName, File.separatorChar, name));
|
|
||||||
String contents;
|
String contents;
|
||||||
try {
|
try {
|
||||||
contents = FileUtils.readFileToString(file, Charset.defaultCharset()).trim();
|
contents = FileUtils.readFileToString(file, Charset.defaultCharset()).trim();
|
||||||
@@ -173,6 +178,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
LOGGER.debug("Group 1: {}", group);
|
LOGGER.debug("Group 1: {}", group);
|
||||||
dependency.getProductEvidence().addEvidence(name, "Project",
|
dependency.getProductEvidence().addEvidence(name, "Project",
|
||||||
group, Confidence.HIGH);
|
group, Confidence.HIGH);
|
||||||
|
dependency.setName(group);
|
||||||
}
|
}
|
||||||
LOGGER.debug("Found {} matches.", count);
|
LOGGER.debug("Found {} matches.", count);
|
||||||
analyzeSetVersionCommand(dependency, engine, contents);
|
analyzeSetVersionCommand(dependency, engine, contents);
|
||||||
@@ -211,7 +217,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
if (count > 1) {
|
if (count > 1) {
|
||||||
//TODO - refactor so we do not assign to the parameter (checkstyle)
|
//TODO - refactor so we do not assign to the parameter (checkstyle)
|
||||||
currentDep = new Dependency(dependency.getActualFile());
|
currentDep = new Dependency(dependency.getActualFile());
|
||||||
currentDep.setDisplayFileName(String.format("%s:%s", dependency.getDisplayFileName(), product));
|
currentDep.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
|
||||||
final String filePath = String.format("%s:%s", dependency.getFilePath(), product);
|
final String filePath = String.format("%s:%s", dependency.getFilePath(), product);
|
||||||
currentDep.setFilePath(filePath);
|
currentDep.setFilePath(filePath);
|
||||||
|
|
||||||
@@ -225,11 +231,13 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
currentDep.setSha1sum(Checksum.getHex(sha1.digest(path)));
|
currentDep.setSha1sum(Checksum.getHex(sha1.digest(path)));
|
||||||
engine.getDependencies().add(currentDep);
|
engine.getDependencies().add(currentDep);
|
||||||
}
|
}
|
||||||
final String source = currentDep.getDisplayFileName();
|
final String source = currentDep.getFileName();
|
||||||
currentDep.getProductEvidence().addEvidence(source, "Product",
|
currentDep.getProductEvidence().addEvidence(source, "Product",
|
||||||
product, Confidence.MEDIUM);
|
product, Confidence.MEDIUM);
|
||||||
currentDep.getVersionEvidence().addEvidence(source, "Version",
|
currentDep.getVersionEvidence().addEvidence(source, "Version",
|
||||||
version, Confidence.MEDIUM);
|
version, Confidence.MEDIUM);
|
||||||
|
currentDep.setName(product);
|
||||||
|
currentDep.setVersion(version);
|
||||||
}
|
}
|
||||||
LOGGER.debug("Found {} matches.", count);
|
LOGGER.debug("Found {} matches.", count);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -123,11 +123,32 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
|
|||||||
analyzer.analyze(result, null);
|
analyzer.analyze(result, null);
|
||||||
final String product = "zlib";
|
final String product = "zlib";
|
||||||
assertProductEvidence(result, product);
|
assertProductEvidence(result, product);
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test whether expected evidence is gathered from OpenCV's CVDetectPython.
|
||||||
|
*
|
||||||
|
* @throws AnalysisException is thrown when an exception occurs.
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testAnalyzeCMakeListsPython() throws AnalysisException {
|
||||||
|
final Dependency result = new Dependency(BaseTest.getResourceAsFile(
|
||||||
|
this, "cmake/opencv/cmake/OpenCVDetectPython.cmake"));
|
||||||
|
analyzer.analyze(result, null);
|
||||||
|
|
||||||
|
//this one finds nothing so it falls through to the filename. Can we do better?
|
||||||
|
assertEquals("OpenCVDetectPython.cmake",result.getDisplayFileName());
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void assertProductEvidence(Dependency result, String product) {
|
private void assertProductEvidence(Dependency result, String product) {
|
||||||
|
assertEquals(product,result.getName());
|
||||||
assertTrue("Expected product evidence to contain \"" + product + "\".",
|
assertTrue("Expected product evidence to contain \"" + product + "\".",
|
||||||
result.getProductEvidence().toString().contains(product));
|
result.getProductEvidence().toString().contains(product));
|
||||||
|
assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -150,11 +171,13 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
|
|||||||
final Dependency last = dependencies.get(3);
|
final Dependency last = dependencies.get(3);
|
||||||
assertProductEvidence(last, "libavresample");
|
assertProductEvidence(last, "libavresample");
|
||||||
assertVersionEvidence(last, "1.0.1");
|
assertVersionEvidence(last, "1.0.1");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void assertVersionEvidence(Dependency result, String version) {
|
private void assertVersionEvidence(Dependency result, String version) {
|
||||||
assertTrue("Expected version evidence to contain \"" + version + "\".",
|
assertTrue("Expected version evidence to contain \"" + version + "\".",
|
||||||
result.getVersionEvidence().toString().contains(version));
|
result.getVersionEvidence().toString().contains(version));
|
||||||
|
assertEquals(version,result.getVersion());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test(expected = InitializationException.class)
|
@Test(expected = InitializationException.class)
|
||||||
|
|||||||
Reference in New Issue
Block a user