github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-16 08:36:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed merge conflict

Browse Source 
Former-commit-id: 4a4bfd553bd5b91c53e87f7e327beb0a605bc21f
This commit is contained in:
Will Stranathan
2014-03-01 15:07:40 -05:00
parent 43a6c81151 b486788993
commit 9b34b5ca89
24 changed files with 114 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -299,13 +299,13 @@ public class Engine {
final String msg = String.format("Initializing %s", a.getName());
Logger.getLogger(Engine.class.getName()).log(Level.FINE, msg);
a.initialize();
} catch (Exception ex) {
} catch (Throwable ex) {
final String msg = String.format("Exception occurred initializing %s.", a.getName());
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, msg);
Logger.getLogger(Engine.class.getName()).log(Level.FINE, null, ex);
try {
a.close();
} catch (Exception ex1) {
} catch (Throwable ex1) {
Logger.getLogger(Engine.class.getName()).log(Level.FINEST, null, ex1);
}
}
@@ -354,7 +354,7 @@ public class Engine {
Logger.getLogger(Engine.class.getName()).log(Level.FINE, msg);
try {
a.close();
} catch (Exception ex) {
} catch (Throwable ex) {
Logger.getLogger(Engine.class.getName()).log(Level.FINEST, null, ex);
}
}

5
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -175,9 +175,10 @@ public class ArchiveAnalyzer extends AbstractAnalyzer implements Analyzer {
public void close() throws Exception {
if (tempFileLocation != null && tempFileLocation.exists()) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, "Attempting to delete temporary files");
boolean success = FileUtils.delete(tempFileLocation);
final boolean success = FileUtils.delete(tempFileLocation);
if (!success) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING, "Failed to delete some temporary files, see the log for more details");
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING,
"Failed to delete some temporary files, see the log for more details");
}
}
}

11
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
View File

@@ -180,14 +180,14 @@ public class AssemblyAnalyzer extends AbstractAnalyzer {
if (fos != null) {
try {
fos.close();
} catch (Exception e) {
} catch (Throwable e) {
LOG.fine("Error closing output stream");
}
}
if (is != null) {
try {
is.close();
} catch (Exception e) {
} catch (Throwable e) {
LOG.fine("Error closing input stream");
}
}
@@ -206,9 +206,10 @@ public class AssemblyAnalyzer extends AbstractAnalyzer {
grokAssemblyExe = null;
throw new AnalysisException("Could not execute .NET AssemblyAnalyzer");
}
} catch (Exception e) {
LOG.warning("An error occured with the .NET AssemblyAnalyzer, please see the log for more details.");
LOG.fine("Could not execute GrokAssembly " + e.getMessage());
} catch (Throwable e) {
LOG.warning("An error occured with the .NET AssemblyAnalyzer; "
+ "this can be ignored unless you are scanning .NET dlls. Please see the log for more details.");
LOG.log(Level.FINE, "Could not execute GrokAssembly {0}", e.getMessage());
throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", e);
}

52
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -25,6 +25,7 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.Reader;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
@@ -393,11 +394,9 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
} finally {
try {
input.close();
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
}
closeStream(bos);
closeStream(fos);
closeStream(input);
}
Model model = null;
FileInputStream fis = null;
@@ -423,17 +422,41 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
throw ex;
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex);
}
}
closeStream(fis);
}
return model;
}
/**
* Silently closes an input stream ignoring errors.
*
* @param stream an input stream to close
*/
private void closeStream(InputStream stream) {
if (stream != null) {
try {
stream.close();
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex);
}
}
}
/**
* Silently closes an output stream ignoring errors.
*
* @param stream an output stream to close
*/
private void closeStream(OutputStream stream) {
if (stream != null) {
try {
stream.close();
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex);
}
}
}
/**
* Retrieves the specified POM from a jar file and converts it to a Model.
*
@@ -938,9 +961,10 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
public void close() {
if (tempFileLocation != null && tempFileLocation.exists()) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, "Attempting to delete temporary files");
boolean success = FileUtils.delete(tempFileLocation);
final boolean success = FileUtils.delete(tempFileLocation);
if (!success) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, "Failed to delete some temporary files, see the log for more details");
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING,
"Failed to delete some temporary files, see the log for more details");
}
}
}

7
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
View File

@@ -17,13 +17,12 @@
*/
package org.owasp.dependencycheck.analyzer;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import java.io.FileInputStream;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nuget.NugetPackage;
import org.owasp.dependencycheck.data.nuget.NuspecParser;
import org.owasp.dependencycheck.data.nuget.XPathNuspecParser;
@@ -128,7 +127,7 @@ public class NuspecAnalyzer extends AbstractAnalyzer {
if (fis != null) {
try {
fis.close();
} catch (Exception e) {
} catch (Throwable e) {
LOGGER.fine("Error closing input stream");
}
}
@@ -143,7 +142,7 @@ public class NuspecAnalyzer extends AbstractAnalyzer {
if (np.getTitle() != null) {
dependency.getProductEvidence().addEvidence("nuspec", "title", np.getTitle(), Confidence.MEDIUM);
}
} catch (Exception e) {
} catch (Throwable e) {
throw new AnalysisException(e);
}
}

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java
View File

@@ -137,7 +137,7 @@ public class NexusSearch {
* Nexus. This is useful upstream for recovery, so we just re-throw it
*/
throw fnfe;
} catch (Exception e) {
} catch (Throwable e) {
// Anything else is jacked-up XML stuff that we really can't recover
// from well
throw new IOException(e.getMessage(), e);
@@ -151,7 +151,7 @@ public class NexusSearch {
*/
public boolean preflightRequest() {
try {
HttpURLConnection conn = URLConnectionFactory.createHttpURLConnection(new URL(rootURL, "status"));
final HttpURLConnection conn = URLConnectionFactory.createHttpURLConnection(new URL(rootURL, "status"));
conn.addRequestProperty("Accept", "application/xml");
conn.connect();
if (conn.getResponseCode() != 200) {
@@ -164,7 +164,7 @@ public class NexusSearch {
LOGGER.warning("Expected root node name of status, got " + doc.getDocumentElement().getNodeName());
return false;
}
} catch (Exception e) {
} catch (Throwable e) {
return false;
}

11
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParser.java
View File

@@ -18,12 +18,10 @@
package org.owasp.dependencycheck.data.nuget;
import java.io.InputStream;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
@@ -33,6 +31,7 @@ import org.w3c.dom.Node;
* @author colezlaw
*/
public class XPathNuspecParser implements NuspecParser {
/**
* Gets the string value of a node or null if it's not present
*
@@ -71,11 +70,11 @@ public class XPathNuspecParser implements NuspecParser {
nuspec.setId(xpath.evaluate("/package/metadata/id", d));
nuspec.setVersion(xpath.evaluate("/package/metadata/version", d));
nuspec.setAuthors(xpath.evaluate("/package/metadata/authors", d));
nuspec.setOwners(getOrNull((Node) xpath.evaluate("/package/metadata/owners", d, XPathConstants.NODE)));
nuspec.setLicenseUrl(getOrNull((Node) xpath.evaluate("/package/metadata/licenseUrl", d, XPathConstants.NODE)));
nuspec.setTitle(getOrNull((Node) xpath.evaluate("/package/metadata/title", d, XPathConstants.NODE)));
nuspec.setOwners(getOrNull((Node) xpath.evaluate("/package/metadata/owners", d, XPathConstants.NODE)));
nuspec.setLicenseUrl(getOrNull((Node) xpath.evaluate("/package/metadata/licenseUrl", d, XPathConstants.NODE)));
nuspec.setTitle(getOrNull((Node) xpath.evaluate("/package/metadata/title", d, XPathConstants.NODE)));
return nuspec;
} catch (Exception e) {
} catch (Throwable e) {
throw new NuspecParseException("Unable to parse nuspec", e);
}
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -300,7 +300,7 @@ public class CveDB {
* @throws DatabaseException thrown when there is an error retrieving the data from the DB
*/
public Set<Pair<String, String>> getVendorProductList() throws DatabaseException {
HashSet data = new HashSet<Pair<String, String>>();
final HashSet data = new HashSet<Pair<String, String>>();
ResultSet rs = null;
PreparedStatement ps = null;
try {

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverShim.java
View File

@@ -116,7 +116,7 @@ class DriverShim implements Driver {
Method m = null;
try {
m = driver.getClass().getMethod("getParentLogger");
} catch (Exception e) {
} catch (Throwable e) {
throw new SQLFeatureNotSupportedException();
}
if (m != null) {

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java
View File

@@ -292,7 +292,7 @@ public class StandardUpdate {
if (cveDB != null) {
try {
cveDB.close();
} catch (Exception ignore) {
} catch (Throwable ignore) {
Logger.getLogger(StandardUpdate.class.getName()).log(Level.FINEST, "Error closing the cveDB", ignore);
}
}

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
View File

@@ -85,13 +85,13 @@ public final class Downloader {
while ((bytesRead = reader.read(buffer)) > 0) {
writer.write(buffer, 0, bytesRead);
}
} catch (Exception ex) {
} catch (Throwable ex) {
throw new DownloadFailedException("Error saving downloaded file.", ex);
} finally {
if (writer != null) {
try {
writer.close();
} catch (Exception ex) {
} catch (Throwable ex) {
Logger.getLogger(Downloader.class.getName()).log(Level.FINEST,
"Error closing the writer in Downloader.", ex);
}
@@ -99,7 +99,7 @@ public final class Downloader {
if (reader != null) {
try {
reader.close();
} catch (Exception ex) {
} catch (Throwable ex) {
Logger.getLogger(Downloader.class.getName()).log(Level.FINEST,
"Error closing the reader in Downloader.", ex);
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/LogUtils.java
View File

@@ -66,7 +66,7 @@ public final class LogUtils {
if (in != null) {
try {
in.close();
} catch (Exception ex) {
} catch (Throwable ex) {
Logger.getLogger(LogUtils.class.getName()).log(Level.FINEST, "Error closing resource stream", ex);
}
}

27
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Pair.java
View File

@@ -20,9 +20,12 @@ package org.owasp.dependencycheck.utils;
/**
* A generic pair of elements.
*
* @param <L> the type for the left element in the pair
* @param <R> the type for the right element in the pair
*
* @author Jeremy Long <jeremy.long@owasp.org>
*/
public class Pair<K, V> {
public class Pair<L, R> {
/**
* Constructs a new empty pair.
@@ -36,52 +39,52 @@ public class Pair<K, V> {
* @param left the value for the left pair
* @param right the value for the right pair
*/
public Pair(K left, V right) {
public Pair(L left, R right) {
this.left = left;
this.right = right;
}
/**
* The left element of the pair.
*/
private K left = null;
private L left = null;
/**
* Get the value of left
* Get the value of left.
*
* @return the value of left
*/
public K getLeft() {
public L getLeft() {
return left;
}
/**
* Set the value of left
* Set the value of left.
*
* @param left new value of left
*/
public void setLeft(K left) {
public void setLeft(L left) {
this.left = left;
}
/**
* The right element of the pair.
*/
private V right = null;
private R right = null;
/**
* Get the value of right
* Get the value of right.
*
* @return the value of right
*/
public V getRight() {
public R getRight() {
return right;
}
/**
* Set the value of right
* Set the value of right.
*
* @param right new value of right
*/
public void setRight(V right) {
public void setRight(R right) {
this.right = right;
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java
View File

@@ -146,7 +146,7 @@ public final class Settings {
*/
public static final String ANALYZER_NEXUS_URL = "analyzer.nexus.url";
/**
* The properties key for using the proxy to reach Nexus
* The properties key for using the proxy to reach Nexus.
*/
public static final String ANALYZER_NEXUS_PROXY = "analyzer.nexus.proxy";
/**

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
View File

@@ -32,7 +32,7 @@ import java.net.URL;
*
* @author Jeremy Long <jeremy.long@owasp.org>
*/
public class URLConnectionFactory {
public final class URLConnectionFactory {
/**
* Private constructor for this factory.

3
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java
View File

@@ -27,6 +27,7 @@ import java.util.logging.Logger;
import org.junit.After;
import org.junit.Assume;
import static org.junit.Assume.assumeFalse;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
@@ -53,7 +54,7 @@ public class AssemblyAnalyzerTest {
* @throws Exception if anything goes sideways
*/
@Before
public void setUp() {
public void setUp() {
try {
analyzer = new AssemblyAnalyzer();
analyzer.initialize();

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java
View File

@@ -73,7 +73,7 @@ public abstract class BaseDBTestCase extends TestCase {
while ((count = zin.read(data, 0, BUFFER_SIZE)) != -1) {
dest.write(data, 0, count);
}
} catch (Exception ex) {
} catch (Throwable ex) {
Logger.getLogger(BaseDBTestCase.class.getName()).log(Level.SEVERE, null, ex);
} finally {
try {

4
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/xml/NvdCve_2_0_HandlerTest.java
View File

@@ -54,7 +54,7 @@ public class NvdCve_2_0_HandlerTest {
@Test
public void testParse() {
Exception results = null;
Throwable results = null;
try {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
@@ -64,7 +64,7 @@ public class NvdCve_2_0_HandlerTest {
NvdCve20Handler instance = new NvdCve20Handler();
saxParser.parse(file, instance);
} catch (Exception ex) {
} catch (Throwable ex) {
results = ex;
}
assertTrue("Exception thrown during parse of 2012 CVE version 2.0?", results == null);