github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 08:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Centralize the collection of name and version to be used for

Browse Source 
synthesizing a displayName.

Fixed the swift/cocoapod analyzers to new model
This commit is contained in:
brianf
2017-09-21 15:00:38 -04:00
parent 4e745c9c89
commit 9b718490e3
4 changed files with 101 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java
View File

@@ -52,6 +52,11 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
*/
private static final String ANALYZER_NAME = "CocoaPods Package Analyzer";
/**
* The dependency Ecosystem
*/
static final String DEPENDENCY_ECOSYSTEM = "CocoaPod";
/**
* The phase that this analyzer is intended to run in.
*/
@@ -122,6 +127,7 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
protected void analyzeDependency(Dependency dependency, Engine engine)
throws AnalysisException {
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
String contents;
try {
contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());
@@ -141,6 +147,7 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
final String name = addStringEvidence(product, contents, blockVariable, "name", "name", Confidence.HIGHEST);
if (!name.isEmpty()) {
vendor.addEvidence(PODSPEC, "name_project", name, Confidence.HIGHEST);
dependency.setName(name);
}
addStringEvidence(product, contents, blockVariable, "summary", "summary", Confidence.HIGHEST);
@@ -148,7 +155,8 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
addStringEvidence(vendor, contents, blockVariable, "homepage", "homepage", Confidence.HIGHEST);
addStringEvidence(vendor, contents, blockVariable, "license", "licen[cs]es?", Confidence.HIGHEST);
addStringEvidence(version, contents, blockVariable, "version", "version", Confidence.HIGHEST);
final String versionStr = addStringEvidence(version, contents, blockVariable, "version", "version", Confidence.HIGHEST);
dependency.setVersion(versionStr);
}
setPackagePath(dependency);

17
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java
View File

@@ -47,6 +47,11 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "SWIFT Package Manager Analyzer";
/**
* The dependency Ecosystem
*/
static final String DEPENDENCY_ECOSYSTEM = "Swift.PM";
/**
* The phase that this analyzer is intended to run in.
@@ -119,6 +124,8 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
protected void analyzeDependency(Dependency dependency, Engine engine)
throws AnalysisException {
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
String contents;
try {
contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());
@@ -141,11 +148,13 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
final String name = addStringEvidence(product, packageDescription, "name", "name", Confidence.HIGHEST);
if (name != null && !name.isEmpty()) {
vendor.addEvidence(SPM_FILE_NAME, "name_project", name, Confidence.HIGHEST);
dependency.setName(name);
}
else
{
//if we can't get the name from the meta, then assume the name is the name of the parent folder containing the package.swift file.
dependency.setName(dependency.getActualFile().getParentFile().getName());
}
final File actual = dependency.getActualFile();
final String parentName = actual.getParentFile().getName();
dependency.setDisplayFileName(parentName + "/" + actual.getName());
}
setPackagePath(dependency);
}

72
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View File

@@ -142,6 +142,21 @@ public class Dependency implements Serializable, Comparable<Dependency> {
* Defines an actual or virtual dependency.
*/
private boolean isVirtual = false;
/**
* Defines the human-recognizable name for the dependency
*/
private String name;
/**
* Defines the human-recognizable version for the dependency
*/
private String version;
/**
* Defines the ecosystem identifier for this dependency
*/
private String dependencyEcosystem;
/**
* Returns the package path.
@@ -283,13 +298,24 @@ public class Dependency implements Serializable, Comparable<Dependency> {
/**
* Returns the file name to display in reports; if no display file name has
* been set it will default to the actual file name.
* been set it will default to constructing a name based on the name and version
* fields, otherwise it will return the actual file name.
*
* @return the file name to display
*/
public String getDisplayFileName() {
if (displayName == null) {
return this.fileName;
if(name != null) {
if (version != null) {
return name + ":" + version;
}
else {
return name;
}
}
else {
return this.fileName;
}
}
return this.displayName;
}
@@ -582,6 +608,20 @@ public class Dependency implements Serializable, Comparable<Dependency> {
}
/**
* @return the name
*/
public String getName() {
return name;
}
/**
* @param name the name to set
*/
public void setName(String name) {
this.name = name;
}
/**
* Get the list of vulnerabilities.
*
* @return the list of vulnerabilities
@@ -830,4 +870,32 @@ public class Dependency implements Serializable, Comparable<Dependency> {
return "Dependency{ fileName='" + fileName + "', actualFilePath='" + actualFilePath
+ "', filePath='" + filePath + "', packagePath='" + packagePath + "'}";
}
/**
* @return the version
*/
public String getVersion() {
return version;
}
/**
* @param version the version to set
*/
public void setVersion(String version) {
this.version = version;
}
/**
* @return the dependencyEcosystem
*/
public String getDependencyEcosystem() {
return dependencyEcosystem;
}
/**
* @param dependencyEcosystem the dependencyEcosystem to set
*/
public void setDependencyEcosystem(String dependencyEcosystem) {
this.dependencyEcosystem = dependencyEcosystem;
}
}

11
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/SwiftAnalyzersTest.java
View File

@@ -106,7 +106,10 @@ public class SwiftAnalyzersTest extends BaseTest {
assertThat(vendorString, containsString("MIT"));
assertThat(result.getProductEvidence().toString(), containsString("EasyPeasy"));
assertThat(result.getVersionEvidence().toString(), containsString("0.2.3"));
assertThat(result.getDisplayFileName(),equalTo("EasyPeasy.podspec"));
assertThat(result.getName(),equalTo("EasyPeasy"));
assertThat(result.getVersion(),equalTo("0.2.3"));
assertThat(result.getDisplayFileName(),equalTo("EasyPeasy:0.2.3"));
assertThat(result.getDependencyEcosystem(),equalTo(CocoaPodsAnalyzer.DEPENDENCY_ECOSYSTEM));
}
/**
@@ -121,6 +124,10 @@ public class SwiftAnalyzersTest extends BaseTest {
spmAnalyzer.analyze(result, null);
assertThat(result.getProductEvidence().toString(), containsString("Gloss"));
assertThat(result.getDisplayFileName(),equalTo("Gloss/Package.swift"));
assertThat(result.getName(),equalTo("Gloss"));
//TODO: when version processing is added, update the expected name.
assertThat(result.getDisplayFileName(),equalTo("Gloss"));
assertThat(result.getDependencyEcosystem(),equalTo(SwiftPackageManagerAnalyzer.DEPENDENCY_ECOSYSTEM));
}
}