From 9b718490e312ad2ec29f4430d6f065a9d831a6a1 Mon Sep 17 00:00:00 2001
From: brianf <brianf@apache.org>
Date: Thu, 21 Sep 2017 15:00:38 -0400
Subject: [PATCH] Centralize the collection of name and version to be used for
 synthesizing a displayName.

Fixed the swift/cocoapod analyzers to new model
---
 .../analyzer/CocoaPodsAnalyzer.java           | 10 ++-
 .../analyzer/SwiftPackageManagerAnalyzer.java | 17 +++--
 .../dependency/Dependency.java                | 72 ++++++++++++++++++-
 .../analyzer/SwiftAnalyzersTest.java          | 11 ++-
 4 files changed, 101 insertions(+), 9 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java
index a8a33121e..22e314184 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java
@@ -52,6 +52,11 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
      */
     private static final String ANALYZER_NAME = "CocoaPods Package Analyzer";
 
+    /**
+     * The dependency Ecosystem
+     */
+     static final String DEPENDENCY_ECOSYSTEM = "CocoaPod";
+    
     /**
      * The phase that this analyzer is intended to run in.
      */
@@ -122,6 +127,7 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
 
+    		dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
         String contents;
         try {
             contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());
@@ -141,6 +147,7 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
             final String name = addStringEvidence(product, contents, blockVariable, "name", "name", Confidence.HIGHEST);
             if (!name.isEmpty()) {
                 vendor.addEvidence(PODSPEC, "name_project", name, Confidence.HIGHEST);
+                dependency.setName(name);
             }
             addStringEvidence(product, contents, blockVariable, "summary", "summary", Confidence.HIGHEST);
 
@@ -148,7 +155,8 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
             addStringEvidence(vendor, contents, blockVariable, "homepage", "homepage", Confidence.HIGHEST);
             addStringEvidence(vendor, contents, blockVariable, "license", "licen[cs]es?", Confidence.HIGHEST);
 
-            addStringEvidence(version, contents, blockVariable, "version", "version", Confidence.HIGHEST);
+            final String versionStr = addStringEvidence(version, contents, blockVariable, "version", "version", Confidence.HIGHEST);
+            dependency.setVersion(versionStr);
         }
 
         setPackagePath(dependency);
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java
index 5805ecb3b..07b47bd3d 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java
@@ -47,6 +47,11 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
      * The name of the analyzer.
      */
     private static final String ANALYZER_NAME = "SWIFT Package Manager Analyzer";
+    
+    /**
+     * The dependency Ecosystem
+     */
+    static final String DEPENDENCY_ECOSYSTEM = "Swift.PM";
 
     /**
      * The phase that this analyzer is intended to run in.
@@ -119,6 +124,8 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
 
+    	    dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);   
+    	
         String contents;
         try {
             contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());
@@ -141,11 +148,13 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
             final String name = addStringEvidence(product, packageDescription, "name", "name", Confidence.HIGHEST);
             if (name != null && !name.isEmpty()) {
                 vendor.addEvidence(SPM_FILE_NAME, "name_project", name, Confidence.HIGHEST);
+                dependency.setName(name);
+            }
+            else
+            {
+            	    //if we can't get the name from the meta, then assume the name is the name of the parent folder containing the package.swift file.
+            		dependency.setName(dependency.getActualFile().getParentFile().getName());
             }
-            
-            final File actual = dependency.getActualFile();
-            final String parentName = actual.getParentFile().getName();
-            dependency.setDisplayFileName(parentName + "/" + actual.getName());
         }
         setPackagePath(dependency);
     }
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
index 6beb4a9c1..de78f2d70 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
@@ -142,6 +142,21 @@ public class Dependency implements Serializable, Comparable<Dependency> {
      * Defines an actual or virtual dependency.
      */
     private boolean isVirtual = false;
+    
+    /**
+     * Defines the human-recognizable name for the dependency
+     */
+    private String name;
+    
+    /**
+     * Defines the human-recognizable version for the dependency
+     */
+    private String version;
+    
+    /**
+     * Defines the ecosystem identifier for this dependency
+     */
+    private String dependencyEcosystem;
 
     /**
      * Returns the package path.
@@ -283,13 +298,24 @@ public class Dependency implements Serializable, Comparable<Dependency> {
 
     /**
      * Returns the file name to display in reports; if no display file name has
-     * been set it will default to the actual file name.
+     * been set it will default to constructing a name based on the name and version 
+     * fields, otherwise it will return the actual file name.
      *
      * @return the file name to display
      */
     public String getDisplayFileName() {
         if (displayName == null) {
-            return this.fileName;
+        	   if(name != null) {
+        		   if (version != null) {
+        			   return name + ":" + version;
+        		   }
+        		   else {
+        			   return name;
+        		   }
+        	   }	   
+        	   else { 
+        		   return this.fileName;
+        	   }	   
         }
         return this.displayName;
     }
@@ -582,6 +608,20 @@ public class Dependency implements Serializable, Comparable<Dependency> {
     }
 
     /**
+	 * @return the name
+	 */
+	public String getName() {
+		return name;
+	}
+
+	/**
+	 * @param name the name to set
+	 */
+	public void setName(String name) {
+		this.name = name;
+	}
+
+	/**
      * Get the list of vulnerabilities.
      *
      * @return the list of vulnerabilities
@@ -830,4 +870,32 @@ public class Dependency implements Serializable, Comparable<Dependency> {
         return "Dependency{ fileName='" + fileName + "', actualFilePath='" + actualFilePath
                 + "', filePath='" + filePath + "', packagePath='" + packagePath + "'}";
     }
+
+	/**
+	 * @return the version
+	 */
+	public String getVersion() {
+		return version;
+	}
+
+	/**
+	 * @param version the version to set
+	 */
+	public void setVersion(String version) {
+		this.version = version;
+	}
+
+	/**
+	 * @return the dependencyEcosystem
+	 */
+	public String getDependencyEcosystem() {
+		return dependencyEcosystem;
+	}
+
+	/**
+	 * @param dependencyEcosystem the dependencyEcosystem to set
+	 */
+	public void setDependencyEcosystem(String dependencyEcosystem) {
+		this.dependencyEcosystem = dependencyEcosystem;
+	}
 }
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/SwiftAnalyzersTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/SwiftAnalyzersTest.java
index 6bb0e5fad..c43b65b71 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/SwiftAnalyzersTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/SwiftAnalyzersTest.java
@@ -106,7 +106,10 @@ public class SwiftAnalyzersTest extends BaseTest {
         assertThat(vendorString, containsString("MIT"));
         assertThat(result.getProductEvidence().toString(), containsString("EasyPeasy"));
         assertThat(result.getVersionEvidence().toString(), containsString("0.2.3"));
-        assertThat(result.getDisplayFileName(),equalTo("EasyPeasy.podspec"));
+        assertThat(result.getName(),equalTo("EasyPeasy"));
+        assertThat(result.getVersion(),equalTo("0.2.3"));
+        assertThat(result.getDisplayFileName(),equalTo("EasyPeasy:0.2.3"));
+        assertThat(result.getDependencyEcosystem(),equalTo(CocoaPodsAnalyzer.DEPENDENCY_ECOSYSTEM));
     }
 
     /**
@@ -121,6 +124,10 @@ public class SwiftAnalyzersTest extends BaseTest {
         spmAnalyzer.analyze(result, null);
 
         assertThat(result.getProductEvidence().toString(), containsString("Gloss"));
-        assertThat(result.getDisplayFileName(),equalTo("Gloss/Package.swift"));
+        assertThat(result.getName(),equalTo("Gloss"));
+        //TODO: when version processing is added, update the expected name.
+        assertThat(result.getDisplayFileName(),equalTo("Gloss"));
+        
+        assertThat(result.getDependencyEcosystem(),equalTo(SwiftPackageManagerAnalyzer.DEPENDENCY_ECOSYSTEM));
     }
 }