diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
index c8399d1db..25a1105e3 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
@@ -17,14 +17,16 @@
*/
package org.owasp.dependencycheck.analyzer;
-import com.hazelcast.logging.Logger;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Level;
+import java.util.logging.Logger;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
+import org.owasp.dependencycheck.utils.InvalidSettingException;
+import org.owasp.dependencycheck.utils.Settings;
/**
* The base FileTypeAnalyzer that all analyzers that have specific file types they analyze should extend.
@@ -33,88 +35,30 @@ import org.owasp.dependencycheck.dependency.Dependency;
*/
public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implements FileTypeAnalyzer {
+ //
/**
- *
- * Returns a list of supported file extensions. An example would be an analyzer that inspected java jar files. The
- * getSupportedExtensions function would return a set with a single element "jar".
- *
- *
- * Note: when implementing this the extensions returned MUST be lowercase.
- *
- * @return The file extensions supported by this analyzer.
- *
- *
- * If the analyzer returns null it will not cause additional files to be analyzed but will be executed against every
- * file loaded
+ * Base constructor that all children must call. This checks the configuration to determine if the analyzer is
+ * enabled.
*/
- protected abstract Set getSupportedExtensions();
-
- /**
- * Initializes the file type analyzer.
- *
- * @throws Exception thrown if there is an exception during initialization
- */
- protected abstract void initializeFileTypeAnalyzer() throws Exception;
-
- /**
- * Initializes the analyzer.
- *
- * @throws Exception thrown if there is an exception during initialization
- */
- public final void initialize() throws Exception {
- if (filesMatched) {
- initializeFileTypeAnalyzer();
- } else {
- enabled = false;
+ public AbstractFileTypeAnalyzer() {
+ String key = Settings.KEYS.getFileAnalyzerEnabledKey(getAnalyzerSettingKey());
+ try {
+ enabled = Settings.getBoolean(key, true);
+ } catch (InvalidSettingException ex) {
+ String msg = String.format("Invalid settting for property '%s'", key);
+ LOGGER.log(Level.WARNING, msg);
+ LOGGER.log(Level.FINE, "", ex);
+ msg = String.format("%s has been disabled", getName());
+ LOGGER.log(Level.WARNING, msg);
}
}
+//
+ //
/**
- * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
- * scanned, and added to the list of dependencies within the engine.
- *
- * @param dependency the dependency to analyze
- * @param engine the engine scanning
- * @throws AnalysisException thrown if there is an analysis exception
+ * The logger.
*/
- protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException;
-
- /**
- * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
- * scanned, and added to the list of dependencies within the engine.
- *
- * @param dependency the dependency to analyze
- * @param engine the engine scanning
- * @throws AnalysisException thrown if there is an analysis exception
- */
- @Override
- public final void analyze(Dependency dependency, Engine engine) throws AnalysisException {
- if (enabled) {
- analyzeFileType(dependency, engine);
- }
- }
-
- /**
- * Returns whether or not this analyzer can process the given extension.
- *
- * @param extension the file extension to test for support.
- * @return whether or not the specified file extension is supported by this analyzer.
- */
- @Override
- public boolean supportsExtension(String extension) {
- Set ext = getSupportedExtensions();
- if (ext == null) {
- String msg = String.format("The '%s%' analyzer is misconfigured and does not have any file extensions; it will be disabled", getName());
- Logger.getLogger(AbstractFileTypeAnalyzer.class.getName()).log(Level.SEVERE, msg);
- return false;
- } else {
- boolean match = ext.contains(extension);
- if (match) {
- filesMatched = match;
- }
- return match;
- }
- }
+ private static final Logger LOGGER = Logger.getLogger(AbstractFileTypeAnalyzer.class.getName());
/**
* Whether the file type analyzer detected any files it needs to analyze.
*/
@@ -157,7 +101,109 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
+//
+ //
+ /**
+ *
+ * Returns a list of supported file extensions. An example would be an analyzer that inspected java jar files. The
+ * getSupportedExtensions function would return a set with a single element "jar".
+ *
+ *
+ * Note: when implementing this the extensions returned MUST be lowercase.
+ *
+ * @return The file extensions supported by this analyzer.
+ *
+ *
+ * If the analyzer returns null it will not cause additional files to be analyzed but will be executed against every
+ * file loaded
+ */
+ protected abstract Set getSupportedExtensions();
+
+ /**
+ * Initializes the file type analyzer.
+ *
+ * @throws Exception thrown if there is an exception during initialization
+ */
+ protected abstract void initializeFileTypeAnalyzer() throws Exception;
+
+ /**
+ * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
+ * scanned, and added to the list of dependencies within the engine.
+ *
+ * @param dependency the dependency to analyze
+ * @param engine the engine scanning
+ * @throws AnalysisException thrown if there is an analysis exception
+ */
+ protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException;
+
+ /**
+ *
+ * Returns the key used in the properties file to reference the analyzer. An example would be the JarAnalyzer where
+ * the key is "jar". One of the associated properties would be 'analyzer.jar.enabled.
+ *
+ * @return a short string used to look up configuration properties
+ */
+ protected abstract String getAnalyzerSettingKey();
+//
+
+ //
+ /**
+ * Initializes the analyzer.
+ *
+ * @throws Exception thrown if there is an exception during initialization
+ */
+ @Override
+ public final void initialize() throws Exception {
+ if (filesMatched) {
+ initializeFileTypeAnalyzer();
+ } else {
+ enabled = false;
+ }
+ }
+
+ /**
+ * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
+ * scanned, and added to the list of dependencies within the engine.
+ *
+ * @param dependency the dependency to analyze
+ * @param engine the engine scanning
+ * @throws AnalysisException thrown if there is an analysis exception
+ */
+ @Override
+ public final void analyze(Dependency dependency, Engine engine) throws AnalysisException {
+ if (enabled) {
+ analyzeFileType(dependency, engine);
+ }
+ }
+
+ /**
+ * Returns whether or not this analyzer can process the given extension.
+ *
+ * @param extension the file extension to test for support.
+ * @return whether or not the specified file extension is supported by this analyzer.
+ */
+ @Override
+ public final boolean supportsExtension(String extension) {
+ if (!enabled) {
+ return false;
+ }
+ Set ext = getSupportedExtensions();
+ if (ext == null) {
+ String msg = String.format("The '%s%' analyzer is misconfigured and does not have any file extensions; it will be disabled", getName());
+ Logger.getLogger(AbstractFileTypeAnalyzer.class.getName()).log(Level.SEVERE, msg);
+ return false;
+ } else {
+ boolean match = ext.contains(extension);
+ if (match) {
+ filesMatched = match;
+ }
+ return match;
+ }
+ }
+//
+
+ //
/**
*
* Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a
@@ -176,4 +222,5 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
Collections.addAll(set, strings);
return set;
}
+//
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
index 888b908ef..ed8cddd0d 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -55,6 +55,10 @@ import org.owasp.dependencycheck.utils.Settings;
*/
public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
+ /**
+ * The logger.
+ */
+ private static final Logger LOGGER = Logger.getLogger(ArchiveAnalyzer.class.getName());
/**
* The buffer size to use when extracting files from the archive.
*/
@@ -75,6 +79,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
* Tracks the current scan/extraction depth for nested archives.
*/
private int scanDepth = 0;
+
//
/**
* The name of the analyzer.
@@ -134,6 +139,16 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
}
//
+ /**
+ * Returns the key used in the properties file to reference the analyzer.
+ *
+ * @return a short string used to look up configuration properties
+ */
+ @Override
+ protected String getAnalyzerSettingKey() {
+ return "archive";
+ }
+
/**
* The initialize method does nothing for this Analyzer.
*
@@ -167,11 +182,10 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
@Override
public void close() throws Exception {
if (tempFileLocation != null && tempFileLocation.exists()) {
- Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, "Attempting to delete temporary files");
+ LOGGER.log(Level.FINE, "Attempting to delete temporary files");
final boolean success = FileUtils.delete(tempFileLocation);
if (!success) {
- Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING,
- "Failed to delete some temporary files, see the log for more details");
+ LOGGER.log(Level.WARNING, "Failed to delete some temporary files, see the log for more details");
}
}
}
@@ -261,7 +275,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
try {
fis = new FileInputStream(archive);
} catch (FileNotFoundException ex) {
- Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex);
+ LOGGER.log(Level.FINE, null, ex);
throw new AnalysisException("Archive file was not found.", ex);
}
final String archiveExt = FileUtils.getFileExtension(archive.getName()).toLowerCase();
@@ -279,17 +293,17 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
}
} catch (ArchiveExtractionException ex) {
final String msg = String.format("Exception extracting archive '%s'.", archive.getName());
- Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING, msg);
- Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex);
+ LOGGER.log(Level.WARNING, msg);
+ LOGGER.log(Level.FINE, null, ex);
} catch (IOException ex) {
final String msg = String.format("Exception reading archive '%s'.", archive.getName());
- Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING, msg);
- Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex);
+ LOGGER.log(Level.WARNING, msg);
+ LOGGER.log(Level.FINE, null, ex);
} finally {
try {
fis.close();
} catch (IOException ex) {
- Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINEST, null, ex);
+ LOGGER.log(Level.FINEST, null, ex);
}
}
}
@@ -368,7 +382,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
try {
input.close();
} catch (IOException ex) {
- Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINEST, null, ex);
+ LOGGER.log(Level.FINEST, null, ex);
}
}
}
@@ -391,17 +405,17 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
out.write(buffer, 0, n);
}
} catch (FileNotFoundException ex) {
- Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex);
+ LOGGER.log(Level.FINE, null, ex);
throw new ArchiveExtractionException(ex);
} catch (IOException ex) {
- Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex);
+ LOGGER.log(Level.FINE, null, ex);
throw new ArchiveExtractionException(ex);
} finally {
if (out != null) {
try {
out.close();
} catch (IOException ex) {
- Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINEST, null, ex);
+ LOGGER.log(Level.FINEST, null, ex);
}
}
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
index c2dcd276a..1a5611d92 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
@@ -256,4 +256,14 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
+
+ /**
+ * Returns the key used in the properties file to reference the analyzer.
+ *
+ * @return a short string used to look up configuration properties
+ */
+ @Override
+ protected String getAnalyzerSettingKey() {
+ return "assembly";
+ }
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
index e95581067..e1f888eff 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -82,6 +82,10 @@ import org.xml.sax.XMLReader;
public class JarAnalyzer extends AbstractFileTypeAnalyzer {
//
+ /**
+ * The logger.
+ */
+ private static final Logger LOGGER = Logger.getLogger(JarAnalyzer.class.getName());
/**
* The buffer size to use when extracting files from the archive.
*/
@@ -169,10 +173,11 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
final JAXBContext jaxbContext = JAXBContext.newInstance("org.owasp.dependencycheck.jaxb.pom.generated");
pomUnmarshaller = jaxbContext.createUnmarshaller();
} catch (JAXBException ex) { //guess we will just have a null pointer exception later...
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, "Unable to load parser. See the log for more details.");
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
+ LOGGER.log(Level.SEVERE, "Unable to load parser. See the log for more details.");
+ LOGGER.log(Level.FINE, null, ex);
}
}
+
//
/**
* The name of the analyzer.
@@ -217,6 +222,16 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
}
//
+ /**
+ * Returns the key used in the properties file to reference the analyzer.
+ *
+ * @return a short string used to look up configuration properties
+ */
+ @Override
+ protected String getAnalyzerSettingKey() {
+ return "jar";
+ }
+
/**
* Loads a specified JAR file and collects information from the manifest and checksums to identify the correct CPE
* information.
@@ -264,8 +279,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} catch (IOException ex) {
final String msg = String.format("Unable to read JarFile '%s'.", dependency.getActualFilePath());
//final AnalysisException ax = new AnalysisException(msg, ex);
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
+ LOGGER.log(Level.WARNING, msg);
+ LOGGER.log(Level.FINE, "", ex);
return false;
}
List pomEntries;
@@ -274,8 +289,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} catch (IOException ex) {
final String msg = String.format("Unable to read Jar file entries in '%s'.", dependency.getActualFilePath());
//final AnalysisException ax = new AnalysisException(msg, ex);
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ex);
+ LOGGER.log(Level.WARNING, msg);
+ LOGGER.log(Level.FINE, msg, ex);
return false;
}
if (pomEntries.isEmpty()) {
@@ -286,7 +301,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
try {
pomProperties = retrievePomProperties(path, jar);
} catch (IOException ex) {
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, "ignore this, failed reading a non-existent pom.properties", ex);
+ LOGGER.log(Level.FINEST, "ignore this, failed reading a non-existent pom.properties", ex);
}
Model pom = null;
try {
@@ -315,8 +330,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
}
} catch (AnalysisException ex) {
final String msg = String.format("An error occured while analyzing '%s'.", dependency.getActualFilePath());
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, "", ex);
+ LOGGER.log(Level.WARNING, msg);
+ LOGGER.log(Level.FINE, "", ex);
}
}
return foundSomething;
@@ -393,7 +408,9 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
bos.flush();
dependency.setActualFilePath(file.getAbsolutePath());
} catch (IOException ex) {
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
+ final String msg = String.format("An error occured reading '%s' from '%s'.", path, dependency.getFilePath());
+ LOGGER.warning(msg);
+ LOGGER.log(Level.SEVERE, "", ex);
} finally {
closeStream(bos);
closeStream(fos);
@@ -409,18 +426,18 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
model = readPom(source);
} catch (FileNotFoundException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s' (File Not Found)", path, jar.getName());
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
+ LOGGER.log(Level.WARNING, msg);
+ LOGGER.log(Level.FINE, "", ex);
throw new AnalysisException(ex);
} catch (UnsupportedEncodingException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName());
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
+ LOGGER.log(Level.WARNING, msg);
+ LOGGER.log(Level.FINE, "", ex);
throw new AnalysisException(ex);
} catch (AnalysisException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s'", path, jar.getName());
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
+ LOGGER.log(Level.WARNING, msg);
+ LOGGER.log(Level.FINE, "", ex);
throw ex;
} finally {
closeStream(fis);
@@ -438,7 +455,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
try {
stream.close();
} catch (IOException ex) {
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex);
+ LOGGER.log(Level.FINEST, null, ex);
}
}
}
@@ -453,7 +470,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
try {
stream.close();
} catch (IOException ex) {
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex);
+ LOGGER.log(Level.FINEST, null, ex);
}
}
}
@@ -487,13 +504,13 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
throw new AnalysisException(ex);
} catch (IOException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName());
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
+ LOGGER.log(Level.WARNING, msg);
+ LOGGER.log(Level.FINE, "", ex);
throw new AnalysisException(ex);
} catch (Throwable ex) {
final String msg = String.format("Unexpected error during parsing of the pom '%s' in jar '%s'", path, jar.getName());
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
+ LOGGER.log(Level.WARNING, msg);
+ LOGGER.log(Level.FINE, "", ex);
throw new AnalysisException(ex);
}
}
@@ -930,10 +947,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
@Override
public void close() {
if (tempFileLocation != null && tempFileLocation.exists()) {
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, "Attempting to delete temporary files");
+ LOGGER.log(Level.FINE, "Attempting to delete temporary files");
final boolean success = FileUtils.delete(tempFileLocation);
if (!success) {
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING,
+ LOGGER.log(Level.WARNING,
"Failed to delete some temporary files, see the log for more details");
}
}
@@ -1043,7 +1060,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
try {
jar.close();
} catch (IOException ex) {
- Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex);
+ LOGGER.log(Level.FINEST, null, ex);
}
}
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
index e6b2742f8..bf059f593 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
@@ -38,6 +38,11 @@ import org.owasp.dependencycheck.dependency.Dependency;
*/
public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer {
+ /**
+ * The logger.
+ */
+ private static final Logger LOGGER = Logger.getLogger(JavaScriptAnalyzer.class.getName());
+
//
/**
* The name of the analyzer.
@@ -82,6 +87,15 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYSIS_PHASE;
}
//
+ /**
+ * Returns the key used in the properties file to reference the analyzer.
+ *
+ * @return a short string used to look up configuration properties
+ */
+ @Override
+ protected String getAnalyzerSettingKey() {
+ return "javascript";
+ }
/**
* Loads a specified JavaScript file and collects information from the copyright information contained within.
@@ -107,13 +121,13 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer {
final String msg = String.format("Dependency file not found: '%s'", dependency.getActualFilePath());
throw new AnalysisException(msg, ex);
} catch (IOException ex) {
- Logger.getLogger(JavaScriptAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
+ LOGGER.log(Level.SEVERE, null, ex);
} finally {
if (fin != null) {
try {
fin.close();
} catch (IOException ex) {
- Logger.getLogger(JavaScriptAnalyzer.class.getName()).log(Level.FINEST, null, ex);
+ LOGGER.log(Level.FINEST, null, ex);
}
}
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
index 81ae02265..8babfa92e 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
@@ -49,17 +49,17 @@ import org.owasp.dependencycheck.utils.Settings;
public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
/**
- * The logger
+ * The logger.
*/
private static final Logger LOGGER = Logger.getLogger(NexusAnalyzer.class.getName());
/**
- * The name of the analyzer
+ * The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Nexus Analyzer";
/**
- * The phase in which the analyzer runs
+ * The phase in which the analyzer runs.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
@@ -80,7 +80,6 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
*/
@Override
public void initializeFileTypeAnalyzer() throws Exception {
- setEnabled(Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED));
LOGGER.fine("Initializing Nexus Analyzer");
LOGGER.fine(String.format("Nexus Analyzer enabled: %s", isEnabled()));
if (isEnabled()) {
@@ -111,6 +110,16 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYZER_NAME;
}
+ /**
+ * Returns the key used in the properties file to reference the analyzer.
+ *
+ * @return a short string used to look up configuration properties
+ */
+ @Override
+ protected String getAnalyzerSettingKey() {
+ return "nexus";
+ }
+
/**
* Returns the analysis phase under which the analyzer runs.
*
@@ -167,5 +176,3 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
}
}
}
-
-// vim: cc=120:sw=4:ts=4:sts=4
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
index 70b9c700d..529d25fac 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
@@ -18,12 +18,15 @@
package org.owasp.dependencycheck.analyzer;
import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nuget.NugetPackage;
+import org.owasp.dependencycheck.data.nuget.NuspecParseException;
import org.owasp.dependencycheck.data.nuget.NuspecParser;
import org.owasp.dependencycheck.data.nuget.XPathNuspecParser;
import org.owasp.dependencycheck.dependency.Confidence;
@@ -37,17 +40,17 @@ import org.owasp.dependencycheck.dependency.Dependency;
public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
/**
- * The logger
+ * The logger.
*/
private static final Logger LOGGER = Logger.getLogger(NuspecAnalyzer.class.getName());
/**
- * The name of the analyzer
+ * The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Nuspec Analyzer";
/**
- * The phase in which the analyzer runs
+ * The phase in which the analyzer runs.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
@@ -75,6 +78,16 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYZER_NAME;
}
+ /**
+ * Returns the key used in the properties file to reference the analyzer.
+ *
+ * @return a short string used to look up configuration properties
+ */
+ @Override
+ protected String getAnalyzerSettingKey() {
+ return "nexus";
+ }
+
/**
* Returns the analysis phase under which the analyzer runs.
*
@@ -112,11 +125,15 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
try {
fis = new FileInputStream(dependency.getActualFilePath());
np = parser.parse(fis);
+ } catch (NuspecParseException ex) {
+ throw new AnalysisException(ex);
+ } catch (FileNotFoundException ex) {
+ throw new AnalysisException(ex);
} finally {
if (fis != null) {
try {
fis.close();
- } catch (Throwable e) {
+ } catch (IOException e) {
LOGGER.fine("Error closing input stream");
}
}
@@ -136,5 +153,3 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
}
}
}
-
-// vim: cc=120:sw=4:ts=4:sts=4