github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-27 03:21:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

checkstyle corrections

Browse Source 
Former-commit-id: 0067c70b027c153e56a7e48d7fe1066aadba9016
This commit is contained in:
Jeremy Long
2015-05-10 08:19:01 -04:00
parent c4ca53cdf9
commit aa7f903210
1 changed files with 253 additions and 214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
View File

@@ -41,8 +41,7 @@ import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.UrlStringUtils; import org.owasp.dependencycheck.utils.UrlStringUtils;
/** /**
* Used to analyze a Python package, and collect information that can be used to * Used to analyze a Python package, and collect information that can be used to determine the associated CPE.
* determine the associated CPE.
* *
* @author Dale Visser <dvisser@ida.org> * @author Dale Visser <dvisser@ida.org>
*/ */
@@ -107,13 +106,17 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
/** /**
* Filter that detects files named "__init__.py". * Filter that detects files named "__init__.py".
*/ */
private static final FileFilter INIT_PY_FILTER = new NameFileFilter( private static final FileFilter INIT_PY_FILTER = new NameFileFilter("__init__.py");
"__init__.py");
/**
* The file filter for python files.
*/
private static final FileFilter PY_FILTER = new SuffixFileFilter(".py"); private static final FileFilter PY_FILTER = new SuffixFileFilter(".py");
/** /**
* Returns the name of the Python Package Analyzer. * Returns the name of the Python Package Analyzer.
*
* @return the name of the analyzer
*/ */
@Override @Override
public String getName() { public String getName() {
@@ -122,6 +125,8 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
/** /**
* Tell that we are used for information collection. * Tell that we are used for information collection.
*
* @return INFORMATION_COLLECTION
*/ */
@Override @Override
public AnalysisPhase getAnalysisPhase() { public AnalysisPhase getAnalysisPhase() {
@@ -129,7 +134,9 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
} }
/** /**
* Return the set of supported file extensions. * Returns the set of supported file extensions.
*
* @return the set of supported file extensions
*/ */
@Override @Override
protected Set<String> getSupportedExtensions() { protected Set<String> getSupportedExtensions() {
@@ -138,18 +145,33 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
/** /**
* No-op initializer implementation. * No-op initializer implementation.
*
* @throws Exception never thrown
*/ */
@Override @Override
protected void initializeFileTypeAnalyzer() throws Exception { protected void initializeFileTypeAnalyzer() throws Exception {
// Nothing to do here. // Nothing to do here.
} }
/**
* Utility function to create a regex pattern matcher.
*
* @param name the value to use when constructing the assignment pattern
* @return the compiled Pattern
*/
private static Pattern compileAssignPattern(String name) { private static Pattern compileAssignPattern(String name) {
return Pattern.compile( return Pattern.compile(
String.format("\\b(__)?%s(__)?\\b *= *(['\"]+)(.*?)\\3", name), String.format("\\b(__)?%s(__)?\\b *= *(['\"]+)(.*?)\\3", name),
REGEX_OPTIONS); REGEX_OPTIONS);
} }
/**
* Analyzes python packages and adds evidence to the dependency.
*
* @param dependency the dependency being analyzed
* @param engine the engine being used to perform the scan
* @throws AnalysisException thrown if there is an unrecoverable error analyzing the dependency
*/
@Override @Override
protected void analyzeFileType(Dependency dependency, Engine engine) protected void analyzeFileType(Dependency dependency, Engine engine)
throws AnalysisException { throws AnalysisException {
@@ -176,11 +198,13 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
} }
/** /**
* This should gather information from leading docstrings, file comments, * This should gather information from leading docstrings, file comments, and assignments to __version__, __title__,
* and assignments to __version__, __title__, __summary__, __uri__, __url__, * __summary__, __uri__, __url__, __home*page__, __author__, and their all caps equivalents.
* __home*page__, __author__, and their all caps equivalents.
* *
* @param dependency the dependency being analyzed
* @param file the file name to analyze
* @return whether evidence was found * @return whether evidence was found
* @throws AnalysisException thrown if there is an unrecoverable error
*/ */
private boolean analyzeFileContents(Dependency dependency, File file) private boolean analyzeFileContents(Dependency dependency, File file)
throws AnalysisException { throws AnalysisException {
@@ -222,6 +246,17 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
return found; return found;
} }
/**
* Adds summary information to the dependency
*
* @param dependency the dependency being analyzed
* @param pattern the pattern used to perform analysis
* @param group the group from the pattern that indicates the data to use
* @param contents the data being analyzed
* @param source the source name to use when recording the evidence
* @param key the key name to use when recording the evidence
* @return true if evidence was collected; otherwise false
*/
private boolean addSummaryInfo(Dependency dependency, Pattern pattern, private boolean addSummaryInfo(Dependency dependency, Pattern pattern,
int group, String contents, String source, String key) { int group, String contents, String source, String key) {
final Matcher matcher = pattern.matcher(contents); final Matcher matcher = pattern.matcher(contents);
@@ -233,6 +268,17 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
return found; return found;
} }
/**
* Collects evidence from the home page URL.
*
* @param pattern the pattern to match
* @param evidence the evidence collection to add the evidence to
* @param source the source of the evidence
* @param name the name of the evidence
* @param contents the home page URL
* @return true if evidence was collected; otherwise false
* @throws MalformedURLException
*/
private boolean gatherHomePageEvidence(Pattern pattern, private boolean gatherHomePageEvidence(Pattern pattern,
EvidenceCollection evidence, String source, String name, EvidenceCollection evidence, String source, String name,
String contents) throws MalformedURLException { String contents) throws MalformedURLException {
@@ -249,21 +295,14 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
} }
/** /**
* Gather evidence from a Python source file usin the given string * Gather evidence from a Python source file usin the given string assignment regex pattern.
* assignment regex pattern.
* *
* @param pattern * @param pattern to scan contents with
* to scan contents with * @param contents of Python source file
* @param contents * @param source for storing evidence
* of Python source file * @param evidence to store evidence in
* @param source * @param name of evidence
* for storing evidence * @param confidence in evidence
* @param evidence
* to store evidence in
* @param name
* of evidence
* @param confidence
* in evidence
* @return whether evidence was found * @return whether evidence was found
*/ */
private boolean gatherEvidence(Pattern pattern, String contents, private boolean gatherEvidence(Pattern pattern, String contents,