github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-04-23 16:58:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

checkstyle corrections

Browse Source 
Former-commit-id: 0067c70b027c153e56a7e48d7fe1066aadba9016
This commit is contained in:
Jeremy Long
2015-05-10 08:19:01 -04:00
parent c4ca53cdf9
commit aa7f903210
1 changed files with 253 additions and 214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
View File

@@ -41,8 +41,7 @@ import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.UrlStringUtils;
/**
* Used to analyze a Python package, and collect information that can be used to
* determine the associated CPE.
* Used to analyze a Python package, and collect information that can be used to determine the associated CPE.
*
* @author Dale Visser <dvisser@ida.org>
*/
@@ -107,13 +106,17 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Filter that detects files named "__init__.py".
*/
private static final FileFilter INIT_PY_FILTER = new NameFileFilter(
"__init__.py");
private static final FileFilter INIT_PY_FILTER = new NameFileFilter("__init__.py");
/**
* The file filter for python files.
*/
private static final FileFilter PY_FILTER = new SuffixFileFilter(".py");
/**
* Returns the name of the Python Package Analyzer.
*
* @return the name of the analyzer
*/
@Override
public String getName() {
@@ -122,6 +125,8 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Tell that we are used for information collection.
*
* @return INFORMATION_COLLECTION
*/
@Override
public AnalysisPhase getAnalysisPhase() {
@@ -129,7 +134,9 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
}
/**
* Return the set of supported file extensions.
* Returns the set of supported file extensions.
*
* @return the set of supported file extensions
*/
@Override
protected Set<String> getSupportedExtensions() {
@@ -138,18 +145,33 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
/**
* No-op initializer implementation.
*
* @throws Exception never thrown
*/
@Override
protected void initializeFileTypeAnalyzer() throws Exception {
// Nothing to do here.
}
/**
* Utility function to create a regex pattern matcher.
*
* @param name the value to use when constructing the assignment pattern
* @return the compiled Pattern
*/
private static Pattern compileAssignPattern(String name) {
return Pattern.compile(
String.format("\\b(__)?%s(__)?\\b *= *(['\"]+)(.*?)\\3", name),
REGEX_OPTIONS);
}
/**
* Analyzes python packages and adds evidence to the dependency.
*
* @param dependency the dependency being analyzed
* @param engine the engine being used to perform the scan
* @throws AnalysisException thrown if there is an unrecoverable error analyzing the dependency
*/
@Override
protected void analyzeFileType(Dependency dependency, Engine engine)
throws AnalysisException {
@@ -176,11 +198,13 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
}
/**
* This should gather information from leading docstrings, file comments,
* and assignments to __version__, __title__, __summary__, __uri__, __url__,
* __home*page__, __author__, and their all caps equivalents.
* This should gather information from leading docstrings, file comments, and assignments to __version__, __title__,
* __summary__, __uri__, __url__, __home*page__, __author__, and their all caps equivalents.
*
* @param dependency the dependency being analyzed
* @param file the file name to analyze
* @return whether evidence was found
* @throws AnalysisException thrown if there is an unrecoverable error
*/
private boolean analyzeFileContents(Dependency dependency, File file)
throws AnalysisException {
@@ -222,6 +246,17 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
return found;
}
/**
* Adds summary information to the dependency
*
* @param dependency the dependency being analyzed
* @param pattern the pattern used to perform analysis
* @param group the group from the pattern that indicates the data to use
* @param contents the data being analyzed
* @param source the source name to use when recording the evidence
* @param key the key name to use when recording the evidence
* @return true if evidence was collected; otherwise false
*/
private boolean addSummaryInfo(Dependency dependency, Pattern pattern,
int group, String contents, String source, String key) {
final Matcher matcher = pattern.matcher(contents);
@@ -233,6 +268,17 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
return found;
}
/**
* Collects evidence from the home page URL.
*
* @param pattern the pattern to match
* @param evidence the evidence collection to add the evidence to
* @param source the source of the evidence
* @param name the name of the evidence
* @param contents the home page URL
* @return true if evidence was collected; otherwise false
* @throws MalformedURLException
*/
private boolean gatherHomePageEvidence(Pattern pattern,
EvidenceCollection evidence, String source, String name,
String contents) throws MalformedURLException {
@@ -249,21 +295,14 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
}
/**
* Gather evidence from a Python source file usin the given string
* assignment regex pattern.
* Gather evidence from a Python source file usin the given string assignment regex pattern.
*
* @param pattern
* to scan contents with
* @param contents
* of Python source file
* @param source
* for storing evidence
* @param evidence
* to store evidence in
* @param name
* of evidence
* @param confidence
* in evidence
* @param pattern to scan contents with
* @param contents of Python source file
* @param source for storing evidence
* @param evidence to store evidence in
* @param name of evidence
* @param confidence in evidence
* @return whether evidence was found
*/
private boolean gatherEvidence(Pattern pattern, String contents,