mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-30 22:02:28 +02:00
version 1.2.6 of the site documentation
This commit is contained in:
Jeremy Long
@@ -70,6 +70,12 @@
|
||||
</li>
|
||||
<li>
|
||||
<a href="org/owasp/dependencycheck/data/update/CachedWebDataSource.html" target="classFrame">CachedWebDataSource</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="org/owasp/dependencycheck/analyzer/CentralAnalyzer.html" target="classFrame">CentralAnalyzer</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="org/owasp/dependencycheck/data/central/CentralSearch.html" target="classFrame">CentralSearch</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="org/owasp/dependencycheck/jaxb/pom/generated/CiManagement.html" target="classFrame">CiManagement</a>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<!-- this is a JXR report set -->
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference</title>
|
||||
</head>
|
||||
<frameset cols="20%,80%">
|
||||
<frameset rows="30%,70%">
|
||||
|
||||
@@ -70,11 +70,11 @@
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> * A Map of analyzers grouped by Analysis phase.</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">transient</strong> <strong class="jxr_keyword">final</strong> EnumMap<AnalysisPhase, List<Analyzer>> analyzers;
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">transient</strong> EnumMap<AnalysisPhase, List<Analyzer>> analyzers;
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> * A Map of analyzers grouped by Analysis phase.</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">transient</strong> <strong class="jxr_keyword">final</strong> Set<FileTypeAnalyzer> fileTypeAnalyzers;
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">transient</strong> Set<FileTypeAnalyzer> fileTypeAnalyzers;
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> * The ClassLoader to use when dynamically loading Analyzer and Update services.</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment"> */</em>
|
||||
@@ -82,7 +82,7 @@
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment"> * The Logger for use throughout the class.</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">transient</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName());
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">transient</strong> Logger LOGGER = Logger.getLogger(Engine.<strong class="jxr_keyword">class</strong>.getName());
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> * Creates a new Engine.</em>
|
||||
@@ -176,342 +176,370 @@
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment"> * Scans an array of files or directories. If a directory is specified, it will be scanned recursively. Any</em>
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_javadoccomment"> * dependencies identified are added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment"> * @param paths an array of paths to files or directories to be analyzed.</em>
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(String[] paths) {
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <strong class="jxr_keyword">for</strong> (String path : paths) {
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(path);
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> scan(file);
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> }
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> }
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a>
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <em class="jxr_javadoccomment"> * Scans a given file or directory. If a directory is specified, it will be scanned recursively. Any dependencies</em>
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <em class="jxr_javadoccomment"> * identified are added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <em class="jxr_javadoccomment"> * @param path the path to a file or directory to be analyzed.</em>
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(String path) {
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <strong class="jxr_keyword">if</strong> (path.matches(<span class="jxr_string">"^.*[\\/]\\*\\.[^\\/:*|?<>\"]+$"</span>)) {
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <strong class="jxr_keyword">final</strong> String[] parts = path.split(<span class="jxr_string">"\\*\\."</span>);
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <strong class="jxr_keyword">final</strong> String[] ext = <strong class="jxr_keyword">new</strong> String[]{parts[parts.length - 1]};
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <strong class="jxr_keyword">final</strong> File dir = <strong class="jxr_keyword">new</strong> File(path.substring(0, path.length() - ext[0].length() - 2));
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <strong class="jxr_keyword">if</strong> (dir.isDirectory()) {
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">final</strong> List<File> files = (List<File>) org.apache.commons.io.FileUtils.listFiles(dir, ext, <strong class="jxr_keyword">true</strong>);
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> scan(files);
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Invalid file path provided to scan '%s'"</span>, path);
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> LOGGER.log(Level.SEVERE, msg);
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> }
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(path);
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> scan(file);
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> }
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> }
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a>
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <em class="jxr_javadoccomment"> * Scans an array of files or directories. If a directory is specified, it will be scanned recursively. Any</em>
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <em class="jxr_javadoccomment"> * dependencies identified are added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <em class="jxr_javadoccomment"> * @param files an array of paths to files or directories to be analyzed.</em>
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(File[] files) {
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <strong class="jxr_keyword">for</strong> (File file : files) {
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> scan(file);
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> }
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <em class="jxr_javadoccomment"> * @param paths an array of paths to files or directories to be analyzed</em>
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment"> * @return the list of dependencies scanned</em>
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <strong class="jxr_keyword">public</strong> List<Dependency> scan(String[] paths) {
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">final</strong> List<Dependency> deps = <strong class="jxr_keyword">new</strong> ArrayList<Dependency>();
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">for</strong> (String path : paths) {
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(path);
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">final</strong> List<Dependency> d = scan(file);
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <strong class="jxr_keyword">if</strong> (d != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> deps.addAll(d);
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> }
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> }
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <strong class="jxr_keyword">return</strong> deps;
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> }
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a>
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> * Scans a given file or directory. If a directory is specified, it will be scanned recursively. Any dependencies</em>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> * identified are added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment"> * @param path the path to a file or directory to be analyzed</em>
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment"> * @return the list of dependencies scanned</em>
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">public</strong> List<Dependency> scan(String path) {
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(path);
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">return</strong> scan(file);
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> }
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a>
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <em class="jxr_javadoccomment"> * Scans an array of files or directories. If a directory is specified, it will be scanned recursively. Any</em>
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <em class="jxr_javadoccomment"> * dependencies identified are added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_javadoccomment"> * @param files an array of paths to files or directories to be analyzed.</em>
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <em class="jxr_javadoccomment"> * @return the list of dependencies</em>
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <strong class="jxr_keyword">public</strong> List<Dependency> scan(File[] files) {
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <strong class="jxr_keyword">final</strong> List<Dependency> deps = <strong class="jxr_keyword">new</strong> ArrayList<Dependency>();
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <strong class="jxr_keyword">for</strong> (File file : files) {
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <strong class="jxr_keyword">final</strong> List<Dependency> d = scan(file);
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <strong class="jxr_keyword">if</strong> (d != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> deps.addAll(d);
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> }
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> }
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <strong class="jxr_keyword">return</strong> deps;
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> }
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a>
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <em class="jxr_javadoccomment"> * Scans a list of files or directories. If a directory is specified, it will be scanned recursively. Any</em>
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <em class="jxr_javadoccomment"> * dependencies identified are added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <em class="jxr_javadoccomment"> * @param files a set of paths to files or directories to be analyzed.</em>
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(Set<File> files) {
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> <strong class="jxr_keyword">for</strong> (File file : files) {
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> scan(file);
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> }
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> }
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a>
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <em class="jxr_javadoccomment"> * Scans a list of files or directories. If a directory is specified, it will be scanned recursively. Any</em>
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <em class="jxr_javadoccomment"> * dependencies identified are added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <em class="jxr_javadoccomment"> * @param files a set of paths to files or directories to be analyzed.</em>
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(List<File> files) {
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <strong class="jxr_keyword">for</strong> (File file : files) {
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> scan(file);
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> }
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> }
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a>
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> <em class="jxr_javadoccomment"> * Scans a given file or directory. If a directory is specified, it will be scanned recursively. Any dependencies</em>
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <em class="jxr_javadoccomment"> * identified are added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <em class="jxr_javadoccomment"> * @since v0.3.2.4</em>
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <em class="jxr_javadoccomment"> * @param file the path to a file or directory to be analyzed.</em>
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> scan(File file) {
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <strong class="jxr_keyword">if</strong> (file.exists()) {
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <strong class="jxr_keyword">if</strong> (file.isDirectory()) {
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> scanDirectory(file);
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> scanFile(file);
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> }
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> }
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> }
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a>
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> <em class="jxr_javadoccomment"> * Recursively scans files and directories. Any dependencies identified are added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <em class="jxr_javadoccomment"> * @param files a set of paths to files or directories to be analyzed</em>
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <em class="jxr_javadoccomment"> * @return the list of dependencies scanned</em>
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> <strong class="jxr_keyword">public</strong> List<Dependency> scan(Set<File> files) {
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <strong class="jxr_keyword">final</strong> List<Dependency> deps = <strong class="jxr_keyword">new</strong> ArrayList<Dependency>();
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <strong class="jxr_keyword">for</strong> (File file : files) {
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <strong class="jxr_keyword">final</strong> List<Dependency> d = scan(file);
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <strong class="jxr_keyword">if</strong> (d != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> deps.addAll(d);
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> }
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> }
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <strong class="jxr_keyword">return</strong> deps;
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> }
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a>
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <em class="jxr_javadoccomment"> * Scans a list of files or directories. If a directory is specified, it will be scanned recursively. Any</em>
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <em class="jxr_javadoccomment"> * dependencies identified are added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <em class="jxr_javadoccomment"> * @param files a set of paths to files or directories to be analyzed</em>
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <em class="jxr_javadoccomment"> * @return the list of dependencies scanned</em>
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <em class="jxr_javadoccomment"> * @since v0.3.2.5</em>
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> <strong class="jxr_keyword">public</strong> List<Dependency> scan(List<File> files) {
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <strong class="jxr_keyword">final</strong> List<Dependency> deps = <strong class="jxr_keyword">new</strong> ArrayList<Dependency>();
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <strong class="jxr_keyword">for</strong> (File file : files) {
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <strong class="jxr_keyword">final</strong> List<Dependency> d = scan(file);
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <strong class="jxr_keyword">if</strong> (d != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> deps.addAll(d);
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> }
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> }
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <strong class="jxr_keyword">return</strong> deps;
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> }
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a>
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <em class="jxr_javadoccomment"> * Scans a given file or directory. If a directory is specified, it will be scanned recursively. Any dependencies</em>
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> <em class="jxr_javadoccomment"> * identified are added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> <em class="jxr_javadoccomment"> * @param file the path to a file or directory to be analyzed</em>
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> <em class="jxr_javadoccomment"> * @return the list of dependencies scanned</em>
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> <em class="jxr_javadoccomment"> * @since v0.3.2.4</em>
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <em class="jxr_javadoccomment"> * @param dir the directory to scan.</em>
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> scanDirectory(File dir) {
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <strong class="jxr_keyword">final</strong> File[] files = dir.listFiles();
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <strong class="jxr_keyword">if</strong> (files != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <strong class="jxr_keyword">for</strong> (File f : files) {
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <strong class="jxr_keyword">if</strong> (f.isDirectory()) {
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> scanDirectory(f);
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> scanFile(f);
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> }
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> }
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> }
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> }
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a>
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> <em class="jxr_javadoccomment"> * Scans a specified file. If a dependency is identified it is added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <em class="jxr_javadoccomment"> * @param file The file to scan.</em>
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> scanFile(File file) {
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <strong class="jxr_keyword">if</strong> (!file.isFile()) {
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Path passed to scanFile(File) is not a file: %s. Skipping the file."</span>, file.toString());
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> LOGGER.log(Level.FINE, msg);
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> }
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <strong class="jxr_keyword">final</strong> String fileName = file.getName();
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <strong class="jxr_keyword">final</strong> String extension = FileUtils.getFileExtension(fileName);
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <strong class="jxr_keyword">if</strong> (extension != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <strong class="jxr_keyword">if</strong> (supportsExtension(extension)) {
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency = <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(file);
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> dependencies.add(dependency);
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> }
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"No file extension found on file '%s'. The file was not analyzed."</span>,
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> file.toString());
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> LOGGER.log(Level.FINEST, msg);
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> }
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> }
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a>
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> <em class="jxr_javadoccomment"> * Runs the analyzers against all of the dependencies.</em>
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyzeDependencies() {
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <em class="jxr_comment">//need to ensure that data exists</em>
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> ensureDataExists();
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> } <strong class="jxr_keyword">catch</strong> (NoDataException ex) {
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%s%n%nUnable to continue dependency-check analysis."</span>, ex.getMessage());
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> LOGGER.log(Level.SEVERE, msg);
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%s%n%nUnable to continue dependency-check analysis."</span>, ex.getMessage());
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> LOGGER.log(Level.SEVERE, msg);
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a>
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> }
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a>
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a> <strong class="jxr_keyword">final</strong> String logHeader = String.format(<span class="jxr_string">"%n"</span>
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> + <span class="jxr_string">"----------------------------------------------------%n"</span>
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a> + <span class="jxr_string">"BEGIN ANALYSIS%n"</span>
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> + <span class="jxr_string">"----------------------------------------------------"</span>);
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> LOGGER.log(Level.FINE, logHeader);
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> LOGGER.log(Level.INFO, <span class="jxr_string">"Analysis Starting"</span>);
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a>
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> <em class="jxr_comment">// analysis phases</em>
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> <strong class="jxr_keyword">final</strong> List<Analyzer> analyzerList = analyzers.get(phase);
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a>
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> <strong class="jxr_keyword">for</strong> (Analyzer a : analyzerList) {
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> initializeAnalyzer(a);
|
||||
<a class="jxr_linenumber" name="L342" href="#L342">342</a>
|
||||
<a class="jxr_linenumber" name="L343" href="#L343">343</a> <em class="jxr_comment">/* need to create a copy of the collection because some of the</em>
|
||||
<a class="jxr_linenumber" name="L344" href="#L344">344</a> <em class="jxr_comment"> * analyzers may modify it. This prevents ConcurrentModificationExceptions.</em>
|
||||
<a class="jxr_linenumber" name="L345" href="#L345">345</a> <em class="jxr_comment"> * This is okay for adds/deletes because it happens per analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L346" href="#L346">346</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L347" href="#L347">347</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Begin Analyzer '%s'"</span>, a.getName());
|
||||
<a class="jxr_linenumber" name="L348" href="#L348">348</a> LOGGER.log(Level.FINE, msg);
|
||||
<a class="jxr_linenumber" name="L349" href="#L349">349</a> <strong class="jxr_keyword">final</strong> Set<Dependency> dependencySet = <strong class="jxr_keyword">new</strong> HashSet<Dependency>();
|
||||
<a class="jxr_linenumber" name="L350" href="#L350">350</a> dependencySet.addAll(dependencies);
|
||||
<a class="jxr_linenumber" name="L351" href="#L351">351</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencySet) {
|
||||
<a class="jxr_linenumber" name="L352" href="#L352">352</a> <strong class="jxr_keyword">boolean</strong> shouldAnalyze = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L353" href="#L353">353</a> <strong class="jxr_keyword">if</strong> (a instanceof FileTypeAnalyzer) {
|
||||
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/analyzer/FileTypeAnalyzer.html">FileTypeAnalyzer</a> fAnalyzer = (FileTypeAnalyzer) a;
|
||||
<a class="jxr_linenumber" name="L355" href="#L355">355</a> shouldAnalyze = fAnalyzer.supportsExtension(d.getFileExtension());
|
||||
<a class="jxr_linenumber" name="L356" href="#L356">356</a> }
|
||||
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <strong class="jxr_keyword">if</strong> (shouldAnalyze) {
|
||||
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <strong class="jxr_keyword">final</strong> String msgFile = String.format(<span class="jxr_string">"Begin Analysis of '%s'"</span>, d.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L359" href="#L359">359</a> LOGGER.log(Level.FINE, msgFile);
|
||||
<a class="jxr_linenumber" name="L360" href="#L360">360</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L361" href="#L361">361</a> a.analyze(d, <strong class="jxr_keyword">this</strong>);
|
||||
<a class="jxr_linenumber" name="L362" href="#L362">362</a> } <strong class="jxr_keyword">catch</strong> (AnalysisException ex) {
|
||||
<a class="jxr_linenumber" name="L363" href="#L363">363</a> <strong class="jxr_keyword">final</strong> String exMsg = String.format(<span class="jxr_string">"An error occurred while analyzing '%s'."</span>, d.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L364" href="#L364">364</a> LOGGER.log(Level.WARNING, exMsg);
|
||||
<a class="jxr_linenumber" name="L365" href="#L365">365</a> LOGGER.log(Level.FINE, <span class="jxr_string">""</span>, ex);
|
||||
<a class="jxr_linenumber" name="L366" href="#L366">366</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L367" href="#L367">367</a> <strong class="jxr_keyword">final</strong> String axMsg = String.format(<span class="jxr_string">"An unexpected error occurred during analysis of '%s'"</span>, d.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L368" href="#L368">368</a> <em class="jxr_comment">//final AnalysisException ax = new AnalysisException(axMsg, ex);</em>
|
||||
<a class="jxr_linenumber" name="L369" href="#L369">369</a> LOGGER.log(Level.WARNING, axMsg);
|
||||
<a class="jxr_linenumber" name="L370" href="#L370">370</a> LOGGER.log(Level.FINE, <span class="jxr_string">""</span>, ex);
|
||||
<a class="jxr_linenumber" name="L371" href="#L371">371</a> }
|
||||
<a class="jxr_linenumber" name="L372" href="#L372">372</a> }
|
||||
<a class="jxr_linenumber" name="L373" href="#L373">373</a> }
|
||||
<a class="jxr_linenumber" name="L374" href="#L374">374</a> }
|
||||
<a class="jxr_linenumber" name="L375" href="#L375">375</a> }
|
||||
<a class="jxr_linenumber" name="L376" href="#L376">376</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
|
||||
<a class="jxr_linenumber" name="L377" href="#L377">377</a> <strong class="jxr_keyword">final</strong> List<Analyzer> analyzerList = analyzers.get(phase);
|
||||
<a class="jxr_linenumber" name="L378" href="#L378">378</a>
|
||||
<a class="jxr_linenumber" name="L379" href="#L379">379</a> <strong class="jxr_keyword">for</strong> (Analyzer a : analyzerList) {
|
||||
<a class="jxr_linenumber" name="L380" href="#L380">380</a> closeAnalyzer(a);
|
||||
<a class="jxr_linenumber" name="L381" href="#L381">381</a> }
|
||||
<a class="jxr_linenumber" name="L382" href="#L382">382</a> }
|
||||
<a class="jxr_linenumber" name="L383" href="#L383">383</a>
|
||||
<a class="jxr_linenumber" name="L384" href="#L384">384</a> <strong class="jxr_keyword">final</strong> String logFooter = String.format(<span class="jxr_string">"%n"</span>
|
||||
<a class="jxr_linenumber" name="L385" href="#L385">385</a> + <span class="jxr_string">"----------------------------------------------------%n"</span>
|
||||
<a class="jxr_linenumber" name="L386" href="#L386">386</a> + <span class="jxr_string">"END ANALYSIS%n"</span>
|
||||
<a class="jxr_linenumber" name="L387" href="#L387">387</a> + <span class="jxr_string">"----------------------------------------------------"</span>);
|
||||
<a class="jxr_linenumber" name="L388" href="#L388">388</a> LOGGER.log(Level.FINE, logFooter);
|
||||
<a class="jxr_linenumber" name="L389" href="#L389">389</a> LOGGER.log(Level.INFO, <span class="jxr_string">"Analysis Complete"</span>);
|
||||
<a class="jxr_linenumber" name="L390" href="#L390">390</a> }
|
||||
<a class="jxr_linenumber" name="L391" href="#L391">391</a>
|
||||
<a class="jxr_linenumber" name="L392" href="#L392">392</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L393" href="#L393">393</a> <em class="jxr_javadoccomment"> * Initializes the given analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L394" href="#L394">394</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L395" href="#L395">395</a> <em class="jxr_javadoccomment"> * @param analyzer the analyzer to initialize</em>
|
||||
<a class="jxr_linenumber" name="L396" href="#L396">396</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L397" href="#L397">397</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> initializeAnalyzer(<a href="../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> analyzer) {
|
||||
<a class="jxr_linenumber" name="L398" href="#L398">398</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L399" href="#L399">399</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Initializing %s"</span>, analyzer.getName());
|
||||
<a class="jxr_linenumber" name="L400" href="#L400">400</a> LOGGER.log(Level.FINE, msg);
|
||||
<a class="jxr_linenumber" name="L401" href="#L401">401</a> analyzer.initialize();
|
||||
<a class="jxr_linenumber" name="L402" href="#L402">402</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L403" href="#L403">403</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Exception occurred initializing %s."</span>, analyzer.getName());
|
||||
<a class="jxr_linenumber" name="L404" href="#L404">404</a> LOGGER.log(Level.SEVERE, msg);
|
||||
<a class="jxr_linenumber" name="L405" href="#L405">405</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L406" href="#L406">406</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L407" href="#L407">407</a> analyzer.close();
|
||||
<a class="jxr_linenumber" name="L408" href="#L408">408</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex1) {
|
||||
<a class="jxr_linenumber" name="L409" href="#L409">409</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex1);
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <strong class="jxr_keyword">public</strong> List<Dependency> scan(File file) {
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <strong class="jxr_keyword">if</strong> (file.exists()) {
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <strong class="jxr_keyword">if</strong> (file.isDirectory()) {
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <strong class="jxr_keyword">return</strong> scanDirectory(file);
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> d = scanFile(file);
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <strong class="jxr_keyword">if</strong> (d != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <strong class="jxr_keyword">final</strong> List<Dependency> deps = <strong class="jxr_keyword">new</strong> ArrayList<Dependency>();
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> deps.add(d);
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <strong class="jxr_keyword">return</strong> deps;
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> }
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> }
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> }
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> }
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a>
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <em class="jxr_javadoccomment"> * Recursively scans files and directories. Any dependencies identified are added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <em class="jxr_javadoccomment"> * @param dir the directory to scan</em>
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <em class="jxr_javadoccomment"> * @return the list of Dependency objects scanned</em>
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <strong class="jxr_keyword">protected</strong> List<Dependency> scanDirectory(File dir) {
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <strong class="jxr_keyword">final</strong> File[] files = dir.listFiles();
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <strong class="jxr_keyword">final</strong> List<Dependency> deps = <strong class="jxr_keyword">new</strong> ArrayList<Dependency>();
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <strong class="jxr_keyword">if</strong> (files != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <strong class="jxr_keyword">for</strong> (File f : files) {
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <strong class="jxr_keyword">if</strong> (f.isDirectory()) {
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <strong class="jxr_keyword">final</strong> List<Dependency> d = scanDirectory(f);
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <strong class="jxr_keyword">if</strong> (d != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> deps.addAll(d);
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> }
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> d = scanFile(f);
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> deps.add(d);
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> }
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> }
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> }
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <strong class="jxr_keyword">return</strong> deps;
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> }
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a>
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <em class="jxr_javadoccomment"> * Scans a specified file. If a dependency is identified it is added to the dependency collection.</em>
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> <em class="jxr_javadoccomment"> * @param file The file to scan</em>
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> <em class="jxr_javadoccomment"> * @return the scanned dependency</em>
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <strong class="jxr_keyword">protected</strong> <a href="../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> scanFile(File file) {
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <strong class="jxr_keyword">if</strong> (!file.isFile()) {
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Path passed to scanFile(File) is not a file: %s. Skipping the file."</span>, file.toString());
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> LOGGER.log(Level.FINE, msg);
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> }
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <strong class="jxr_keyword">final</strong> String fileName = file.getName();
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> <strong class="jxr_keyword">final</strong> String extension = FileUtils.getFileExtension(fileName);
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> <a href="../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> <strong class="jxr_keyword">if</strong> (extension != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> <strong class="jxr_keyword">if</strong> (supportsExtension(extension)) {
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a> dependency = <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(file);
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a> dependencies.add(dependency);
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> }
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"No file extension found on file '%s'. The file was not analyzed."</span>, file.toString());
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> LOGGER.log(Level.FINEST, msg);
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> }
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a> <strong class="jxr_keyword">return</strong> dependency;
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> }
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a>
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a> <em class="jxr_javadoccomment"> * Runs the analyzers against all of the dependencies.</em>
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyzeDependencies() {
|
||||
<a class="jxr_linenumber" name="L342" href="#L342">342</a> <em class="jxr_comment">//need to ensure that data exists</em>
|
||||
<a class="jxr_linenumber" name="L343" href="#L343">343</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L344" href="#L344">344</a> ensureDataExists();
|
||||
<a class="jxr_linenumber" name="L345" href="#L345">345</a> } <strong class="jxr_keyword">catch</strong> (NoDataException ex) {
|
||||
<a class="jxr_linenumber" name="L346" href="#L346">346</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%s%n%nUnable to continue dependency-check analysis."</span>, ex.getMessage());
|
||||
<a class="jxr_linenumber" name="L347" href="#L347">347</a> LOGGER.log(Level.SEVERE, msg);
|
||||
<a class="jxr_linenumber" name="L348" href="#L348">348</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L349" href="#L349">349</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L350" href="#L350">350</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
||||
<a class="jxr_linenumber" name="L351" href="#L351">351</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%s%n%nUnable to continue dependency-check analysis."</span>, ex.getMessage());
|
||||
<a class="jxr_linenumber" name="L352" href="#L352">352</a> LOGGER.log(Level.SEVERE, msg);
|
||||
<a class="jxr_linenumber" name="L353" href="#L353">353</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L355" href="#L355">355</a>
|
||||
<a class="jxr_linenumber" name="L356" href="#L356">356</a> }
|
||||
<a class="jxr_linenumber" name="L357" href="#L357">357</a>
|
||||
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <strong class="jxr_keyword">final</strong> String logHeader = String.format(<span class="jxr_string">"%n"</span>
|
||||
<a class="jxr_linenumber" name="L359" href="#L359">359</a> + <span class="jxr_string">"----------------------------------------------------%n"</span>
|
||||
<a class="jxr_linenumber" name="L360" href="#L360">360</a> + <span class="jxr_string">"BEGIN ANALYSIS%n"</span>
|
||||
<a class="jxr_linenumber" name="L361" href="#L361">361</a> + <span class="jxr_string">"----------------------------------------------------"</span>);
|
||||
<a class="jxr_linenumber" name="L362" href="#L362">362</a> LOGGER.log(Level.FINE, logHeader);
|
||||
<a class="jxr_linenumber" name="L363" href="#L363">363</a> LOGGER.log(Level.INFO, <span class="jxr_string">"Analysis Starting"</span>);
|
||||
<a class="jxr_linenumber" name="L364" href="#L364">364</a>
|
||||
<a class="jxr_linenumber" name="L365" href="#L365">365</a> <em class="jxr_comment">// analysis phases</em>
|
||||
<a class="jxr_linenumber" name="L366" href="#L366">366</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
|
||||
<a class="jxr_linenumber" name="L367" href="#L367">367</a> <strong class="jxr_keyword">final</strong> List<Analyzer> analyzerList = analyzers.get(phase);
|
||||
<a class="jxr_linenumber" name="L368" href="#L368">368</a>
|
||||
<a class="jxr_linenumber" name="L369" href="#L369">369</a> <strong class="jxr_keyword">for</strong> (Analyzer a : analyzerList) {
|
||||
<a class="jxr_linenumber" name="L370" href="#L370">370</a> initializeAnalyzer(a);
|
||||
<a class="jxr_linenumber" name="L371" href="#L371">371</a>
|
||||
<a class="jxr_linenumber" name="L372" href="#L372">372</a> <em class="jxr_comment">/* need to create a copy of the collection because some of the</em>
|
||||
<a class="jxr_linenumber" name="L373" href="#L373">373</a> <em class="jxr_comment"> * analyzers may modify it. This prevents ConcurrentModificationExceptions.</em>
|
||||
<a class="jxr_linenumber" name="L374" href="#L374">374</a> <em class="jxr_comment"> * This is okay for adds/deletes because it happens per analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L375" href="#L375">375</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L376" href="#L376">376</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Begin Analyzer '%s'"</span>, a.getName());
|
||||
<a class="jxr_linenumber" name="L377" href="#L377">377</a> LOGGER.log(Level.FINE, msg);
|
||||
<a class="jxr_linenumber" name="L378" href="#L378">378</a> <strong class="jxr_keyword">final</strong> Set<Dependency> dependencySet = <strong class="jxr_keyword">new</strong> HashSet<Dependency>();
|
||||
<a class="jxr_linenumber" name="L379" href="#L379">379</a> dependencySet.addAll(dependencies);
|
||||
<a class="jxr_linenumber" name="L380" href="#L380">380</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencySet) {
|
||||
<a class="jxr_linenumber" name="L381" href="#L381">381</a> <strong class="jxr_keyword">boolean</strong> shouldAnalyze = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L382" href="#L382">382</a> <strong class="jxr_keyword">if</strong> (a instanceof FileTypeAnalyzer) {
|
||||
<a class="jxr_linenumber" name="L383" href="#L383">383</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/analyzer/FileTypeAnalyzer.html">FileTypeAnalyzer</a> fAnalyzer = (FileTypeAnalyzer) a;
|
||||
<a class="jxr_linenumber" name="L384" href="#L384">384</a> shouldAnalyze = fAnalyzer.supportsExtension(d.getFileExtension());
|
||||
<a class="jxr_linenumber" name="L385" href="#L385">385</a> }
|
||||
<a class="jxr_linenumber" name="L386" href="#L386">386</a> <strong class="jxr_keyword">if</strong> (shouldAnalyze) {
|
||||
<a class="jxr_linenumber" name="L387" href="#L387">387</a> <strong class="jxr_keyword">final</strong> String msgFile = String.format(<span class="jxr_string">"Begin Analysis of '%s'"</span>, d.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L388" href="#L388">388</a> LOGGER.log(Level.FINE, msgFile);
|
||||
<a class="jxr_linenumber" name="L389" href="#L389">389</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L390" href="#L390">390</a> a.analyze(d, <strong class="jxr_keyword">this</strong>);
|
||||
<a class="jxr_linenumber" name="L391" href="#L391">391</a> } <strong class="jxr_keyword">catch</strong> (AnalysisException ex) {
|
||||
<a class="jxr_linenumber" name="L392" href="#L392">392</a> <strong class="jxr_keyword">final</strong> String exMsg = String.format(<span class="jxr_string">"An error occurred while analyzing '%s'."</span>, d.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L393" href="#L393">393</a> LOGGER.log(Level.WARNING, exMsg);
|
||||
<a class="jxr_linenumber" name="L394" href="#L394">394</a> LOGGER.log(Level.FINE, <span class="jxr_string">""</span>, ex);
|
||||
<a class="jxr_linenumber" name="L395" href="#L395">395</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L396" href="#L396">396</a> <strong class="jxr_keyword">final</strong> String axMsg = String.format(<span class="jxr_string">"An unexpected error occurred during analysis of '%s'"</span>, d.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L397" href="#L397">397</a> <em class="jxr_comment">//final AnalysisException ax = new AnalysisException(axMsg, ex);</em>
|
||||
<a class="jxr_linenumber" name="L398" href="#L398">398</a> LOGGER.log(Level.WARNING, axMsg);
|
||||
<a class="jxr_linenumber" name="L399" href="#L399">399</a> LOGGER.log(Level.FINE, <span class="jxr_string">""</span>, ex);
|
||||
<a class="jxr_linenumber" name="L400" href="#L400">400</a> }
|
||||
<a class="jxr_linenumber" name="L401" href="#L401">401</a> }
|
||||
<a class="jxr_linenumber" name="L402" href="#L402">402</a> }
|
||||
<a class="jxr_linenumber" name="L403" href="#L403">403</a> }
|
||||
<a class="jxr_linenumber" name="L404" href="#L404">404</a> }
|
||||
<a class="jxr_linenumber" name="L405" href="#L405">405</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
|
||||
<a class="jxr_linenumber" name="L406" href="#L406">406</a> <strong class="jxr_keyword">final</strong> List<Analyzer> analyzerList = analyzers.get(phase);
|
||||
<a class="jxr_linenumber" name="L407" href="#L407">407</a>
|
||||
<a class="jxr_linenumber" name="L408" href="#L408">408</a> <strong class="jxr_keyword">for</strong> (Analyzer a : analyzerList) {
|
||||
<a class="jxr_linenumber" name="L409" href="#L409">409</a> closeAnalyzer(a);
|
||||
<a class="jxr_linenumber" name="L410" href="#L410">410</a> }
|
||||
<a class="jxr_linenumber" name="L411" href="#L411">411</a> }
|
||||
<a class="jxr_linenumber" name="L412" href="#L412">412</a> }
|
||||
<a class="jxr_linenumber" name="L413" href="#L413">413</a>
|
||||
<a class="jxr_linenumber" name="L414" href="#L414">414</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L415" href="#L415">415</a> <em class="jxr_javadoccomment"> * Closes the given analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L416" href="#L416">416</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L417" href="#L417">417</a> <em class="jxr_javadoccomment"> * @param analyzer the analyzer to close</em>
|
||||
<a class="jxr_linenumber" name="L418" href="#L418">418</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L419" href="#L419">419</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> closeAnalyzer(<a href="../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> analyzer) {
|
||||
<a class="jxr_linenumber" name="L420" href="#L420">420</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Closing Analyzer '%s'"</span>, analyzer.getName());
|
||||
<a class="jxr_linenumber" name="L421" href="#L421">421</a> LOGGER.log(Level.FINE, msg);
|
||||
<a class="jxr_linenumber" name="L422" href="#L422">422</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L423" href="#L423">423</a> analyzer.close();
|
||||
<a class="jxr_linenumber" name="L424" href="#L424">424</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L425" href="#L425">425</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L426" href="#L426">426</a> }
|
||||
<a class="jxr_linenumber" name="L427" href="#L427">427</a> }
|
||||
<a class="jxr_linenumber" name="L428" href="#L428">428</a>
|
||||
<a class="jxr_linenumber" name="L429" href="#L429">429</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L430" href="#L430">430</a> <em class="jxr_javadoccomment"> * Cycles through the cached web data sources and calls update on all of them.</em>
|
||||
<a class="jxr_linenumber" name="L431" href="#L431">431</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L432" href="#L432">432</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> doUpdates() {
|
||||
<a class="jxr_linenumber" name="L433" href="#L433">433</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/data/update/UpdateService.html">UpdateService</a> service = <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/data/update/UpdateService.html">UpdateService</a>(serviceClassLoader);
|
||||
<a class="jxr_linenumber" name="L434" href="#L434">434</a> <strong class="jxr_keyword">final</strong> Iterator<CachedWebDataSource> iterator = service.getDataSources();
|
||||
<a class="jxr_linenumber" name="L435" href="#L435">435</a> <strong class="jxr_keyword">while</strong> (iterator.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L436" href="#L436">436</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/data/update/CachedWebDataSource.html">CachedWebDataSource</a> source = iterator.next();
|
||||
<a class="jxr_linenumber" name="L437" href="#L437">437</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L438" href="#L438">438</a> source.update();
|
||||
<a class="jxr_linenumber" name="L439" href="#L439">439</a> } <strong class="jxr_keyword">catch</strong> (UpdateException ex) {
|
||||
<a class="jxr_linenumber" name="L440" href="#L440">440</a> LOGGER.log(Level.WARNING,
|
||||
<a class="jxr_linenumber" name="L441" href="#L441">441</a> <span class="jxr_string">"Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities."</span>);
|
||||
<a class="jxr_linenumber" name="L442" href="#L442">442</a> LOGGER.log(Level.FINE,
|
||||
<a class="jxr_linenumber" name="L443" href="#L443">443</a> String.format(<span class="jxr_string">"Unable to update details for %s"</span>, source.getClass().getName()), ex);
|
||||
<a class="jxr_linenumber" name="L444" href="#L444">444</a> }
|
||||
<a class="jxr_linenumber" name="L445" href="#L445">445</a> }
|
||||
<a class="jxr_linenumber" name="L446" href="#L446">446</a> }
|
||||
<a class="jxr_linenumber" name="L447" href="#L447">447</a>
|
||||
<a class="jxr_linenumber" name="L448" href="#L448">448</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L449" href="#L449">449</a> <em class="jxr_javadoccomment"> * Returns a full list of all of the analyzers. This is useful for reporting which analyzers where used.</em>
|
||||
<a class="jxr_linenumber" name="L450" href="#L450">450</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L451" href="#L451">451</a> <em class="jxr_javadoccomment"> * @return a list of Analyzers</em>
|
||||
<a class="jxr_linenumber" name="L452" href="#L452">452</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L453" href="#L453">453</a> <strong class="jxr_keyword">public</strong> List<Analyzer> getAnalyzers() {
|
||||
<a class="jxr_linenumber" name="L454" href="#L454">454</a> <strong class="jxr_keyword">final</strong> List<Analyzer> ret = <strong class="jxr_keyword">new</strong> ArrayList<Analyzer>();
|
||||
<a class="jxr_linenumber" name="L455" href="#L455">455</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
|
||||
<a class="jxr_linenumber" name="L456" href="#L456">456</a> <strong class="jxr_keyword">final</strong> List<Analyzer> analyzerList = analyzers.get(phase);
|
||||
<a class="jxr_linenumber" name="L457" href="#L457">457</a> ret.addAll(analyzerList);
|
||||
<a class="jxr_linenumber" name="L458" href="#L458">458</a> }
|
||||
<a class="jxr_linenumber" name="L459" href="#L459">459</a> <strong class="jxr_keyword">return</strong> ret;
|
||||
<a class="jxr_linenumber" name="L460" href="#L460">460</a> }
|
||||
<a class="jxr_linenumber" name="L461" href="#L461">461</a>
|
||||
<a class="jxr_linenumber" name="L462" href="#L462">462</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L463" href="#L463">463</a> <em class="jxr_javadoccomment"> * Checks all analyzers to see if an extension is supported.</em>
|
||||
<a class="jxr_linenumber" name="L464" href="#L464">464</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L465" href="#L465">465</a> <em class="jxr_javadoccomment"> * @param ext a file extension</em>
|
||||
<a class="jxr_linenumber" name="L466" href="#L466">466</a> <em class="jxr_javadoccomment"> * @return true or false depending on whether or not the file extension is supported</em>
|
||||
<a class="jxr_linenumber" name="L467" href="#L467">467</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L468" href="#L468">468</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> supportsExtension(String ext) {
|
||||
<a class="jxr_linenumber" name="L469" href="#L469">469</a> <strong class="jxr_keyword">if</strong> (ext == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L470" href="#L470">470</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L471" href="#L471">471</a> }
|
||||
<a class="jxr_linenumber" name="L472" href="#L472">472</a> <strong class="jxr_keyword">boolean</strong> scan = false;
|
||||
<a class="jxr_linenumber" name="L473" href="#L473">473</a> <strong class="jxr_keyword">for</strong> (FileTypeAnalyzer a : <strong class="jxr_keyword">this</strong>.fileTypeAnalyzers) {
|
||||
<a class="jxr_linenumber" name="L474" href="#L474">474</a> <em class="jxr_comment">/* note, we can't break early on this loop as the analyzers need to know if</em>
|
||||
<a class="jxr_linenumber" name="L475" href="#L475">475</a> <em class="jxr_comment"> they have files to work on prior to initialization */</em>
|
||||
<a class="jxr_linenumber" name="L476" href="#L476">476</a> scan |= a.supportsExtension(ext);
|
||||
<a class="jxr_linenumber" name="L477" href="#L477">477</a> }
|
||||
<a class="jxr_linenumber" name="L478" href="#L478">478</a> <strong class="jxr_keyword">return</strong> scan;
|
||||
<a class="jxr_linenumber" name="L479" href="#L479">479</a> }
|
||||
<a class="jxr_linenumber" name="L480" href="#L480">480</a>
|
||||
<a class="jxr_linenumber" name="L481" href="#L481">481</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L482" href="#L482">482</a> <em class="jxr_javadoccomment"> * Checks the CPE Index to ensure documents exists. If none exist a NoDataException is thrown.</em>
|
||||
<a class="jxr_linenumber" name="L483" href="#L483">483</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L484" href="#L484">484</a> <em class="jxr_javadoccomment"> * @throws NoDataException thrown if no data exists in the CPE Index</em>
|
||||
<a class="jxr_linenumber" name="L485" href="#L485">485</a> <em class="jxr_javadoccomment"> * @throws DatabaseException thrown if there is an exception opening the database</em>
|
||||
<a class="jxr_linenumber" name="L486" href="#L486">486</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L487" href="#L487">487</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> ensureDataExists() <strong class="jxr_keyword">throws</strong> NoDataException, DatabaseException {
|
||||
<a class="jxr_linenumber" name="L488" href="#L488">488</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.html">CpeMemoryIndex</a> cpe = CpeMemoryIndex.getInstance();
|
||||
<a class="jxr_linenumber" name="L489" href="#L489">489</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a> cve = <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a>();
|
||||
<a class="jxr_linenumber" name="L490" href="#L490">490</a>
|
||||
<a class="jxr_linenumber" name="L491" href="#L491">491</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L492" href="#L492">492</a> cve.open();
|
||||
<a class="jxr_linenumber" name="L493" href="#L493">493</a> cpe.open(cve);
|
||||
<a class="jxr_linenumber" name="L494" href="#L494">494</a> } <strong class="jxr_keyword">catch</strong> (IndexException ex) {
|
||||
<a class="jxr_linenumber" name="L495" href="#L495">495</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/exception/NoDataException.html">NoDataException</a>(ex.getMessage(), ex);
|
||||
<a class="jxr_linenumber" name="L496" href="#L496">496</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
||||
<a class="jxr_linenumber" name="L497" href="#L497">497</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/exception/NoDataException.html">NoDataException</a>(ex.getMessage(), ex);
|
||||
<a class="jxr_linenumber" name="L498" href="#L498">498</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L499" href="#L499">499</a> cve.close();
|
||||
<a class="jxr_linenumber" name="L500" href="#L500">500</a> }
|
||||
<a class="jxr_linenumber" name="L501" href="#L501">501</a> <strong class="jxr_keyword">if</strong> (cpe.numDocs() <= 0) {
|
||||
<a class="jxr_linenumber" name="L502" href="#L502">502</a> cpe.close();
|
||||
<a class="jxr_linenumber" name="L503" href="#L503">503</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/exception/NoDataException.html">NoDataException</a>(<span class="jxr_string">"No documents exist"</span>);
|
||||
<a class="jxr_linenumber" name="L504" href="#L504">504</a> }
|
||||
<a class="jxr_linenumber" name="L505" href="#L505">505</a> }
|
||||
<a class="jxr_linenumber" name="L506" href="#L506">506</a> }
|
||||
<a class="jxr_linenumber" name="L412" href="#L412">412</a>
|
||||
<a class="jxr_linenumber" name="L413" href="#L413">413</a> <strong class="jxr_keyword">final</strong> String logFooter = String.format(<span class="jxr_string">"%n"</span>
|
||||
<a class="jxr_linenumber" name="L414" href="#L414">414</a> + <span class="jxr_string">"----------------------------------------------------%n"</span>
|
||||
<a class="jxr_linenumber" name="L415" href="#L415">415</a> + <span class="jxr_string">"END ANALYSIS%n"</span>
|
||||
<a class="jxr_linenumber" name="L416" href="#L416">416</a> + <span class="jxr_string">"----------------------------------------------------"</span>);
|
||||
<a class="jxr_linenumber" name="L417" href="#L417">417</a> LOGGER.log(Level.FINE, logFooter);
|
||||
<a class="jxr_linenumber" name="L418" href="#L418">418</a> LOGGER.log(Level.INFO, <span class="jxr_string">"Analysis Complete"</span>);
|
||||
<a class="jxr_linenumber" name="L419" href="#L419">419</a> }
|
||||
<a class="jxr_linenumber" name="L420" href="#L420">420</a>
|
||||
<a class="jxr_linenumber" name="L421" href="#L421">421</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L422" href="#L422">422</a> <em class="jxr_javadoccomment"> * Initializes the given analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L423" href="#L423">423</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L424" href="#L424">424</a> <em class="jxr_javadoccomment"> * @param analyzer the analyzer to initialize</em>
|
||||
<a class="jxr_linenumber" name="L425" href="#L425">425</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L426" href="#L426">426</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> initializeAnalyzer(<a href="../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> analyzer) {
|
||||
<a class="jxr_linenumber" name="L427" href="#L427">427</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L428" href="#L428">428</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Initializing %s"</span>, analyzer.getName());
|
||||
<a class="jxr_linenumber" name="L429" href="#L429">429</a> LOGGER.log(Level.FINE, msg);
|
||||
<a class="jxr_linenumber" name="L430" href="#L430">430</a> analyzer.initialize();
|
||||
<a class="jxr_linenumber" name="L431" href="#L431">431</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L432" href="#L432">432</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Exception occurred initializing %s."</span>, analyzer.getName());
|
||||
<a class="jxr_linenumber" name="L433" href="#L433">433</a> LOGGER.log(Level.SEVERE, msg);
|
||||
<a class="jxr_linenumber" name="L434" href="#L434">434</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L435" href="#L435">435</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L436" href="#L436">436</a> analyzer.close();
|
||||
<a class="jxr_linenumber" name="L437" href="#L437">437</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex1) {
|
||||
<a class="jxr_linenumber" name="L438" href="#L438">438</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex1);
|
||||
<a class="jxr_linenumber" name="L439" href="#L439">439</a> }
|
||||
<a class="jxr_linenumber" name="L440" href="#L440">440</a> }
|
||||
<a class="jxr_linenumber" name="L441" href="#L441">441</a> }
|
||||
<a class="jxr_linenumber" name="L442" href="#L442">442</a>
|
||||
<a class="jxr_linenumber" name="L443" href="#L443">443</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L444" href="#L444">444</a> <em class="jxr_javadoccomment"> * Closes the given analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L445" href="#L445">445</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L446" href="#L446">446</a> <em class="jxr_javadoccomment"> * @param analyzer the analyzer to close</em>
|
||||
<a class="jxr_linenumber" name="L447" href="#L447">447</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L448" href="#L448">448</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> closeAnalyzer(<a href="../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> analyzer) {
|
||||
<a class="jxr_linenumber" name="L449" href="#L449">449</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Closing Analyzer '%s'"</span>, analyzer.getName());
|
||||
<a class="jxr_linenumber" name="L450" href="#L450">450</a> LOGGER.log(Level.FINE, msg);
|
||||
<a class="jxr_linenumber" name="L451" href="#L451">451</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L452" href="#L452">452</a> analyzer.close();
|
||||
<a class="jxr_linenumber" name="L453" href="#L453">453</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L454" href="#L454">454</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L455" href="#L455">455</a> }
|
||||
<a class="jxr_linenumber" name="L456" href="#L456">456</a> }
|
||||
<a class="jxr_linenumber" name="L457" href="#L457">457</a>
|
||||
<a class="jxr_linenumber" name="L458" href="#L458">458</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L459" href="#L459">459</a> <em class="jxr_javadoccomment"> * Cycles through the cached web data sources and calls update on all of them.</em>
|
||||
<a class="jxr_linenumber" name="L460" href="#L460">460</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L461" href="#L461">461</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> doUpdates() {
|
||||
<a class="jxr_linenumber" name="L462" href="#L462">462</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/data/update/UpdateService.html">UpdateService</a> service = <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/data/update/UpdateService.html">UpdateService</a>(serviceClassLoader);
|
||||
<a class="jxr_linenumber" name="L463" href="#L463">463</a> <strong class="jxr_keyword">final</strong> Iterator<CachedWebDataSource> iterator = service.getDataSources();
|
||||
<a class="jxr_linenumber" name="L464" href="#L464">464</a> <strong class="jxr_keyword">while</strong> (iterator.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L465" href="#L465">465</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/data/update/CachedWebDataSource.html">CachedWebDataSource</a> source = iterator.next();
|
||||
<a class="jxr_linenumber" name="L466" href="#L466">466</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L467" href="#L467">467</a> source.update();
|
||||
<a class="jxr_linenumber" name="L468" href="#L468">468</a> } <strong class="jxr_keyword">catch</strong> (UpdateException ex) {
|
||||
<a class="jxr_linenumber" name="L469" href="#L469">469</a> LOGGER.log(Level.WARNING,
|
||||
<a class="jxr_linenumber" name="L470" href="#L470">470</a> <span class="jxr_string">"Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities."</span>);
|
||||
<a class="jxr_linenumber" name="L471" href="#L471">471</a> LOGGER.log(Level.FINE, String.format(<span class="jxr_string">"Unable to update details for %s"</span>, source.getClass().getName()), ex);
|
||||
<a class="jxr_linenumber" name="L472" href="#L472">472</a> }
|
||||
<a class="jxr_linenumber" name="L473" href="#L473">473</a> }
|
||||
<a class="jxr_linenumber" name="L474" href="#L474">474</a> }
|
||||
<a class="jxr_linenumber" name="L475" href="#L475">475</a>
|
||||
<a class="jxr_linenumber" name="L476" href="#L476">476</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L477" href="#L477">477</a> <em class="jxr_javadoccomment"> * Returns a full list of all of the analyzers. This is useful for reporting which analyzers where used.</em>
|
||||
<a class="jxr_linenumber" name="L478" href="#L478">478</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L479" href="#L479">479</a> <em class="jxr_javadoccomment"> * @return a list of Analyzers</em>
|
||||
<a class="jxr_linenumber" name="L480" href="#L480">480</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L481" href="#L481">481</a> <strong class="jxr_keyword">public</strong> List<Analyzer> getAnalyzers() {
|
||||
<a class="jxr_linenumber" name="L482" href="#L482">482</a> <strong class="jxr_keyword">final</strong> List<Analyzer> ret = <strong class="jxr_keyword">new</strong> ArrayList<Analyzer>();
|
||||
<a class="jxr_linenumber" name="L483" href="#L483">483</a> <strong class="jxr_keyword">for</strong> (AnalysisPhase phase : AnalysisPhase.values()) {
|
||||
<a class="jxr_linenumber" name="L484" href="#L484">484</a> <strong class="jxr_keyword">final</strong> List<Analyzer> analyzerList = analyzers.get(phase);
|
||||
<a class="jxr_linenumber" name="L485" href="#L485">485</a> ret.addAll(analyzerList);
|
||||
<a class="jxr_linenumber" name="L486" href="#L486">486</a> }
|
||||
<a class="jxr_linenumber" name="L487" href="#L487">487</a> <strong class="jxr_keyword">return</strong> ret;
|
||||
<a class="jxr_linenumber" name="L488" href="#L488">488</a> }
|
||||
<a class="jxr_linenumber" name="L489" href="#L489">489</a>
|
||||
<a class="jxr_linenumber" name="L490" href="#L490">490</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L491" href="#L491">491</a> <em class="jxr_javadoccomment"> * Checks all analyzers to see if an extension is supported.</em>
|
||||
<a class="jxr_linenumber" name="L492" href="#L492">492</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L493" href="#L493">493</a> <em class="jxr_javadoccomment"> * @param ext a file extension</em>
|
||||
<a class="jxr_linenumber" name="L494" href="#L494">494</a> <em class="jxr_javadoccomment"> * @return true or false depending on whether or not the file extension is supported</em>
|
||||
<a class="jxr_linenumber" name="L495" href="#L495">495</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L496" href="#L496">496</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> supportsExtension(String ext) {
|
||||
<a class="jxr_linenumber" name="L497" href="#L497">497</a> <strong class="jxr_keyword">if</strong> (ext == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L498" href="#L498">498</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L499" href="#L499">499</a> }
|
||||
<a class="jxr_linenumber" name="L500" href="#L500">500</a> <strong class="jxr_keyword">boolean</strong> scan = false;
|
||||
<a class="jxr_linenumber" name="L501" href="#L501">501</a> <strong class="jxr_keyword">for</strong> (FileTypeAnalyzer a : <strong class="jxr_keyword">this</strong>.fileTypeAnalyzers) {
|
||||
<a class="jxr_linenumber" name="L502" href="#L502">502</a> <em class="jxr_comment">/* note, we can't break early on this loop as the analyzers need to know if</em>
|
||||
<a class="jxr_linenumber" name="L503" href="#L503">503</a> <em class="jxr_comment"> they have files to work on prior to initialization */</em>
|
||||
<a class="jxr_linenumber" name="L504" href="#L504">504</a> scan |= a.supportsExtension(ext);
|
||||
<a class="jxr_linenumber" name="L505" href="#L505">505</a> }
|
||||
<a class="jxr_linenumber" name="L506" href="#L506">506</a> <strong class="jxr_keyword">return</strong> scan;
|
||||
<a class="jxr_linenumber" name="L507" href="#L507">507</a> }
|
||||
<a class="jxr_linenumber" name="L508" href="#L508">508</a>
|
||||
<a class="jxr_linenumber" name="L509" href="#L509">509</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L510" href="#L510">510</a> <em class="jxr_javadoccomment"> * Checks the CPE Index to ensure documents exists. If none exist a NoDataException is thrown.</em>
|
||||
<a class="jxr_linenumber" name="L511" href="#L511">511</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L512" href="#L512">512</a> <em class="jxr_javadoccomment"> * @throws NoDataException thrown if no data exists in the CPE Index</em>
|
||||
<a class="jxr_linenumber" name="L513" href="#L513">513</a> <em class="jxr_javadoccomment"> * @throws DatabaseException thrown if there is an exception opening the database</em>
|
||||
<a class="jxr_linenumber" name="L514" href="#L514">514</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L515" href="#L515">515</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> ensureDataExists() <strong class="jxr_keyword">throws</strong> NoDataException, DatabaseException {
|
||||
<a class="jxr_linenumber" name="L516" href="#L516">516</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.html">CpeMemoryIndex</a> cpe = CpeMemoryIndex.getInstance();
|
||||
<a class="jxr_linenumber" name="L517" href="#L517">517</a> <strong class="jxr_keyword">final</strong> <a href="../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a> cve = <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a>();
|
||||
<a class="jxr_linenumber" name="L518" href="#L518">518</a>
|
||||
<a class="jxr_linenumber" name="L519" href="#L519">519</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L520" href="#L520">520</a> cve.open();
|
||||
<a class="jxr_linenumber" name="L521" href="#L521">521</a> cpe.open(cve);
|
||||
<a class="jxr_linenumber" name="L522" href="#L522">522</a> } <strong class="jxr_keyword">catch</strong> (IndexException ex) {
|
||||
<a class="jxr_linenumber" name="L523" href="#L523">523</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/exception/NoDataException.html">NoDataException</a>(ex.getMessage(), ex);
|
||||
<a class="jxr_linenumber" name="L524" href="#L524">524</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
||||
<a class="jxr_linenumber" name="L525" href="#L525">525</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/exception/NoDataException.html">NoDataException</a>(ex.getMessage(), ex);
|
||||
<a class="jxr_linenumber" name="L526" href="#L526">526</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L527" href="#L527">527</a> cve.close();
|
||||
<a class="jxr_linenumber" name="L528" href="#L528">528</a> }
|
||||
<a class="jxr_linenumber" name="L529" href="#L529">529</a> <strong class="jxr_keyword">if</strong> (cpe.numDocs() <= 0) {
|
||||
<a class="jxr_linenumber" name="L530" href="#L530">530</a> cpe.close();
|
||||
<a class="jxr_linenumber" name="L531" href="#L531">531</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../org/owasp/dependencycheck/exception/NoDataException.html">NoDataException</a>(<span class="jxr_string">"No documents exist"</span>);
|
||||
<a class="jxr_linenumber" name="L532" href="#L532">532</a> }
|
||||
<a class="jxr_linenumber" name="L533" href="#L533">533</a> }
|
||||
<a class="jxr_linenumber" name="L534" href="#L534">534</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.agent</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.agent</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.agent</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.agent</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -118,7 +118,7 @@
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">static</strong> {
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">final</strong> String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">if</strong> (additionalZipExt != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">final</strong> HashSet ext = <strong class="jxr_keyword">new</strong> HashSet<String>(Arrays.asList(additionalZipExt));
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">final</strong> HashSet<String> ext = <strong class="jxr_keyword">new</strong> HashSet<String>(Arrays.asList(additionalZipExt));
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> ZIPPABLES.addAll(ext);
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> }
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> EXTENSIONS.addAll(ZIPPABLES);
|
||||
@@ -194,7 +194,7 @@
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <strong class="jxr_keyword">if</strong> (tempFileLocation != <strong class="jxr_keyword">null</strong> && tempFileLocation.exists()) {
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> LOGGER.log(Level.FINE, <span class="jxr_string">"Attempting to delete temporary files"</span>);
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> success = FileUtils.delete(tempFileLocation);
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <strong class="jxr_keyword">if</strong> (!success && tempFileLocation != <strong class="jxr_keyword">null</strong> & tempFileLocation.exists()) {
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <strong class="jxr_keyword">if</strong> (!success && tempFileLocation != <strong class="jxr_keyword">null</strong> && tempFileLocation.exists() && tempFileLocation.list().length > 0) {
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> LOGGER.log(Level.WARNING, <span class="jxr_string">"Failed to delete some temporary files, see the log for more details"</span>);
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> }
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> }
|
||||
@@ -229,273 +229,272 @@
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">final</strong> String displayPath = String.format(<span class="jxr_string">"%s%s"</span>,
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> dependency.getFilePath(),
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> d.getActualFilePath().substring(tmpDir.getAbsolutePath().length()));
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">final</strong> String displayName = String.format(<span class="jxr_string">"%s%s%s"</span>,
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">final</strong> String displayName = String.format(<span class="jxr_string">"%s: %s"</span>,
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> dependency.getFileName(),
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> File.separator,
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> d.getFileName());
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> d.setFilePath(displayPath);
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> d.setFileName(displayName);
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a>
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <em class="jxr_comment">//TODO - can we get more evidence from the parent? EAR contains module name, etc.</em>
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <em class="jxr_comment">//analyze the dependency (i.e. extract files) if it is a supported type.</em>
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.supportsExtension(d.getFileExtension()) && scanDepth < MAX_SCAN_DEPTH) {
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> scanDepth += 1;
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> analyze(d, engine);
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> scanDepth -= 1;
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> }
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> }
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> }
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.REMOVE_FROM_ANALYSIS.contains(dependency.getFileExtension())) {
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"zip"</span>.equals(dependency.getFileExtension()) && isZipFileActuallyJarFile(dependency)) {
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <strong class="jxr_keyword">final</strong> File tdir = getNextTempDirectory();
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <strong class="jxr_keyword">final</strong> String fileName = dependency.getFileName();
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a>
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> LOGGER.info(String.format(<span class="jxr_string">"The zip file '%s' appears to be a JAR file, making a copy and analyzing it as a JAR."</span>, fileName));
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a>
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <strong class="jxr_keyword">final</strong> File tmpLoc = <strong class="jxr_keyword">new</strong> File(tdir, fileName.substring(0, fileName.length() - 3) + <span class="jxr_string">"jar"</span>);
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> org.apache.commons.io.FileUtils.copyFile(tdir, tmpLoc);
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> dependencies = <strong class="jxr_keyword">new</strong> ArrayList<Dependency>(engine.getDependencies());
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> engine.scan(tmpLoc);
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> newDependencies = engine.getDependencies();
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <strong class="jxr_keyword">if</strong> (dependencies.size() != newDependencies.size()) {
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <em class="jxr_comment">//get the new dependencies</em>
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <strong class="jxr_keyword">final</strong> Set<Dependency> dependencySet = <strong class="jxr_keyword">new</strong> HashSet<Dependency>();
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> dependencySet.addAll(newDependencies);
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> dependencySet.removeAll(dependencies);
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <strong class="jxr_keyword">if</strong> (dependencySet.size() != 1) {
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> LOGGER.info(<span class="jxr_string">"Deep copy of ZIP to JAR file resulted in more then one dependency?"</span>);
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> }
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencySet) {
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> <em class="jxr_comment">//fix the dependency's display name and path</em>
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> d.setFilePath(dependency.getFilePath());
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> d.setDisplayFileName(dependency.getFileName());
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> }
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> }
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to perform deep copy on '%s'"</span>, dependency.getActualFile().getPath());
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> LOGGER.log(Level.FINE, msg, ex);
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> }
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> }
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> engine.getDependencies().remove(dependency);
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> }
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> Collections.sort(engine.getDependencies());
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> }
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a>
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <em class="jxr_javadoccomment"> * Retrieves the next temporary directory to extract an archive too.</em>
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <em class="jxr_javadoccomment"> * @return a directory</em>
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if unable to create temporary directory</em>
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> <strong class="jxr_keyword">private</strong> File getNextTempDirectory() <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> dirCount += 1;
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> <strong class="jxr_keyword">final</strong> File directory = <strong class="jxr_keyword">new</strong> File(tempFileLocation, String.valueOf(dirCount));
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <em class="jxr_comment">//getting an exception for some directories not being able to be created; might be because the directory already exists?</em>
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <strong class="jxr_keyword">if</strong> (directory.exists()) {
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <strong class="jxr_keyword">return</strong> getNextTempDirectory();
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> }
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <strong class="jxr_keyword">if</strong> (!directory.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to create temp directory '%s'."</span>, directory.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> }
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <strong class="jxr_keyword">return</strong> directory;
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> }
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a>
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <em class="jxr_javadoccomment"> * Extracts the contents of an archive into the specified directory.</em>
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <em class="jxr_javadoccomment"> * @param archive an archive file such as a WAR or EAR</em>
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <em class="jxr_javadoccomment"> * @param destination a directory to extract the contents to</em>
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <em class="jxr_javadoccomment"> * @param engine the scanning engine</em>
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if the archive is not found</em>
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractFiles(File archive, File destination, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <strong class="jxr_keyword">if</strong> (archive == <strong class="jxr_keyword">null</strong> || destination == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> }
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a>
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> FileInputStream fis = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> fis = <strong class="jxr_keyword">new</strong> FileInputStream(archive);
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Archive file was not found."</span>, ex);
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> }
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <strong class="jxr_keyword">final</strong> String archiveExt = FileUtils.getFileExtension(archive.getName()).toLowerCase();
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <strong class="jxr_keyword">if</strong> (ZIPPABLES.contains(archiveExt)) {
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> extractArchive(<strong class="jxr_keyword">new</strong> ZipArchiveInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), destination, engine);
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"tar"</span>.equals(archiveExt)) {
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> extractArchive(<strong class="jxr_keyword">new</strong> TarArchiveInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), destination, engine);
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"gz"</span>.equals(archiveExt) || <span class="jxr_string">"tgz"</span>.equals(archiveExt)) {
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> <strong class="jxr_keyword">final</strong> String uncompressedName = GzipUtils.getUncompressedFilename(archive.getName());
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> <strong class="jxr_keyword">final</strong> String uncompressedExt = FileUtils.getFileExtension(uncompressedName).toLowerCase();
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> <strong class="jxr_keyword">if</strong> (engine.supportsExtension(uncompressedExt)) {
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> decompressFile(<strong class="jxr_keyword">new</strong> GzipCompressorInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), <strong class="jxr_keyword">new</strong> File(destination, uncompressedName));
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a> }
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a> }
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> } <strong class="jxr_keyword">catch</strong> (ArchiveExtractionException ex) {
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Exception extracting archive '%s'."</span>, archive.getName());
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> LOGGER.log(Level.WARNING, msg);
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Exception reading archive '%s'."</span>, archive.getName());
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> LOGGER.log(Level.WARNING, msg);
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> fis.close();
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L342" href="#L342">342</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L343" href="#L343">343</a> }
|
||||
<a class="jxr_linenumber" name="L344" href="#L344">344</a> }
|
||||
<a class="jxr_linenumber" name="L345" href="#L345">345</a> }
|
||||
<a class="jxr_linenumber" name="L346" href="#L346">346</a>
|
||||
<a class="jxr_linenumber" name="L347" href="#L347">347</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L348" href="#L348">348</a> <em class="jxr_javadoccomment"> * Extracts files from an archive.</em>
|
||||
<a class="jxr_linenumber" name="L349" href="#L349">349</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L350" href="#L350">350</a> <em class="jxr_javadoccomment"> * @param input the archive to extract files from</em>
|
||||
<a class="jxr_linenumber" name="L351" href="#L351">351</a> <em class="jxr_javadoccomment"> * @param destination the location to write the files too</em>
|
||||
<a class="jxr_linenumber" name="L352" href="#L352">352</a> <em class="jxr_javadoccomment"> * @param engine the dependency-check engine</em>
|
||||
<a class="jxr_linenumber" name="L353" href="#L353">353</a> <em class="jxr_javadoccomment"> * @throws ArchiveExtractionException thrown if there is an exception extracting files from the archive</em>
|
||||
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L355" href="#L355">355</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractArchive(ArchiveInputStream input, File destination, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> ArchiveExtractionException {
|
||||
<a class="jxr_linenumber" name="L356" href="#L356">356</a> ArchiveEntry entry;
|
||||
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <strong class="jxr_keyword">while</strong> ((entry = input.getNextEntry()) != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L359" href="#L359">359</a> <strong class="jxr_keyword">if</strong> (entry.isDirectory()) {
|
||||
<a class="jxr_linenumber" name="L360" href="#L360">360</a> <strong class="jxr_keyword">final</strong> File d = <strong class="jxr_keyword">new</strong> File(destination, entry.getName());
|
||||
<a class="jxr_linenumber" name="L361" href="#L361">361</a> <strong class="jxr_keyword">if</strong> (!d.exists()) {
|
||||
<a class="jxr_linenumber" name="L362" href="#L362">362</a> <strong class="jxr_keyword">if</strong> (!d.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L363" href="#L363">363</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to create directory '%s'."</span>, d.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L364" href="#L364">364</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L365" href="#L365">365</a> }
|
||||
<a class="jxr_linenumber" name="L366" href="#L366">366</a> }
|
||||
<a class="jxr_linenumber" name="L367" href="#L367">367</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L368" href="#L368">368</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(destination, entry.getName());
|
||||
<a class="jxr_linenumber" name="L369" href="#L369">369</a> <strong class="jxr_keyword">final</strong> String ext = FileUtils.getFileExtension(file.getName());
|
||||
<a class="jxr_linenumber" name="L370" href="#L370">370</a> <strong class="jxr_keyword">if</strong> (engine.supportsExtension(ext)) {
|
||||
<a class="jxr_linenumber" name="L371" href="#L371">371</a> BufferedOutputStream bos = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L372" href="#L372">372</a> FileOutputStream fos;
|
||||
<a class="jxr_linenumber" name="L373" href="#L373">373</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L374" href="#L374">374</a> <strong class="jxr_keyword">final</strong> File parent = file.getParentFile();
|
||||
<a class="jxr_linenumber" name="L375" href="#L375">375</a> <strong class="jxr_keyword">if</strong> (!parent.isDirectory()) {
|
||||
<a class="jxr_linenumber" name="L376" href="#L376">376</a> <strong class="jxr_keyword">if</strong> (!parent.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L377" href="#L377">377</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to build directory '%s'."</span>, parent.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L378" href="#L378">378</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L379" href="#L379">379</a> }
|
||||
<a class="jxr_linenumber" name="L380" href="#L380">380</a> }
|
||||
<a class="jxr_linenumber" name="L381" href="#L381">381</a> fos = <strong class="jxr_keyword">new</strong> FileOutputStream(file);
|
||||
<a class="jxr_linenumber" name="L382" href="#L382">382</a> bos = <strong class="jxr_keyword">new</strong> BufferedOutputStream(fos, BUFFER_SIZE);
|
||||
<a class="jxr_linenumber" name="L383" href="#L383">383</a> <strong class="jxr_keyword">int</strong> count;
|
||||
<a class="jxr_linenumber" name="L384" href="#L384">384</a> <strong class="jxr_keyword">final</strong> byte data[] = <strong class="jxr_keyword">new</strong> byte[BUFFER_SIZE];
|
||||
<a class="jxr_linenumber" name="L385" href="#L385">385</a> <strong class="jxr_keyword">while</strong> ((count = input.read(data, 0, BUFFER_SIZE)) != -1) {
|
||||
<a class="jxr_linenumber" name="L386" href="#L386">386</a> bos.write(data, 0, count);
|
||||
<a class="jxr_linenumber" name="L387" href="#L387">387</a> }
|
||||
<a class="jxr_linenumber" name="L388" href="#L388">388</a> bos.flush();
|
||||
<a class="jxr_linenumber" name="L389" href="#L389">389</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
|
||||
<a class="jxr_linenumber" name="L390" href="#L390">390</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L391" href="#L391">391</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to find file '%s'."</span>, file.getName());
|
||||
<a class="jxr_linenumber" name="L392" href="#L392">392</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg, ex);
|
||||
<a class="jxr_linenumber" name="L393" href="#L393">393</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L394" href="#L394">394</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L395" href="#L395">395</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"IO Exception while parsing file '%s'."</span>, file.getName());
|
||||
<a class="jxr_linenumber" name="L396" href="#L396">396</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg, ex);
|
||||
<a class="jxr_linenumber" name="L397" href="#L397">397</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L398" href="#L398">398</a> <strong class="jxr_keyword">if</strong> (bos != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L399" href="#L399">399</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L400" href="#L400">400</a> bos.close();
|
||||
<a class="jxr_linenumber" name="L401" href="#L401">401</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L402" href="#L402">402</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L403" href="#L403">403</a> }
|
||||
<a class="jxr_linenumber" name="L404" href="#L404">404</a> }
|
||||
<a class="jxr_linenumber" name="L405" href="#L405">405</a> }
|
||||
<a class="jxr_linenumber" name="L406" href="#L406">406</a> }
|
||||
<a class="jxr_linenumber" name="L407" href="#L407">407</a> }
|
||||
<a class="jxr_linenumber" name="L408" href="#L408">408</a> }
|
||||
<a class="jxr_linenumber" name="L409" href="#L409">409</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L410" href="#L410">410</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
|
||||
<a class="jxr_linenumber" name="L411" href="#L411">411</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L412" href="#L412">412</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
|
||||
<a class="jxr_linenumber" name="L413" href="#L413">413</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L414" href="#L414">414</a> <strong class="jxr_keyword">if</strong> (input != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L415" href="#L415">415</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L416" href="#L416">416</a> input.close();
|
||||
<a class="jxr_linenumber" name="L417" href="#L417">417</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L418" href="#L418">418</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L419" href="#L419">419</a> }
|
||||
<a class="jxr_linenumber" name="L420" href="#L420">420</a> }
|
||||
<a class="jxr_linenumber" name="L421" href="#L421">421</a> }
|
||||
<a class="jxr_linenumber" name="L422" href="#L422">422</a> }
|
||||
<a class="jxr_linenumber" name="L423" href="#L423">423</a>
|
||||
<a class="jxr_linenumber" name="L424" href="#L424">424</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L425" href="#L425">425</a> <em class="jxr_javadoccomment"> * Decompresses a file.</em>
|
||||
<a class="jxr_linenumber" name="L426" href="#L426">426</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L427" href="#L427">427</a> <em class="jxr_javadoccomment"> * @param inputStream the compressed file</em>
|
||||
<a class="jxr_linenumber" name="L428" href="#L428">428</a> <em class="jxr_javadoccomment"> * @param outputFile the location to write the decompressed file</em>
|
||||
<a class="jxr_linenumber" name="L429" href="#L429">429</a> <em class="jxr_javadoccomment"> * @throws ArchiveExtractionException thrown if there is an exception decompressing the file</em>
|
||||
<a class="jxr_linenumber" name="L430" href="#L430">430</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L431" href="#L431">431</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> decompressFile(CompressorInputStream inputStream, File outputFile) <strong class="jxr_keyword">throws</strong> ArchiveExtractionException {
|
||||
<a class="jxr_linenumber" name="L432" href="#L432">432</a> FileOutputStream out = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L433" href="#L433">433</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L434" href="#L434">434</a> out = <strong class="jxr_keyword">new</strong> FileOutputStream(outputFile);
|
||||
<a class="jxr_linenumber" name="L435" href="#L435">435</a> <strong class="jxr_keyword">final</strong> byte[] buffer = <strong class="jxr_keyword">new</strong> byte[BUFFER_SIZE];
|
||||
<a class="jxr_linenumber" name="L436" href="#L436">436</a> <strong class="jxr_keyword">int</strong> n = 0;
|
||||
<a class="jxr_linenumber" name="L437" href="#L437">437</a> <strong class="jxr_keyword">while</strong> (-1 != (n = inputStream.read(buffer))) {
|
||||
<a class="jxr_linenumber" name="L438" href="#L438">438</a> out.write(buffer, 0, n);
|
||||
<a class="jxr_linenumber" name="L439" href="#L439">439</a> }
|
||||
<a class="jxr_linenumber" name="L440" href="#L440">440</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
|
||||
<a class="jxr_linenumber" name="L441" href="#L441">441</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L442" href="#L442">442</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
|
||||
<a class="jxr_linenumber" name="L443" href="#L443">443</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L444" href="#L444">444</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L445" href="#L445">445</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
|
||||
<a class="jxr_linenumber" name="L446" href="#L446">446</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L447" href="#L447">447</a> <strong class="jxr_keyword">if</strong> (out != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L448" href="#L448">448</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L449" href="#L449">449</a> out.close();
|
||||
<a class="jxr_linenumber" name="L450" href="#L450">450</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L451" href="#L451">451</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L452" href="#L452">452</a> }
|
||||
<a class="jxr_linenumber" name="L453" href="#L453">453</a> }
|
||||
<a class="jxr_linenumber" name="L454" href="#L454">454</a> }
|
||||
<a class="jxr_linenumber" name="L455" href="#L455">455</a> }
|
||||
<a class="jxr_linenumber" name="L456" href="#L456">456</a>
|
||||
<a class="jxr_linenumber" name="L457" href="#L457">457</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L458" href="#L458">458</a> <em class="jxr_javadoccomment"> * Attempts to determine if a zip file is actually a JAR file.</em>
|
||||
<a class="jxr_linenumber" name="L459" href="#L459">459</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L460" href="#L460">460</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to check</em>
|
||||
<a class="jxr_linenumber" name="L461" href="#L461">461</a> <em class="jxr_javadoccomment"> * @return true if the dependency appears to be a JAR file; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L462" href="#L462">462</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L463" href="#L463">463</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isZipFileActuallyJarFile(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L464" href="#L464">464</a> <strong class="jxr_keyword">boolean</strong> isJar = false;
|
||||
<a class="jxr_linenumber" name="L465" href="#L465">465</a> ZipFile zip = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L466" href="#L466">466</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L467" href="#L467">467</a> zip = <strong class="jxr_keyword">new</strong> ZipFile(dependency.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L468" href="#L468">468</a> <strong class="jxr_keyword">if</strong> (zip.getEntry(<span class="jxr_string">"META-INF/MANIFEST.MF"</span>) != <strong class="jxr_keyword">null</strong>
|
||||
<a class="jxr_linenumber" name="L469" href="#L469">469</a> || zip.getEntry(<span class="jxr_string">"META-INF/maven"</span>) != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L470" href="#L470">470</a> <strong class="jxr_keyword">final</strong> Enumeration<ZipArchiveEntry> entries = zip.getEntries();
|
||||
<a class="jxr_linenumber" name="L471" href="#L471">471</a> <strong class="jxr_keyword">while</strong> (entries.hasMoreElements()) {
|
||||
<a class="jxr_linenumber" name="L472" href="#L472">472</a> <strong class="jxr_keyword">final</strong> ZipArchiveEntry entry = entries.nextElement();
|
||||
<a class="jxr_linenumber" name="L473" href="#L473">473</a> <strong class="jxr_keyword">if</strong> (!entry.isDirectory()) {
|
||||
<a class="jxr_linenumber" name="L474" href="#L474">474</a> <strong class="jxr_keyword">final</strong> String name = entry.getName().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L475" href="#L475">475</a> <strong class="jxr_keyword">if</strong> (name.endsWith(<span class="jxr_string">".class"</span>)) {
|
||||
<a class="jxr_linenumber" name="L476" href="#L476">476</a> isJar = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L477" href="#L477">477</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L478" href="#L478">478</a> }
|
||||
<a class="jxr_linenumber" name="L479" href="#L479">479</a> }
|
||||
<a class="jxr_linenumber" name="L480" href="#L480">480</a> }
|
||||
<a class="jxr_linenumber" name="L481" href="#L481">481</a> }
|
||||
<a class="jxr_linenumber" name="L482" href="#L482">482</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L483" href="#L483">483</a> LOGGER.log(Level.FINE, String.format(<span class="jxr_string">"Unable to unzip zip file '%s'"</span>, dependency.getFilePath()), ex);
|
||||
<a class="jxr_linenumber" name="L484" href="#L484">484</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L485" href="#L485">485</a> ZipFile.closeQuietly(zip);
|
||||
<a class="jxr_linenumber" name="L486" href="#L486">486</a> }
|
||||
<a class="jxr_linenumber" name="L487" href="#L487">487</a>
|
||||
<a class="jxr_linenumber" name="L488" href="#L488">488</a> <strong class="jxr_keyword">return</strong> isJar;
|
||||
<a class="jxr_linenumber" name="L489" href="#L489">489</a> }
|
||||
<a class="jxr_linenumber" name="L490" href="#L490">490</a> }
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> d.getFileName());
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> d.setFilePath(displayPath);
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> d.setFileName(displayName);
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a>
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <em class="jxr_comment">//TODO - can we get more evidence from the parent? EAR contains module name, etc.</em>
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <em class="jxr_comment">//analyze the dependency (i.e. extract files) if it is a supported type.</em>
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.supportsExtension(d.getFileExtension()) && scanDepth < MAX_SCAN_DEPTH) {
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> scanDepth += 1;
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> analyze(d, engine);
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> scanDepth -= 1;
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> }
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> }
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> }
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.REMOVE_FROM_ANALYSIS.contains(dependency.getFileExtension())) {
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"zip"</span>.equals(dependency.getFileExtension()) && isZipFileActuallyJarFile(dependency)) {
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <strong class="jxr_keyword">final</strong> File tdir = getNextTempDirectory();
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <strong class="jxr_keyword">final</strong> String fileName = dependency.getFileName();
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a>
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> LOGGER.info(String.format(<span class="jxr_string">"The zip file '%s' appears to be a JAR file, making a copy and analyzing it as a JAR."</span>, fileName));
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a>
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <strong class="jxr_keyword">final</strong> File tmpLoc = <strong class="jxr_keyword">new</strong> File(tdir, fileName.substring(0, fileName.length() - 3) + <span class="jxr_string">"jar"</span>);
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> org.apache.commons.io.FileUtils.copyFile(tdir, tmpLoc);
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> dependencies = <strong class="jxr_keyword">new</strong> ArrayList<Dependency>(engine.getDependencies());
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> engine.scan(tmpLoc);
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> newDependencies = engine.getDependencies();
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <strong class="jxr_keyword">if</strong> (dependencies.size() != newDependencies.size()) {
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <em class="jxr_comment">//get the new dependencies</em>
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <strong class="jxr_keyword">final</strong> Set<Dependency> dependencySet = <strong class="jxr_keyword">new</strong> HashSet<Dependency>();
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> dependencySet.addAll(newDependencies);
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> dependencySet.removeAll(dependencies);
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <strong class="jxr_keyword">if</strong> (dependencySet.size() != 1) {
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> LOGGER.info(<span class="jxr_string">"Deep copy of ZIP to JAR file resulted in more then one dependency?"</span>);
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> }
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencySet) {
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <em class="jxr_comment">//fix the dependency's display name and path</em>
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> d.setFilePath(dependency.getFilePath());
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> d.setDisplayFileName(dependency.getFileName());
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> }
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> }
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to perform deep copy on '%s'"</span>, dependency.getActualFile().getPath());
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> LOGGER.log(Level.FINE, msg, ex);
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> }
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> }
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> engine.getDependencies().remove(dependency);
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> }
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> Collections.sort(engine.getDependencies());
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> }
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a>
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <em class="jxr_javadoccomment"> * Retrieves the next temporary directory to extract an archive too.</em>
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <em class="jxr_javadoccomment"> * @return a directory</em>
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if unable to create temporary directory</em>
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <strong class="jxr_keyword">private</strong> File getNextTempDirectory() <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> dirCount += 1;
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> <strong class="jxr_keyword">final</strong> File directory = <strong class="jxr_keyword">new</strong> File(tempFileLocation, String.valueOf(dirCount));
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> <em class="jxr_comment">//getting an exception for some directories not being able to be created; might be because the directory already exists?</em>
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <strong class="jxr_keyword">if</strong> (directory.exists()) {
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <strong class="jxr_keyword">return</strong> getNextTempDirectory();
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> }
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <strong class="jxr_keyword">if</strong> (!directory.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to create temp directory '%s'."</span>, directory.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> }
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <strong class="jxr_keyword">return</strong> directory;
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> }
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a>
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_javadoccomment"> * Extracts the contents of an archive into the specified directory.</em>
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <em class="jxr_javadoccomment"> * @param archive an archive file such as a WAR or EAR</em>
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <em class="jxr_javadoccomment"> * @param destination a directory to extract the contents to</em>
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <em class="jxr_javadoccomment"> * @param engine the scanning engine</em>
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if the archive is not found</em>
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractFiles(File archive, File destination, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <strong class="jxr_keyword">if</strong> (archive == <strong class="jxr_keyword">null</strong> || destination == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> }
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a>
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> FileInputStream fis = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> fis = <strong class="jxr_keyword">new</strong> FileInputStream(archive);
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Archive file was not found."</span>, ex);
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> }
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <strong class="jxr_keyword">final</strong> String archiveExt = FileUtils.getFileExtension(archive.getName()).toLowerCase();
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <strong class="jxr_keyword">if</strong> (ZIPPABLES.contains(archiveExt)) {
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> extractArchive(<strong class="jxr_keyword">new</strong> ZipArchiveInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), destination, engine);
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"tar"</span>.equals(archiveExt)) {
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> extractArchive(<strong class="jxr_keyword">new</strong> TarArchiveInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), destination, engine);
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"gz"</span>.equals(archiveExt) || <span class="jxr_string">"tgz"</span>.equals(archiveExt)) {
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <strong class="jxr_keyword">final</strong> String uncompressedName = GzipUtils.getUncompressedFilename(archive.getName());
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> <strong class="jxr_keyword">final</strong> String uncompressedExt = FileUtils.getFileExtension(uncompressedName).toLowerCase();
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> <strong class="jxr_keyword">if</strong> (engine.supportsExtension(uncompressedExt)) {
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> decompressFile(<strong class="jxr_keyword">new</strong> GzipCompressorInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), <strong class="jxr_keyword">new</strong> File(destination, uncompressedName));
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> }
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a> }
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a> } <strong class="jxr_keyword">catch</strong> (ArchiveExtractionException ex) {
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Exception extracting archive '%s'."</span>, archive.getName());
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a> LOGGER.log(Level.WARNING, msg);
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Exception reading archive '%s'."</span>, archive.getName());
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a> LOGGER.log(Level.WARNING, msg);
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a> fis.close();
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L342" href="#L342">342</a> }
|
||||
<a class="jxr_linenumber" name="L343" href="#L343">343</a> }
|
||||
<a class="jxr_linenumber" name="L344" href="#L344">344</a> }
|
||||
<a class="jxr_linenumber" name="L345" href="#L345">345</a>
|
||||
<a class="jxr_linenumber" name="L346" href="#L346">346</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L347" href="#L347">347</a> <em class="jxr_javadoccomment"> * Extracts files from an archive.</em>
|
||||
<a class="jxr_linenumber" name="L348" href="#L348">348</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L349" href="#L349">349</a> <em class="jxr_javadoccomment"> * @param input the archive to extract files from</em>
|
||||
<a class="jxr_linenumber" name="L350" href="#L350">350</a> <em class="jxr_javadoccomment"> * @param destination the location to write the files too</em>
|
||||
<a class="jxr_linenumber" name="L351" href="#L351">351</a> <em class="jxr_javadoccomment"> * @param engine the dependency-check engine</em>
|
||||
<a class="jxr_linenumber" name="L352" href="#L352">352</a> <em class="jxr_javadoccomment"> * @throws ArchiveExtractionException thrown if there is an exception extracting files from the archive</em>
|
||||
<a class="jxr_linenumber" name="L353" href="#L353">353</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractArchive(ArchiveInputStream input, File destination, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> ArchiveExtractionException {
|
||||
<a class="jxr_linenumber" name="L355" href="#L355">355</a> ArchiveEntry entry;
|
||||
<a class="jxr_linenumber" name="L356" href="#L356">356</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <strong class="jxr_keyword">while</strong> ((entry = input.getNextEntry()) != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <strong class="jxr_keyword">if</strong> (entry.isDirectory()) {
|
||||
<a class="jxr_linenumber" name="L359" href="#L359">359</a> <strong class="jxr_keyword">final</strong> File d = <strong class="jxr_keyword">new</strong> File(destination, entry.getName());
|
||||
<a class="jxr_linenumber" name="L360" href="#L360">360</a> <strong class="jxr_keyword">if</strong> (!d.exists()) {
|
||||
<a class="jxr_linenumber" name="L361" href="#L361">361</a> <strong class="jxr_keyword">if</strong> (!d.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L362" href="#L362">362</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to create directory '%s'."</span>, d.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L363" href="#L363">363</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L364" href="#L364">364</a> }
|
||||
<a class="jxr_linenumber" name="L365" href="#L365">365</a> }
|
||||
<a class="jxr_linenumber" name="L366" href="#L366">366</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L367" href="#L367">367</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(destination, entry.getName());
|
||||
<a class="jxr_linenumber" name="L368" href="#L368">368</a> <strong class="jxr_keyword">final</strong> String ext = FileUtils.getFileExtension(file.getName());
|
||||
<a class="jxr_linenumber" name="L369" href="#L369">369</a> <strong class="jxr_keyword">if</strong> (engine.supportsExtension(ext)) {
|
||||
<a class="jxr_linenumber" name="L370" href="#L370">370</a> BufferedOutputStream bos = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L371" href="#L371">371</a> FileOutputStream fos;
|
||||
<a class="jxr_linenumber" name="L372" href="#L372">372</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L373" href="#L373">373</a> <strong class="jxr_keyword">final</strong> File parent = file.getParentFile();
|
||||
<a class="jxr_linenumber" name="L374" href="#L374">374</a> <strong class="jxr_keyword">if</strong> (!parent.isDirectory()) {
|
||||
<a class="jxr_linenumber" name="L375" href="#L375">375</a> <strong class="jxr_keyword">if</strong> (!parent.mkdirs()) {
|
||||
<a class="jxr_linenumber" name="L376" href="#L376">376</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to build directory '%s'."</span>, parent.getAbsolutePath());
|
||||
<a class="jxr_linenumber" name="L377" href="#L377">377</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
|
||||
<a class="jxr_linenumber" name="L378" href="#L378">378</a> }
|
||||
<a class="jxr_linenumber" name="L379" href="#L379">379</a> }
|
||||
<a class="jxr_linenumber" name="L380" href="#L380">380</a> fos = <strong class="jxr_keyword">new</strong> FileOutputStream(file);
|
||||
<a class="jxr_linenumber" name="L381" href="#L381">381</a> bos = <strong class="jxr_keyword">new</strong> BufferedOutputStream(fos, BUFFER_SIZE);
|
||||
<a class="jxr_linenumber" name="L382" href="#L382">382</a> <strong class="jxr_keyword">int</strong> count;
|
||||
<a class="jxr_linenumber" name="L383" href="#L383">383</a> <strong class="jxr_keyword">final</strong> byte data[] = <strong class="jxr_keyword">new</strong> byte[BUFFER_SIZE];
|
||||
<a class="jxr_linenumber" name="L384" href="#L384">384</a> <strong class="jxr_keyword">while</strong> ((count = input.read(data, 0, BUFFER_SIZE)) != -1) {
|
||||
<a class="jxr_linenumber" name="L385" href="#L385">385</a> bos.write(data, 0, count);
|
||||
<a class="jxr_linenumber" name="L386" href="#L386">386</a> }
|
||||
<a class="jxr_linenumber" name="L387" href="#L387">387</a> bos.flush();
|
||||
<a class="jxr_linenumber" name="L388" href="#L388">388</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
|
||||
<a class="jxr_linenumber" name="L389" href="#L389">389</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L390" href="#L390">390</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to find file '%s'."</span>, file.getName());
|
||||
<a class="jxr_linenumber" name="L391" href="#L391">391</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg, ex);
|
||||
<a class="jxr_linenumber" name="L392" href="#L392">392</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L393" href="#L393">393</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L394" href="#L394">394</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"IO Exception while parsing file '%s'."</span>, file.getName());
|
||||
<a class="jxr_linenumber" name="L395" href="#L395">395</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg, ex);
|
||||
<a class="jxr_linenumber" name="L396" href="#L396">396</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L397" href="#L397">397</a> <strong class="jxr_keyword">if</strong> (bos != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L398" href="#L398">398</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L399" href="#L399">399</a> bos.close();
|
||||
<a class="jxr_linenumber" name="L400" href="#L400">400</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L401" href="#L401">401</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L402" href="#L402">402</a> }
|
||||
<a class="jxr_linenumber" name="L403" href="#L403">403</a> }
|
||||
<a class="jxr_linenumber" name="L404" href="#L404">404</a> }
|
||||
<a class="jxr_linenumber" name="L405" href="#L405">405</a> }
|
||||
<a class="jxr_linenumber" name="L406" href="#L406">406</a> }
|
||||
<a class="jxr_linenumber" name="L407" href="#L407">407</a> }
|
||||
<a class="jxr_linenumber" name="L408" href="#L408">408</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L409" href="#L409">409</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
|
||||
<a class="jxr_linenumber" name="L410" href="#L410">410</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L411" href="#L411">411</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
|
||||
<a class="jxr_linenumber" name="L412" href="#L412">412</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L413" href="#L413">413</a> <strong class="jxr_keyword">if</strong> (input != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L414" href="#L414">414</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L415" href="#L415">415</a> input.close();
|
||||
<a class="jxr_linenumber" name="L416" href="#L416">416</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L417" href="#L417">417</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L418" href="#L418">418</a> }
|
||||
<a class="jxr_linenumber" name="L419" href="#L419">419</a> }
|
||||
<a class="jxr_linenumber" name="L420" href="#L420">420</a> }
|
||||
<a class="jxr_linenumber" name="L421" href="#L421">421</a> }
|
||||
<a class="jxr_linenumber" name="L422" href="#L422">422</a>
|
||||
<a class="jxr_linenumber" name="L423" href="#L423">423</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L424" href="#L424">424</a> <em class="jxr_javadoccomment"> * Decompresses a file.</em>
|
||||
<a class="jxr_linenumber" name="L425" href="#L425">425</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L426" href="#L426">426</a> <em class="jxr_javadoccomment"> * @param inputStream the compressed file</em>
|
||||
<a class="jxr_linenumber" name="L427" href="#L427">427</a> <em class="jxr_javadoccomment"> * @param outputFile the location to write the decompressed file</em>
|
||||
<a class="jxr_linenumber" name="L428" href="#L428">428</a> <em class="jxr_javadoccomment"> * @throws ArchiveExtractionException thrown if there is an exception decompressing the file</em>
|
||||
<a class="jxr_linenumber" name="L429" href="#L429">429</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L430" href="#L430">430</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> decompressFile(CompressorInputStream inputStream, File outputFile) <strong class="jxr_keyword">throws</strong> ArchiveExtractionException {
|
||||
<a class="jxr_linenumber" name="L431" href="#L431">431</a> FileOutputStream out = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L432" href="#L432">432</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L433" href="#L433">433</a> out = <strong class="jxr_keyword">new</strong> FileOutputStream(outputFile);
|
||||
<a class="jxr_linenumber" name="L434" href="#L434">434</a> <strong class="jxr_keyword">final</strong> byte[] buffer = <strong class="jxr_keyword">new</strong> byte[BUFFER_SIZE];
|
||||
<a class="jxr_linenumber" name="L435" href="#L435">435</a> <strong class="jxr_keyword">int</strong> n = 0;
|
||||
<a class="jxr_linenumber" name="L436" href="#L436">436</a> <strong class="jxr_keyword">while</strong> (-1 != (n = inputStream.read(buffer))) {
|
||||
<a class="jxr_linenumber" name="L437" href="#L437">437</a> out.write(buffer, 0, n);
|
||||
<a class="jxr_linenumber" name="L438" href="#L438">438</a> }
|
||||
<a class="jxr_linenumber" name="L439" href="#L439">439</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
|
||||
<a class="jxr_linenumber" name="L440" href="#L440">440</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L441" href="#L441">441</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
|
||||
<a class="jxr_linenumber" name="L442" href="#L442">442</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L443" href="#L443">443</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L444" href="#L444">444</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
|
||||
<a class="jxr_linenumber" name="L445" href="#L445">445</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L446" href="#L446">446</a> <strong class="jxr_keyword">if</strong> (out != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L447" href="#L447">447</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L448" href="#L448">448</a> out.close();
|
||||
<a class="jxr_linenumber" name="L449" href="#L449">449</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L450" href="#L450">450</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L451" href="#L451">451</a> }
|
||||
<a class="jxr_linenumber" name="L452" href="#L452">452</a> }
|
||||
<a class="jxr_linenumber" name="L453" href="#L453">453</a> }
|
||||
<a class="jxr_linenumber" name="L454" href="#L454">454</a> }
|
||||
<a class="jxr_linenumber" name="L455" href="#L455">455</a>
|
||||
<a class="jxr_linenumber" name="L456" href="#L456">456</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L457" href="#L457">457</a> <em class="jxr_javadoccomment"> * Attempts to determine if a zip file is actually a JAR file.</em>
|
||||
<a class="jxr_linenumber" name="L458" href="#L458">458</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L459" href="#L459">459</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to check</em>
|
||||
<a class="jxr_linenumber" name="L460" href="#L460">460</a> <em class="jxr_javadoccomment"> * @return true if the dependency appears to be a JAR file; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L461" href="#L461">461</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L462" href="#L462">462</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isZipFileActuallyJarFile(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L463" href="#L463">463</a> <strong class="jxr_keyword">boolean</strong> isJar = false;
|
||||
<a class="jxr_linenumber" name="L464" href="#L464">464</a> ZipFile zip = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L465" href="#L465">465</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L466" href="#L466">466</a> zip = <strong class="jxr_keyword">new</strong> ZipFile(dependency.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L467" href="#L467">467</a> <strong class="jxr_keyword">if</strong> (zip.getEntry(<span class="jxr_string">"META-INF/MANIFEST.MF"</span>) != <strong class="jxr_keyword">null</strong>
|
||||
<a class="jxr_linenumber" name="L468" href="#L468">468</a> || zip.getEntry(<span class="jxr_string">"META-INF/maven"</span>) != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L469" href="#L469">469</a> <strong class="jxr_keyword">final</strong> Enumeration<ZipArchiveEntry> entries = zip.getEntries();
|
||||
<a class="jxr_linenumber" name="L470" href="#L470">470</a> <strong class="jxr_keyword">while</strong> (entries.hasMoreElements()) {
|
||||
<a class="jxr_linenumber" name="L471" href="#L471">471</a> <strong class="jxr_keyword">final</strong> ZipArchiveEntry entry = entries.nextElement();
|
||||
<a class="jxr_linenumber" name="L472" href="#L472">472</a> <strong class="jxr_keyword">if</strong> (!entry.isDirectory()) {
|
||||
<a class="jxr_linenumber" name="L473" href="#L473">473</a> <strong class="jxr_keyword">final</strong> String name = entry.getName().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L474" href="#L474">474</a> <strong class="jxr_keyword">if</strong> (name.endsWith(<span class="jxr_string">".class"</span>)) {
|
||||
<a class="jxr_linenumber" name="L475" href="#L475">475</a> isJar = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L476" href="#L476">476</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L477" href="#L477">477</a> }
|
||||
<a class="jxr_linenumber" name="L478" href="#L478">478</a> }
|
||||
<a class="jxr_linenumber" name="L479" href="#L479">479</a> }
|
||||
<a class="jxr_linenumber" name="L480" href="#L480">480</a> }
|
||||
<a class="jxr_linenumber" name="L481" href="#L481">481</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L482" href="#L482">482</a> LOGGER.log(Level.FINE, String.format(<span class="jxr_string">"Unable to unzip zip file '%s'"</span>, dependency.getFilePath()), ex);
|
||||
<a class="jxr_linenumber" name="L483" href="#L483">483</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L484" href="#L484">484</a> ZipFile.closeQuietly(zip);
|
||||
<a class="jxr_linenumber" name="L485" href="#L485">485</a> }
|
||||
<a class="jxr_linenumber" name="L486" href="#L486">486</a>
|
||||
<a class="jxr_linenumber" name="L487" href="#L487">487</a> <strong class="jxr_keyword">return</strong> isJar;
|
||||
<a class="jxr_linenumber" name="L488" href="#L488">488</a> }
|
||||
<a class="jxr_linenumber" name="L489" href="#L489">489</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -128,205 +128,209 @@
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <em class="jxr_comment">// Try evacuating the error stream</em>
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> rdr = <strong class="jxr_keyword">new</strong> BufferedReader(<strong class="jxr_keyword">new</strong> InputStreamReader(proc.getErrorStream(), <span class="jxr_string">"UTF-8"</span>));
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> String line = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <strong class="jxr_keyword">while</strong> (rdr.ready() && (line = rdr.readLine()) != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> LOGGER.log(Level.WARNING, <span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.stderr"</span>, line);
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> }
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">int</strong> rc = 0;
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> doc = builder.parse(proc.getInputStream());
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> rc = proc.waitFor();
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> } <strong class="jxr_keyword">catch</strong> (InterruptedException ie) {
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> }
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <strong class="jxr_keyword">if</strong> (rc == 3) {
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> LOGGER.log(Level.FINE, <span class="jxr_string">"analyzer.AssemblyAnalyzer.notassembly"</span>, dependency.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (rc != 0) {
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> LOGGER.log(Level.WARNING, <span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.rc"</span>, rc);
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> }
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a>
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">final</strong> XPath xpath = XPathFactory.newInstance().newXPath();
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <em class="jxr_comment">// CheckStyle:VisibilityModifier OFF</em>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <strong class="jxr_keyword">while</strong> (rdr.ready() && (line = rdr.readLine()) != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> LOGGER.log(Level.WARNING, <span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.stderr"</span>, line);
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> }
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_comment">// CheckStyle:VisibilityModifier ON</em>
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <strong class="jxr_keyword">int</strong> rc = 0;
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> doc = builder.parse(proc.getInputStream());
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a>
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> rc = proc.waitFor();
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> } <strong class="jxr_keyword">catch</strong> (InterruptedException ie) {
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> }
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <strong class="jxr_keyword">if</strong> (rc == 3) {
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> LOGGER.log(Level.FINE, <span class="jxr_string">"analyzer.AssemblyAnalyzer.notassembly"</span>, dependency.getActualFilePath());
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (rc != 0) {
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> LOGGER.log(Level.WARNING, <span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.rc"</span>, rc);
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> }
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_comment">// First, see if there was an error</em>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <strong class="jxr_keyword">final</strong> String error = xpath.evaluate(<span class="jxr_string">"/assembly/error"</span>, doc);
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <strong class="jxr_keyword">if</strong> (error != <strong class="jxr_keyword">null</strong> && !<span class="jxr_string">""</span>.equals(error)) {
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(error);
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> }
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">final</strong> String version = xpath.evaluate(<span class="jxr_string">"/assembly/version"</span>, doc);
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <strong class="jxr_keyword">if</strong> (version != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> dependency.getVersionEvidence().addEvidence(<strong class="jxr_keyword">new</strong> Evidence(<span class="jxr_string">"grokassembly"</span>, <span class="jxr_string">"version"</span>,
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> version, Confidence.HIGHEST));
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> }
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">final</strong> String vendor = xpath.evaluate(<span class="jxr_string">"/assembly/company"</span>, doc);
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <strong class="jxr_keyword">if</strong> (vendor != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> dependency.getVendorEvidence().addEvidence(<strong class="jxr_keyword">new</strong> Evidence(<span class="jxr_string">"grokassembly"</span>, <span class="jxr_string">"vendor"</span>,
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> vendor, Confidence.HIGH));
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> }
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a>
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">final</strong> String product = xpath.evaluate(<span class="jxr_string">"/assembly/product"</span>, doc);
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">if</strong> (product != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> dependency.getProductEvidence().addEvidence(<strong class="jxr_keyword">new</strong> Evidence(<span class="jxr_string">"grokassembly"</span>, <span class="jxr_string">"product"</span>,
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> product, Confidence.HIGH));
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> }
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a>
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(ioe);
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> } <strong class="jxr_keyword">catch</strong> (SAXException saxe) {
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Couldn't parse GrokAssembly result"</span>, saxe);
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> } <strong class="jxr_keyword">catch</strong> (XPathExpressionException xpe) {
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_comment">// This shouldn't happen</em>
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(xpe);
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <strong class="jxr_keyword">if</strong> (rdr != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> rdr.close();
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> LOGGER.log(Level.FINEST, <span class="jxr_string">"ignore"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> }
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> }
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> }
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> }
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a>
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <em class="jxr_javadoccomment"> * Initialize the analyzer. In this case, extract GrokAssembly.exe to a temporary location.</em>
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment"> * @throws Exception if anything goes wrong</em>
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> @Override
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <strong class="jxr_keyword">final</strong> File tempFile = File.createTempFile(<span class="jxr_string">"GKA"</span>, <span class="jxr_string">".exe"</span>, Settings.getTempDirectory());
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> FileOutputStream fos = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> InputStream is = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> fos = <strong class="jxr_keyword">new</strong> FileOutputStream(tempFile);
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> is = AssemblyAnalyzer.<strong class="jxr_keyword">class</strong>.getClassLoader().getResourceAsStream(<span class="jxr_string">"GrokAssembly.exe"</span>);
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <strong class="jxr_keyword">final</strong> byte[] buff = <strong class="jxr_keyword">new</strong> byte[4096];
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <strong class="jxr_keyword">int</strong> bread = -1;
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <strong class="jxr_keyword">while</strong> ((bread = is.read(buff)) >= 0) {
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> fos.write(buff, 0, bread);
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> }
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> grokAssemblyExe = tempFile;
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_comment">// Set the temp file to get deleted when we're done</em>
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> grokAssemblyExe.deleteOnExit();
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> LOGGER.log(Level.FINE, <span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.deployed"</span>, grokAssemblyExe.getPath());
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <strong class="jxr_keyword">this</strong>.setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> LOGGER.log(Level.WARNING, <span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.notdeployed"</span>, ioe.getMessage());
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Could not extract GrokAssembly.exe"</span>, ioe);
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <strong class="jxr_keyword">if</strong> (fos != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> fos.close();
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> } <strong class="jxr_keyword">catch</strong> (Throwable e) {
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> LOGGER.fine(<span class="jxr_string">"Error closing output stream"</span>);
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> }
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> }
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">if</strong> (is != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> is.close();
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> } <strong class="jxr_keyword">catch</strong> (Throwable e) {
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> LOGGER.fine(<span class="jxr_string">"Error closing input stream"</span>);
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> }
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> }
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> }
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a>
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <em class="jxr_comment">// Now, need to see if GrokAssembly actually runs from this location.</em>
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> <strong class="jxr_keyword">final</strong> List<String> args = buildArgumentList();
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> BufferedReader rdr = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <strong class="jxr_keyword">final</strong> ProcessBuilder pb = <strong class="jxr_keyword">new</strong> ProcessBuilder(args);
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <strong class="jxr_keyword">final</strong> Process p = pb.start();
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <em class="jxr_comment">// Try evacuating the error stream</em>
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> rdr = <strong class="jxr_keyword">new</strong> BufferedReader(<strong class="jxr_keyword">new</strong> InputStreamReader(p.getErrorStream(), <span class="jxr_string">"UTF-8"</span>));
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <strong class="jxr_keyword">while</strong> (rdr.ready() && rdr.readLine() != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <em class="jxr_comment">// We expect this to complain</em>
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> }
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">final</strong> Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream());
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <strong class="jxr_keyword">final</strong> XPath xpath = XPathFactory.newInstance().newXPath();
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <strong class="jxr_keyword">final</strong> String error = xpath.evaluate(<span class="jxr_string">"/assembly/error"</span>, doc);
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <strong class="jxr_keyword">if</strong> (p.waitFor() != 1 || error == <strong class="jxr_keyword">null</strong> || <span class="jxr_string">""</span>.equals(error)) {
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> LOGGER.warning(<span class="jxr_string">"An error occurred with the .NET AssemblyAnalyzer, please see the log for more details."</span>);
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> LOGGER.fine(<span class="jxr_string">"GrokAssembly.exe is not working properly"</span>);
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> grokAssemblyExe = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <strong class="jxr_keyword">this</strong>.setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Could not execute .NET AssemblyAnalyzer"</span>);
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> }
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> } <strong class="jxr_keyword">catch</strong> (Throwable e) {
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <strong class="jxr_keyword">if</strong> (e instanceof AnalysisException) {
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <strong class="jxr_keyword">throw</strong> (AnalysisException) e;
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> LOGGER.warning(<span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.initialization.failed"</span>);
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> LOGGER.log(Level.FINE, <span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.initialization.message"</span>, e.getMessage());
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <strong class="jxr_keyword">this</strong>.setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"An error occured with the .NET AssemblyAnalyzer"</span>, e);
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> }
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">if</strong> (rdr != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> rdr.close();
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> LOGGER.log(Level.FINEST, <span class="jxr_string">"ignore"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> }
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> }
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> }
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> }
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a>
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> @Override
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <strong class="jxr_keyword">super</strong>.close();
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <strong class="jxr_keyword">if</strong> (grokAssemblyExe != <strong class="jxr_keyword">null</strong> && !grokAssemblyExe.delete()) {
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> grokAssemblyExe.deleteOnExit();
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> }
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> } <strong class="jxr_keyword">catch</strong> (SecurityException se) {
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> LOGGER.fine(<span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.notdeleted"</span>);
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> }
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> }
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a>
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> <em class="jxr_javadoccomment"> * Gets the set of extensions supported by this analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> <em class="jxr_javadoccomment"> * @return the list of supported extensions</em>
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> @Override
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <strong class="jxr_keyword">public</strong> Set<String> getSupportedExtensions() {
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <strong class="jxr_keyword">return</strong> SUPPORTED_EXTENSIONS;
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> }
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a>
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <em class="jxr_javadoccomment"> * Gets this analyzer's name.</em>
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <em class="jxr_javadoccomment"> * @return the analyzer name</em>
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> @Override
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> }
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a>
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <em class="jxr_javadoccomment"> * Returns the phase this analyzer runs under.</em>
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <em class="jxr_javadoccomment"> * @return the phase this runs under</em>
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> @Override
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> }
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a>
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> @Override
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED;
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> }
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> }
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <strong class="jxr_keyword">final</strong> XPath xpath = XPathFactory.newInstance().newXPath();
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_comment">// First, see if there was an error</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <strong class="jxr_keyword">final</strong> String error = xpath.evaluate(<span class="jxr_string">"/assembly/error"</span>, doc);
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <strong class="jxr_keyword">if</strong> (error != <strong class="jxr_keyword">null</strong> && !<span class="jxr_string">""</span>.equals(error)) {
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(error);
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> }
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a>
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">final</strong> String version = xpath.evaluate(<span class="jxr_string">"/assembly/version"</span>, doc);
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">if</strong> (version != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> dependency.getVersionEvidence().addEvidence(<strong class="jxr_keyword">new</strong> Evidence(<span class="jxr_string">"grokassembly"</span>, <span class="jxr_string">"version"</span>,
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> version, Confidence.HIGHEST));
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> }
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">final</strong> String vendor = xpath.evaluate(<span class="jxr_string">"/assembly/company"</span>, doc);
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">if</strong> (vendor != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> dependency.getVendorEvidence().addEvidence(<strong class="jxr_keyword">new</strong> Evidence(<span class="jxr_string">"grokassembly"</span>, <span class="jxr_string">"vendor"</span>,
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> vendor, Confidence.HIGH));
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> }
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a>
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">final</strong> String product = xpath.evaluate(<span class="jxr_string">"/assembly/product"</span>, doc);
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">if</strong> (product != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> dependency.getProductEvidence().addEvidence(<strong class="jxr_keyword">new</strong> Evidence(<span class="jxr_string">"grokassembly"</span>, <span class="jxr_string">"product"</span>,
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> product, Confidence.HIGH));
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> }
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a>
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(ioe);
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> } <strong class="jxr_keyword">catch</strong> (SAXException saxe) {
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Couldn't parse GrokAssembly result"</span>, saxe);
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> } <strong class="jxr_keyword">catch</strong> (XPathExpressionException xpe) {
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_comment">// This shouldn't happen</em>
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(xpe);
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">if</strong> (rdr != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> rdr.close();
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> LOGGER.log(Level.FINEST, <span class="jxr_string">"ignore"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> }
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> }
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> }
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> }
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a>
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment"> * Initialize the analyzer. In this case, extract GrokAssembly.exe to a temporary location.</em>
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> * @throws Exception if anything goes wrong</em>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> @Override
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">final</strong> File tempFile = File.createTempFile(<span class="jxr_string">"GKA"</span>, <span class="jxr_string">".exe"</span>, Settings.getTempDirectory());
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> FileOutputStream fos = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> InputStream is = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> fos = <strong class="jxr_keyword">new</strong> FileOutputStream(tempFile);
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> is = AssemblyAnalyzer.<strong class="jxr_keyword">class</strong>.getClassLoader().getResourceAsStream(<span class="jxr_string">"GrokAssembly.exe"</span>);
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <strong class="jxr_keyword">final</strong> byte[] buff = <strong class="jxr_keyword">new</strong> byte[4096];
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <strong class="jxr_keyword">int</strong> bread = -1;
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <strong class="jxr_keyword">while</strong> ((bread = is.read(buff)) >= 0) {
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> fos.write(buff, 0, bread);
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> }
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> grokAssemblyExe = tempFile;
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_comment">// Set the temp file to get deleted when we're done</em>
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> grokAssemblyExe.deleteOnExit();
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> LOGGER.log(Level.FINE, <span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.deployed"</span>, grokAssemblyExe.getPath());
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <strong class="jxr_keyword">this</strong>.setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> LOGGER.log(Level.WARNING, <span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.notdeployed"</span>, ioe.getMessage());
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Could not extract GrokAssembly.exe"</span>, ioe);
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <strong class="jxr_keyword">if</strong> (fos != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> fos.close();
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> } <strong class="jxr_keyword">catch</strong> (Throwable e) {
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> LOGGER.fine(<span class="jxr_string">"Error closing output stream"</span>);
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> }
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> }
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">if</strong> (is != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> is.close();
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> } <strong class="jxr_keyword">catch</strong> (Throwable e) {
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> LOGGER.fine(<span class="jxr_string">"Error closing input stream"</span>);
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> }
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> }
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> }
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a>
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <em class="jxr_comment">// Now, need to see if GrokAssembly actually runs from this location.</em>
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <strong class="jxr_keyword">final</strong> List<String> args = buildArgumentList();
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> BufferedReader rdr = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <strong class="jxr_keyword">final</strong> ProcessBuilder pb = <strong class="jxr_keyword">new</strong> ProcessBuilder(args);
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <strong class="jxr_keyword">final</strong> Process p = pb.start();
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <em class="jxr_comment">// Try evacuating the error stream</em>
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> rdr = <strong class="jxr_keyword">new</strong> BufferedReader(<strong class="jxr_keyword">new</strong> InputStreamReader(p.getErrorStream(), <span class="jxr_string">"UTF-8"</span>));
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <em class="jxr_comment">// CheckStyle:VisibilityModifier OFF</em>
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">while</strong> (rdr.ready() && rdr.readLine() != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <em class="jxr_comment">// We expect this to complain</em>
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> }
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <em class="jxr_comment">// CheckStyle:VisibilityModifier ON</em>
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <strong class="jxr_keyword">final</strong> Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream());
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <strong class="jxr_keyword">final</strong> XPath xpath = XPathFactory.newInstance().newXPath();
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <strong class="jxr_keyword">final</strong> String error = xpath.evaluate(<span class="jxr_string">"/assembly/error"</span>, doc);
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <strong class="jxr_keyword">if</strong> (p.waitFor() != 1 || error == <strong class="jxr_keyword">null</strong> || <span class="jxr_string">""</span>.equals(error)) {
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> LOGGER.warning(<span class="jxr_string">"An error occurred with the .NET AssemblyAnalyzer, please see the log for more details."</span>);
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> LOGGER.fine(<span class="jxr_string">"GrokAssembly.exe is not working properly"</span>);
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> grokAssemblyExe = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <strong class="jxr_keyword">this</strong>.setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Could not execute .NET AssemblyAnalyzer"</span>);
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> }
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> } <strong class="jxr_keyword">catch</strong> (Throwable e) {
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <strong class="jxr_keyword">if</strong> (e instanceof AnalysisException) {
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <strong class="jxr_keyword">throw</strong> (AnalysisException) e;
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> LOGGER.warning(<span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.initialization.failed"</span>);
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> LOGGER.log(Level.FINE, <span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.initialization.message"</span>, e.getMessage());
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">this</strong>.setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"An error occured with the .NET AssemblyAnalyzer"</span>, e);
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> }
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <strong class="jxr_keyword">if</strong> (rdr != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> rdr.close();
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> LOGGER.log(Level.FINEST, <span class="jxr_string">"ignore"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> }
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> }
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> }
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> }
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a>
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> @Override
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <strong class="jxr_keyword">super</strong>.close();
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <strong class="jxr_keyword">if</strong> (grokAssemblyExe != <strong class="jxr_keyword">null</strong> && !grokAssemblyExe.delete()) {
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> grokAssemblyExe.deleteOnExit();
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> }
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> } <strong class="jxr_keyword">catch</strong> (SecurityException se) {
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> LOGGER.fine(<span class="jxr_string">"analyzer.AssemblyAnalyzer.grokassembly.notdeleted"</span>);
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> }
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> }
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a>
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <em class="jxr_javadoccomment"> * Gets the set of extensions supported by this analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <em class="jxr_javadoccomment"> * @return the list of supported extensions</em>
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> @Override
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <strong class="jxr_keyword">public</strong> Set<String> getSupportedExtensions() {
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <strong class="jxr_keyword">return</strong> SUPPORTED_EXTENSIONS;
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> }
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a>
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_javadoccomment"> * Gets this analyzer's name.</em>
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <em class="jxr_javadoccomment"> * @return the analyzer name</em>
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> @Override
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> }
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a>
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <em class="jxr_javadoccomment"> * Returns the phase this analyzer runs under.</em>
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <em class="jxr_javadoccomment"> * @return the phase this runs under</em>
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> @Override
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> }
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a>
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> @Override
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED;
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> }
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,214 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head><meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>CentralAnalyzer xref</title>
|
||||
<link type="text/css" rel="stylesheet" href="../../../../stylesheet.css" />
|
||||
</head>
|
||||
<body>
|
||||
<div id="overview"><a href="../../../../../apidocs/org/owasp/dependencycheck/analyzer/CentralAnalyzer.html">View Javadoc</a></div><pre>
|
||||
<a class="jxr_linenumber" name="L1" href="#L1">1</a> <em class="jxr_comment">/*</em>
|
||||
<a class="jxr_linenumber" name="L2" href="#L2">2</a> <em class="jxr_comment"> * This file is part of dependency-check-core.</em>
|
||||
<a class="jxr_linenumber" name="L3" href="#L3">3</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L4" href="#L4">4</a> <em class="jxr_comment"> * Licensed under the Apache License, Version 2.0 (the "License");</em>
|
||||
<a class="jxr_linenumber" name="L5" href="#L5">5</a> <em class="jxr_comment"> * you may not use this file except in compliance with the License.</em>
|
||||
<a class="jxr_linenumber" name="L6" href="#L6">6</a> <em class="jxr_comment"> * You may obtain a copy of the License at</em>
|
||||
<a class="jxr_linenumber" name="L7" href="#L7">7</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L8" href="#L8">8</a> <em class="jxr_comment"> * <a href="http://www.apache.org/licenses/LICENSE-2." target="alexandria_uri">http://www.apache.org/licenses/LICENSE-2.</a>0</em>
|
||||
<a class="jxr_linenumber" name="L9" href="#L9">9</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L10" href="#L10">10</a> <em class="jxr_comment"> * Unless required by applicable law or agreed to in writing, software</em>
|
||||
<a class="jxr_linenumber" name="L11" href="#L11">11</a> <em class="jxr_comment"> * distributed under the License is distributed on an "AS IS" BASIS,</em>
|
||||
<a class="jxr_linenumber" name="L12" href="#L12">12</a> <em class="jxr_comment"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</em>
|
||||
<a class="jxr_linenumber" name="L13" href="#L13">13</a> <em class="jxr_comment"> * See the License for the specific language governing permissions and</em>
|
||||
<a class="jxr_linenumber" name="L14" href="#L14">14</a> <em class="jxr_comment"> * limitations under the License.</em>
|
||||
<a class="jxr_linenumber" name="L15" href="#L15">15</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L16" href="#L16">16</a> <em class="jxr_comment"> * Copyright (c) 2014 Jeremy Long. All Rights Reserved.</em>
|
||||
<a class="jxr_linenumber" name="L17" href="#L17">17</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L18" href="#L18">18</a> <strong class="jxr_keyword">package</strong> org.owasp.dependencycheck.analyzer;
|
||||
<a class="jxr_linenumber" name="L19" href="#L19">19</a>
|
||||
<a class="jxr_linenumber" name="L20" href="#L20">20</a> <strong class="jxr_keyword">import</strong> java.io.FileNotFoundException;
|
||||
<a class="jxr_linenumber" name="L21" href="#L21">21</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
|
||||
<a class="jxr_linenumber" name="L22" href="#L22">22</a> <strong class="jxr_keyword">import</strong> java.net.URL;
|
||||
<a class="jxr_linenumber" name="L23" href="#L23">23</a> <strong class="jxr_keyword">import</strong> java.util.List;
|
||||
<a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> java.util.Set;
|
||||
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> java.util.logging.Level;
|
||||
<a class="jxr_linenumber" name="L26" href="#L26">26</a> <strong class="jxr_keyword">import</strong> java.util.logging.Logger;
|
||||
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.Engine;
|
||||
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.central.CentralSearch;
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nexus.MavenArtifact;
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Confidence;
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.InvalidSettingException;
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> * Analyzer which will attempt to locate a dependency, and the GAV information, by querying Central for the dependency's</em>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> * SHA-1 digest.</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> * @author colezlaw</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/CentralAnalyzer.html">CentralAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = Logger.getLogger(CentralAnalyzer.<strong class="jxr_keyword">class</strong>.getName());
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Central Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> * The phase in which this analyzer runs.</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment"> * The types of files on which this will work.</em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Set<String> SUPPORTED_EXTENSIONS = newHashSet(<span class="jxr_string">"jar"</span>);
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment"> * The analyzer should be disabled if there are errors, so this is a flag to determine if such an error has</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> * occurred.</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> errorFlag = false;
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> * The searcher itself.</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/data/central/CentralSearch.html">CentralSearch</a> searcher;
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> * Field indicating if the analyzer is enabled.</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> enabled = checkEnabled();
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * Determine whether to enable this analyzer or not.</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> * @return whether the analyzer should be enabled</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> @Override
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> isEnabled() {
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">return</strong> enabled;
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> }
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> * Determines if this analyzer is enabled.</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment"> * @return <code>true</code> if the analyzer is enabled; otherwise <code>false</code></em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> checkEnabled() {
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <strong class="jxr_keyword">boolean</strong> retval = false;
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">if</strong> (Settings.getBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED)) {
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <strong class="jxr_keyword">if</strong> (!Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED)
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> || NexusAnalyzer.DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL))) {
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> LOGGER.info(<span class="jxr_string">"Enabling the Central analyzer"</span>);
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> retval = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> LOGGER.info(<span class="jxr_string">"Nexus analyzer is enabled, disabling the Central Analyzer"</span>);
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> }
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> LOGGER.info(<span class="jxr_string">"Central analyzer disabled"</span>);
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> }
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> } <strong class="jxr_keyword">catch</strong> (InvalidSettingException ise) {
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> LOGGER.warning(<span class="jxr_string">"Invalid setting. Disabling the Central analyzer"</span>);
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> }
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">return</strong> retval;
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> }
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment"> * Initializes the analyzer once before any analysis is performed.</em>
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> * @throws Exception if there's an error during initialization</em>
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> @Override
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> LOGGER.fine(<span class="jxr_string">"Initializing Central analyzer"</span>);
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> LOGGER.fine(String.format(<span class="jxr_string">"Central analyzer enabled: %s"</span>, isEnabled()));
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <strong class="jxr_keyword">if</strong> (isEnabled()) {
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">final</strong> String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_CENTRAL_URL);
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> LOGGER.fine(String.format(<span class="jxr_string">"Central Analyzer URL: %s"</span>, searchUrl));
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> searcher = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/central/CentralSearch.html">CentralSearch</a>(<strong class="jxr_keyword">new</strong> URL(searchUrl));
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> }
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> }
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a>
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <em class="jxr_javadoccomment"> * Returns the analyzer's name.</em>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> @Override
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> }
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a>
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to to reference the analyzer's enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key.</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> @Override
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_CENTRAL_ENABLED;
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> }
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a>
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <em class="jxr_javadoccomment"> * Returns the analysis phase under which the analyzer runs.</em>
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> * @return the phase under which the analyzer runs</em>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> @Override
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> }
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a>
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <em class="jxr_javadoccomment"> * Returns the extensions for which this Analyzer runs.</em>
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_javadoccomment"> * @return the extensions for which this Analyzer runs</em>
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> @Override
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">public</strong> Set<String> getSupportedExtensions() {
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <strong class="jxr_keyword">return</strong> SUPPORTED_EXTENSIONS;
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> }
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a>
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment"> * Performs the analysis.</em>
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <em class="jxr_javadoccomment"> * @param engine the engine</em>
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <em class="jxr_javadoccomment"> * @throws AnalysisException when there's an exception during analysis</em>
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> @Override
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <strong class="jxr_keyword">if</strong> (errorFlag || !isEnabled()) {
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> }
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a>
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <strong class="jxr_keyword">final</strong> List<MavenArtifact> mas = searcher.searchSha1(dependency.getSha1sum());
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Confidence.html">Confidence</a> confidence = mas.size() > 1 ? Confidence.HIGH : Confidence.HIGHEST;
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <strong class="jxr_keyword">for</strong> (MavenArtifact ma : mas) {
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> LOGGER.fine(String.format(<span class="jxr_string">"Central analyzer found artifact (%s) for dependency (%s)"</span>, ma.toString(), dependency.getFileName()));
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> dependency.addAsEvidence(<span class="jxr_string">"central"</span>, ma, confidence);
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> }
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> } <strong class="jxr_keyword">catch</strong> (IllegalArgumentException iae) {
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> LOGGER.info(String.format(<span class="jxr_string">"invalid sha1-hash on %s"</span>, dependency.getFileName()));
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException fnfe) {
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> LOGGER.fine(String.format(<span class="jxr_string">"Artifact not found in repository: '%s"</span>, dependency.getFileName()));
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> LOGGER.log(Level.FINE, <span class="jxr_string">"Could not connect to Central search"</span>, ioe);
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> errorFlag = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> }
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> }
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
</body>
|
||||
</html>
|
||||
@@ -120,7 +120,7 @@
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">while</strong> (subIterator.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> nextDependency = subIterator.next();
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">if</strong> (hashesMatch(dependency, nextDependency)) {
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">if</strong> (isCore(dependency, nextDependency)) {
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">if</strong> (firstPathIsShortest(dependency.getFilePath(), nextDependency.getFilePath())) {
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> mergeDependencies(dependency, nextDependency, dependenciesToRemove);
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> mergeDependencies(nextDependency, dependency, dependenciesToRemove);
|
||||
@@ -398,7 +398,46 @@
|
||||
<a class="jxr_linenumber" name="L390" href="#L390">390</a> }
|
||||
<a class="jxr_linenumber" name="L391" href="#L391">391</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L392" href="#L392">392</a> }
|
||||
<a class="jxr_linenumber" name="L393" href="#L393">393</a> }
|
||||
<a class="jxr_linenumber" name="L393" href="#L393">393</a>
|
||||
<a class="jxr_linenumber" name="L394" href="#L394">394</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L395" href="#L395">395</a> <em class="jxr_javadoccomment"> * Determines which path is shortest; if path lengths are equal then we use compareTo of the string method to</em>
|
||||
<a class="jxr_linenumber" name="L396" href="#L396">396</a> <em class="jxr_javadoccomment"> * determine if the first path is smaller.</em>
|
||||
<a class="jxr_linenumber" name="L397" href="#L397">397</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L398" href="#L398">398</a> <em class="jxr_javadoccomment"> * @param left the first path to compare</em>
|
||||
<a class="jxr_linenumber" name="L399" href="#L399">399</a> <em class="jxr_javadoccomment"> * @param right the second path to compare</em>
|
||||
<a class="jxr_linenumber" name="L400" href="#L400">400</a> <em class="jxr_javadoccomment"> * @return <code>true</code> if the leftPath is the shortest; otherwise <code>false</code></em>
|
||||
<a class="jxr_linenumber" name="L401" href="#L401">401</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L402" href="#L402">402</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">boolean</strong> firstPathIsShortest(String left, String right) {
|
||||
<a class="jxr_linenumber" name="L403" href="#L403">403</a> <strong class="jxr_keyword">final</strong> String leftPath = left.replace('\\', '/');
|
||||
<a class="jxr_linenumber" name="L404" href="#L404">404</a> <strong class="jxr_keyword">final</strong> String rightPath = right.replace('\\', '/');
|
||||
<a class="jxr_linenumber" name="L405" href="#L405">405</a>
|
||||
<a class="jxr_linenumber" name="L406" href="#L406">406</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> leftCount = countChar(leftPath, '/');
|
||||
<a class="jxr_linenumber" name="L407" href="#L407">407</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> rightCount = countChar(rightPath, '/');
|
||||
<a class="jxr_linenumber" name="L408" href="#L408">408</a> <strong class="jxr_keyword">if</strong> (leftCount == rightCount) {
|
||||
<a class="jxr_linenumber" name="L409" href="#L409">409</a> <strong class="jxr_keyword">return</strong> leftPath.compareTo(rightPath) <= 0;
|
||||
<a class="jxr_linenumber" name="L410" href="#L410">410</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L411" href="#L411">411</a> <strong class="jxr_keyword">return</strong> leftCount < rightCount;
|
||||
<a class="jxr_linenumber" name="L412" href="#L412">412</a> }
|
||||
<a class="jxr_linenumber" name="L413" href="#L413">413</a> }
|
||||
<a class="jxr_linenumber" name="L414" href="#L414">414</a>
|
||||
<a class="jxr_linenumber" name="L415" href="#L415">415</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L416" href="#L416">416</a> <em class="jxr_javadoccomment"> * Counts the number of times the character is present in the string.</em>
|
||||
<a class="jxr_linenumber" name="L417" href="#L417">417</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L418" href="#L418">418</a> <em class="jxr_javadoccomment"> * @param string the string to count the characters in</em>
|
||||
<a class="jxr_linenumber" name="L419" href="#L419">419</a> <em class="jxr_javadoccomment"> * @param c the character to count</em>
|
||||
<a class="jxr_linenumber" name="L420" href="#L420">420</a> <em class="jxr_javadoccomment"> * @return the number of times the character is present in the string</em>
|
||||
<a class="jxr_linenumber" name="L421" href="#L421">421</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L422" href="#L422">422</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">int</strong> countChar(String string, <strong class="jxr_keyword">char</strong> c) {
|
||||
<a class="jxr_linenumber" name="L423" href="#L423">423</a> <strong class="jxr_keyword">int</strong> count = 0;
|
||||
<a class="jxr_linenumber" name="L424" href="#L424">424</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> max = string.length();
|
||||
<a class="jxr_linenumber" name="L425" href="#L425">425</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> i = 0; i < max; i++) {
|
||||
<a class="jxr_linenumber" name="L426" href="#L426">426</a> <strong class="jxr_keyword">if</strong> (c == string.charAt(i)) {
|
||||
<a class="jxr_linenumber" name="L427" href="#L427">427</a> count++;
|
||||
<a class="jxr_linenumber" name="L428" href="#L428">428</a> }
|
||||
<a class="jxr_linenumber" name="L429" href="#L429">429</a> }
|
||||
<a class="jxr_linenumber" name="L430" href="#L430">430</a> <strong class="jxr_keyword">return</strong> count;
|
||||
<a class="jxr_linenumber" name="L431" href="#L431">431</a> }
|
||||
<a class="jxr_linenumber" name="L432" href="#L432">432</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -101,375 +101,379 @@
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> addFalseNegativeCPEs(dependency);
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> }
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeBadSpringMatches(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> String mustContain = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency.getIdentifiers()) {
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"maven"</span>.contains(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <strong class="jxr_keyword">if</strong> (i.getValue() != <strong class="jxr_keyword">null</strong> && i.getValue().startsWith(<span class="jxr_string">"org.springframework."</span>)) {
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <strong class="jxr_keyword">int</strong> endPoint = i.getValue().indexOf(<span class="jxr_string">":"</span>, 19);
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <strong class="jxr_keyword">if</strong> (endPoint >= 0) {
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> mustContain = i.getValue().substring(19, endPoint).toLowerCase();
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> }
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> }
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> }
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> }
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">if</strong> (mustContain != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.contains(i.getType())
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> && i.getValue() != <strong class="jxr_keyword">null</strong>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> && i.getValue().startsWith(<span class="jxr_string">"cpe:/a:springsource:"</span>)
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> && !i.getValue().toLowerCase().contains(mustContain)) {
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_comment">//dependency.getIdentifiers().remove(i);</em>
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> }
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a>
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> }
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> }
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> }
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> * Intended to remove spurious CPE entries. By spurious we mean duplicate, less specific CPE entries.</p></em>
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment"> * Example:</p></em>
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment"> * <code></em>
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product</em>
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product:1.5</em>
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product:1.5.2</em>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_javadoccomment"> * </code></em>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> * Should be trimmed to:</p></em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> * <code></em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product:1.5.2</em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> * </code></em>
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> @SuppressWarnings(<span class="jxr_string">"null"</span>)
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeSpuriousCPE(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <strong class="jxr_keyword">final</strong> List<Identifier> ids = <strong class="jxr_keyword">new</strong> ArrayList<Identifier>();
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> ids.addAll(dependency.getIdentifiers());
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> Collections.sort(ids);
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <strong class="jxr_keyword">final</strong> ListIterator<Identifier> mainItr = ids.listIterator();
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">while</strong> (mainItr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> currentId = mainItr.next();
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> currentCpe = parseCpe(currentId.getType(), currentId.getValue());
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">if</strong> (currentCpe == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">continue</strong>;
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> }
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">final</strong> ListIterator<Identifier> subItr = ids.listIterator(mainItr.nextIndex());
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <strong class="jxr_keyword">while</strong> (subItr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> nextId = subItr.next();
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> nextCpe = parseCpe(nextId.getType(), nextId.getValue());
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">if</strong> (nextCpe == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">continue</strong>;
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> }
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <em class="jxr_comment">//TODO fix the version problem below</em>
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">if</strong> (currentCpe.getVendor().equals(nextCpe.getVendor())) {
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">if</strong> (currentCpe.getProduct().equals(nextCpe.getProduct())) {
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_comment">// see if one is contained in the other.. remove the contained one from dependency.getIdentifier</em>
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <strong class="jxr_keyword">final</strong> String currentVersion = currentCpe.getVersion();
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">final</strong> String nextVersion = nextCpe.getVersion();
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">if</strong> (currentVersion == <strong class="jxr_keyword">null</strong> && nextVersion == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_comment">//how did we get here?</em>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> LOGGER.log(Level.FINE, <span class="jxr_string">"currentVersion and nextVersion are both null?"</span>);
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (currentVersion == <strong class="jxr_keyword">null</strong> && nextVersion != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> dependency.getIdentifiers().remove(currentId);
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextVersion == <strong class="jxr_keyword">null</strong> && currentVersion != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> dependency.getIdentifiers().remove(nextId);
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (currentVersion.length() < nextVersion.length()) {
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <strong class="jxr_keyword">if</strong> (nextVersion.startsWith(currentVersion) || <span class="jxr_string">"-"</span>.equals(currentVersion)) {
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> dependency.getIdentifiers().remove(currentId);
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> }
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">if</strong> (currentVersion.startsWith(nextVersion) || <span class="jxr_string">"-"</span>.equals(nextVersion)) {
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> dependency.getIdentifiers().remove(nextId);
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> * Removes inaccurate matches on springframework CPEs.</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to test for and remove known inaccurate CPE matches</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeBadSpringMatches(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> String mustContain = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency.getIdentifiers()) {
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"maven"</span>.contains(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <strong class="jxr_keyword">if</strong> (i.getValue() != <strong class="jxr_keyword">null</strong> && i.getValue().startsWith(<span class="jxr_string">"org.springframework."</span>)) {
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> endPoint = i.getValue().indexOf(<span class="jxr_string">":"</span>, 19);
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">if</strong> (endPoint >= 0) {
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> mustContain = i.getValue().substring(19, endPoint).toLowerCase();
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> }
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> }
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> }
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> }
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">if</strong> (mustContain != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">final</strong> Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.contains(i.getType())
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> && i.getValue() != <strong class="jxr_keyword">null</strong>
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> && i.getValue().startsWith(<span class="jxr_string">"cpe:/a:springsource:"</span>)
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> && !i.getValue().toLowerCase().contains(mustContain)) {
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <em class="jxr_comment">//dependency.getIdentifiers().remove(i);</em>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> }
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> }
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> }
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> }
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> * Intended to remove spurious CPE entries. By spurious we mean duplicate, less specific CPE entries.</p></em>
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <em class="jxr_javadoccomment"> * Example:</p></em>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_javadoccomment"> * <code></em>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product:1.5</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product:1.5.2</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> * </code></em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <em class="jxr_javadoccomment"> * Should be trimmed to:</p></em>
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <em class="jxr_javadoccomment"> * <code></em>
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_javadoccomment"> * cpe:/a:some-vendor:some-product:1.5.2</em>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment"> * </code></em>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> @SuppressWarnings(<span class="jxr_string">"null"</span>)
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeSpuriousCPE(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">final</strong> List<Identifier> ids = <strong class="jxr_keyword">new</strong> ArrayList<Identifier>();
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> ids.addAll(dependency.getIdentifiers());
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> Collections.sort(ids);
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">final</strong> ListIterator<Identifier> mainItr = ids.listIterator();
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">while</strong> (mainItr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> currentId = mainItr.next();
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> currentCpe = parseCpe(currentId.getType(), currentId.getValue());
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <strong class="jxr_keyword">if</strong> (currentCpe == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">continue</strong>;
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> }
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">final</strong> ListIterator<Identifier> subItr = ids.listIterator(mainItr.nextIndex());
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">while</strong> (subItr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> nextId = subItr.next();
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> nextCpe = parseCpe(nextId.getType(), nextId.getValue());
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">if</strong> (nextCpe == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">continue</strong>;
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> }
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_comment">//TODO fix the version problem below</em>
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">if</strong> (currentCpe.getVendor().equals(nextCpe.getVendor())) {
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">if</strong> (currentCpe.getProduct().equals(nextCpe.getProduct())) {
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_comment">// see if one is contained in the other.. remove the contained one from dependency.getIdentifier</em>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">final</strong> String currentVersion = currentCpe.getVersion();
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">final</strong> String nextVersion = nextCpe.getVersion();
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">if</strong> (currentVersion == <strong class="jxr_keyword">null</strong> && nextVersion == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_comment">//how did we get here?</em>
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> LOGGER.log(Level.FINE, <span class="jxr_string">"currentVersion and nextVersion are both null?"</span>);
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (currentVersion == <strong class="jxr_keyword">null</strong> && nextVersion != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> dependency.getIdentifiers().remove(currentId);
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (nextVersion == <strong class="jxr_keyword">null</strong> && currentVersion != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> dependency.getIdentifiers().remove(nextId);
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (currentVersion.length() < nextVersion.length()) {
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">if</strong> (nextVersion.startsWith(currentVersion) || <span class="jxr_string">"-"</span>.equals(currentVersion)) {
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> dependency.getIdentifiers().remove(currentId);
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> }
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> }
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> }
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> }
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> }
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> }
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> }
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> * Regex to identify core java libraries and a few other commonly misidentified ones.</em>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern CORE_JAVA = Pattern.compile(<span class="jxr_string">"^cpe:/a:(sun|oracle|ibm):(j2[ems]e|"</span>
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> + <span class="jxr_string">"java(_platform_micro_edition|_runtime_environment|_se|virtual_machine|se_development_kit|fx)?|"</span>
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> + <span class="jxr_string">"jdk|jre|jsse)($|:.*)"</span>);
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a>
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <em class="jxr_javadoccomment"> * Regex to identify core jsf libraries.</em>
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern CORE_JAVA_JSF = Pattern.compile(<span class="jxr_string">"^cpe:/a:(sun|oracle|ibm):jsf($|:.*)"</span>);
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <strong class="jxr_keyword">if</strong> (currentVersion.startsWith(nextVersion) || <span class="jxr_string">"-"</span>.equals(nextVersion)) {
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> dependency.getIdentifiers().remove(nextId);
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> }
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> }
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> }
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> }
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> }
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> }
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> }
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <em class="jxr_javadoccomment"> * Regex to identify core java libraries and a few other commonly misidentified ones.</em>
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern CORE_JAVA = Pattern.compile(<span class="jxr_string">"^cpe:/a:(sun|oracle|ibm):(j2[ems]e|"</span>
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> + <span class="jxr_string">"java(_platform_micro_edition|_runtime_environment|_se|virtual_machine|se_development_kit|fx)?|"</span>
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> + <span class="jxr_string">"jdk|jre|jsse)($|:.*)"</span>);
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a>
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <em class="jxr_javadoccomment"> * Regex to identify core java library files. This is currently incomplete.</em>
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <em class="jxr_javadoccomment"> * Regex to identify core jsf libraries.</em>
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern CORE_FILES = Pattern.compile(<span class="jxr_string">"(^|/)((alt[-])?rt|jsse|jfxrt|jfr|jce|javaws|deploy|charsets)\\.jar$"</span>);
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern CORE_JAVA_JSF = Pattern.compile(<span class="jxr_string">"^cpe:/a:(sun|oracle|ibm):jsf($|:.*)"</span>);
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <em class="jxr_javadoccomment"> * Regex to identify core jsf java library files. This is currently incomplete.</em>
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <em class="jxr_javadoccomment"> * Regex to identify core java library files. This is currently incomplete.</em>
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern CORE_JSF_FILES = Pattern.compile(<span class="jxr_string">"(^|/)jsf[-][^/]*\\.jar$"</span>);
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a>
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <em class="jxr_javadoccomment"> * Removes any CPE entries for the JDK/JRE unless the filename ends with rt.jar</em>
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to remove JRE CPEs from</em>
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeJreEntries(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <strong class="jxr_keyword">final</strong> Set<Identifier> identifiers = dependency.getIdentifiers();
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <strong class="jxr_keyword">final</strong> Iterator<Identifier> itr = identifiers.iterator();
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">final</strong> Matcher coreCPE = CORE_JAVA.matcher(i.getValue());
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <strong class="jxr_keyword">final</strong> Matcher coreFiles = CORE_FILES.matcher(dependency.getFileName());
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">if</strong> (coreCPE.matches() && !coreFiles.matches()) {
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> }
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">final</strong> Matcher coreJsfCPE = CORE_JAVA_JSF.matcher(i.getValue());
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">final</strong> Matcher coreJsfFiles = CORE_JSF_FILES.matcher(dependency.getFileName());
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <strong class="jxr_keyword">if</strong> (coreJsfCPE.matches() && !coreJsfFiles.matches()) {
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> }
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> }
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> }
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a>
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <em class="jxr_javadoccomment"> * Parses a CPE string into an IndexEntry.</em>
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <em class="jxr_javadoccomment"> * @param type the type of identifier</em>
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <em class="jxr_javadoccomment"> * @param value the cpe identifier to parse</em>
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <em class="jxr_javadoccomment"> * @return an VulnerableSoftware object constructed from the identifier</em>
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> parseCpe(String type, String value) {
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <strong class="jxr_keyword">if</strong> (!<span class="jxr_string">"cpe"</span>.equals(type)) {
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> }
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> cpe = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a>();
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> cpe.parseName(value);
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> }
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <strong class="jxr_keyword">return</strong> cpe;
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> }
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a>
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <em class="jxr_javadoccomment"> * Removes bad CPE matches for a dependency. Unfortunately, right now these are hard-coded patches for specific</em>
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <em class="jxr_javadoccomment"> * problems identified when testing this on a LARGE volume of jar files.</em>
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeBadMatches(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <strong class="jxr_keyword">final</strong> Set<Identifier> identifiers = dependency.getIdentifiers();
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <strong class="jxr_keyword">final</strong> Iterator<Identifier> itr = identifiers.iterator();
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a>
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <em class="jxr_comment">/* TODO - can we utilize the pom's groupid and artifactId to filter??? most of</em>
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> <em class="jxr_comment"> * these are due to low quality data. Other idea would be to say any CPE</em>
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> <em class="jxr_comment"> * found based on LOW confidence evidence should have a different CPE type? (this</em>
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> <em class="jxr_comment"> * might be a better solution then just removing the URL for "best-guess" matches).</em>
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> <em class="jxr_comment">//Set<Evidence> groupId = dependency.getVendorEvidence().getEvidence("pom", "groupid");</em>
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <em class="jxr_comment">//Set<Evidence> artifactId = dependency.getVendorEvidence().getEvidence("pom", "artifactid");</em>
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_comment">//TODO move this startsWith expression to a configuration file?</em>
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <strong class="jxr_keyword">if</strong> ((i.getValue().matches(<span class="jxr_string">".*c\\+\\+.*"</span>)
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:file:file"</span>)
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:mozilla:mozilla"</span>)
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:cvs:cvs"</span>)
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:ftp:ftp"</span>)
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:tcp:tcp"</span>)
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:ssh:ssh"</span>)
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:lookup:lookup"</span>))
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> && (dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".jar"</span>)
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">"pom.xml"</span>)
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".dll"</span>)
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".exe"</span>)
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".nuspec"</span>)
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".nupkg"</span>))) {
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> ((i.getValue().startsWith(<span class="jxr_string">"cpe:/a:jquery:jquery"</span>)
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:prototypejs:prototype"</span>)
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:yahoo:yui"</span>))
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> && (dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".jar"</span>)
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">"pom.xml"</span>)
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".dll"</span>)
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".exe"</span>))) {
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> ((i.getValue().startsWith(<span class="jxr_string">"cpe:/a:microsoft:excel"</span>)
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:microsoft:word"</span>)
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:microsoft:visio"</span>)
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:microsoft:powerpoint"</span>)
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:microsoft:office"</span>))
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> && (dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".jar"</span>)
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">"pom.xml"</span>))) {
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (i.getValue().startsWith(<span class="jxr_string">"cpe:/a:apache:maven"</span>)
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> && !dependency.getFileName().toLowerCase().matches(<span class="jxr_string">"maven-core-[\\d\\.]+\\.jar"</span>)) {
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (i.getValue().startsWith(<span class="jxr_string">"cpe:/a:m-core:m-core"</span>)
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> && !dependency.getEvidenceUsed().containsUsedString(<span class="jxr_string">"m-core"</span>)) {
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (i.getValue().startsWith(<span class="jxr_string">"cpe:/a:jboss:jboss"</span>)
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> && !dependency.getFileName().toLowerCase().matches(<span class="jxr_string">"jboss-?[\\d\\.-]+(GA)?\\.jar"</span>)) {
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> }
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> }
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> }
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> }
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a>
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> <em class="jxr_javadoccomment"> * Removes CPE matches for the wrong version of a dependency. Currently, this only covers Axis 1 & 2.</em>
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeWrongVersionMatches(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> <strong class="jxr_keyword">final</strong> Set<Identifier> identifiers = dependency.getIdentifiers();
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> <strong class="jxr_keyword">final</strong> Iterator<Identifier> itr = identifiers.iterator();
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a>
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a> <strong class="jxr_keyword">final</strong> String fileName = dependency.getFileName();
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a> <strong class="jxr_keyword">if</strong> (fileName != <strong class="jxr_keyword">null</strong> && fileName.contains(<span class="jxr_string">"axis2"</span>)) {
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> <strong class="jxr_keyword">final</strong> String cpe = i.getValue();
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> <strong class="jxr_keyword">if</strong> (cpe != <strong class="jxr_keyword">null</strong> && (cpe.startsWith(<span class="jxr_string">"cpe:/a:apache:axis:"</span>) || <span class="jxr_string">"cpe:/a:apache:axis"</span>.equals(cpe))) {
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> }
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a> }
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> }
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (fileName != <strong class="jxr_keyword">null</strong> && fileName.contains(<span class="jxr_string">"axis"</span>)) {
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L342" href="#L342">342</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L343" href="#L343">343</a> <strong class="jxr_keyword">final</strong> String cpe = i.getValue();
|
||||
<a class="jxr_linenumber" name="L344" href="#L344">344</a> <strong class="jxr_keyword">if</strong> (cpe != <strong class="jxr_keyword">null</strong> && (cpe.startsWith(<span class="jxr_string">"cpe:/a:apache:axis2:"</span>) || <span class="jxr_string">"cpe:/a:apache:axis2"</span>.equals(cpe))) {
|
||||
<a class="jxr_linenumber" name="L345" href="#L345">345</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L346" href="#L346">346</a> }
|
||||
<a class="jxr_linenumber" name="L347" href="#L347">347</a> }
|
||||
<a class="jxr_linenumber" name="L348" href="#L348">348</a> }
|
||||
<a class="jxr_linenumber" name="L349" href="#L349">349</a> }
|
||||
<a class="jxr_linenumber" name="L350" href="#L350">350</a> }
|
||||
<a class="jxr_linenumber" name="L351" href="#L351">351</a>
|
||||
<a class="jxr_linenumber" name="L352" href="#L352">352</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L353" href="#L353">353</a> <em class="jxr_javadoccomment"> * There are some known CPE entries, specifically regarding sun and oracle products due to the acquisition and</em>
|
||||
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <em class="jxr_javadoccomment"> * changes in product names, that based on given evidence we can add the related CPE entries to ensure a complete</em>
|
||||
<a class="jxr_linenumber" name="L355" href="#L355">355</a> <em class="jxr_javadoccomment"> * list of CVE entries.</em>
|
||||
<a class="jxr_linenumber" name="L356" href="#L356">356</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L359" href="#L359">359</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addFalseNegativeCPEs(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L360" href="#L360">360</a> <em class="jxr_comment">//TODO move this to the hint analyzer</em>
|
||||
<a class="jxr_linenumber" name="L361" href="#L361">361</a> <strong class="jxr_keyword">final</strong> Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
|
||||
<a class="jxr_linenumber" name="L362" href="#L362">362</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L363" href="#L363">363</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L364" href="#L364">364</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType()) && i.getValue() != <strong class="jxr_keyword">null</strong>
|
||||
<a class="jxr_linenumber" name="L365" href="#L365">365</a> && (i.getValue().startsWith(<span class="jxr_string">"cpe:/a:oracle:opensso:"</span>)
|
||||
<a class="jxr_linenumber" name="L366" href="#L366">366</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:oracle:opensso_enterprise:"</span>)
|
||||
<a class="jxr_linenumber" name="L367" href="#L367">367</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:sun:opensso_enterprise:"</span>)
|
||||
<a class="jxr_linenumber" name="L368" href="#L368">368</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:sun:opensso:"</span>))) {
|
||||
<a class="jxr_linenumber" name="L369" href="#L369">369</a> <strong class="jxr_keyword">final</strong> String newCpe = String.format(<span class="jxr_string">"cpe:/a:sun:opensso_enterprise:%s"</span>, i.getValue().substring(22));
|
||||
<a class="jxr_linenumber" name="L370" href="#L370">370</a> <strong class="jxr_keyword">final</strong> String newCpe2 = String.format(<span class="jxr_string">"cpe:/a:oracle:opensso_enterprise:%s"</span>, i.getValue().substring(22));
|
||||
<a class="jxr_linenumber" name="L371" href="#L371">371</a> <strong class="jxr_keyword">final</strong> String newCpe3 = String.format(<span class="jxr_string">"cpe:/a:sun:opensso:%s"</span>, i.getValue().substring(22));
|
||||
<a class="jxr_linenumber" name="L372" href="#L372">372</a> <strong class="jxr_keyword">final</strong> String newCpe4 = String.format(<span class="jxr_string">"cpe:/a:oracle:opensso:%s"</span>, i.getValue().substring(22));
|
||||
<a class="jxr_linenumber" name="L373" href="#L373">373</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L374" href="#L374">374</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
|
||||
<a class="jxr_linenumber" name="L375" href="#L375">375</a> newCpe,
|
||||
<a class="jxr_linenumber" name="L376" href="#L376">376</a> String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe, <span class="jxr_string">"UTF-8"</span>)));
|
||||
<a class="jxr_linenumber" name="L377" href="#L377">377</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
|
||||
<a class="jxr_linenumber" name="L378" href="#L378">378</a> newCpe2,
|
||||
<a class="jxr_linenumber" name="L379" href="#L379">379</a> String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe2, <span class="jxr_string">"UTF-8"</span>)));
|
||||
<a class="jxr_linenumber" name="L380" href="#L380">380</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
|
||||
<a class="jxr_linenumber" name="L381" href="#L381">381</a> newCpe3,
|
||||
<a class="jxr_linenumber" name="L382" href="#L382">382</a> String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe3, <span class="jxr_string">"UTF-8"</span>)));
|
||||
<a class="jxr_linenumber" name="L383" href="#L383">383</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
|
||||
<a class="jxr_linenumber" name="L384" href="#L384">384</a> newCpe4,
|
||||
<a class="jxr_linenumber" name="L385" href="#L385">385</a> String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe4, <span class="jxr_string">"UTF-8"</span>)));
|
||||
<a class="jxr_linenumber" name="L386" href="#L386">386</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
|
||||
<a class="jxr_linenumber" name="L387" href="#L387">387</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L388" href="#L388">388</a> }
|
||||
<a class="jxr_linenumber" name="L389" href="#L389">389</a> }
|
||||
<a class="jxr_linenumber" name="L390" href="#L390">390</a> }
|
||||
<a class="jxr_linenumber" name="L391" href="#L391">391</a> }
|
||||
<a class="jxr_linenumber" name="L392" href="#L392">392</a>
|
||||
<a class="jxr_linenumber" name="L393" href="#L393">393</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L394" href="#L394">394</a> <em class="jxr_javadoccomment"> * Removes duplicate entries identified that are contained within JAR files. These occasionally crop up due to POM</em>
|
||||
<a class="jxr_linenumber" name="L395" href="#L395">395</a> <em class="jxr_javadoccomment"> * entries or other types of files (such as DLLs and EXEs) being contained within the JAR.</em>
|
||||
<a class="jxr_linenumber" name="L396" href="#L396">396</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L397" href="#L397">397</a> <em class="jxr_javadoccomment"> * @param dependency the dependency that might be a duplicate</em>
|
||||
<a class="jxr_linenumber" name="L398" href="#L398">398</a> <em class="jxr_javadoccomment"> * @param engine the engine used to scan all dependencies</em>
|
||||
<a class="jxr_linenumber" name="L399" href="#L399">399</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L400" href="#L400">400</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeDuplicativeEntriesFromJar(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) {
|
||||
<a class="jxr_linenumber" name="L401" href="#L401">401</a> <strong class="jxr_keyword">if</strong> (dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">"pom.xml"</span>)
|
||||
<a class="jxr_linenumber" name="L402" href="#L402">402</a> || <span class="jxr_string">"dll"</span>.equals(dependency.getFileExtension())
|
||||
<a class="jxr_linenumber" name="L403" href="#L403">403</a> || <span class="jxr_string">"exe"</span>.equals(dependency.getFileExtension())) {
|
||||
<a class="jxr_linenumber" name="L404" href="#L404">404</a> String parentPath = dependency.getFilePath().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L405" href="#L405">405</a> <strong class="jxr_keyword">if</strong> (parentPath.contains(<span class="jxr_string">".jar"</span>)) {
|
||||
<a class="jxr_linenumber" name="L406" href="#L406">406</a> parentPath = parentPath.substring(0, parentPath.indexOf(<span class="jxr_string">".jar"</span>) + 4);
|
||||
<a class="jxr_linenumber" name="L407" href="#L407">407</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> parent = findDependency(parentPath, engine.getDependencies());
|
||||
<a class="jxr_linenumber" name="L408" href="#L408">408</a> <strong class="jxr_keyword">if</strong> (parent != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L409" href="#L409">409</a> <strong class="jxr_keyword">boolean</strong> remove = false;
|
||||
<a class="jxr_linenumber" name="L410" href="#L410">410</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency.getIdentifiers()) {
|
||||
<a class="jxr_linenumber" name="L411" href="#L411">411</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L412" href="#L412">412</a> <strong class="jxr_keyword">final</strong> String trimmedCPE = trimCpeToVendor(i.getValue());
|
||||
<a class="jxr_linenumber" name="L413" href="#L413">413</a> <strong class="jxr_keyword">for</strong> (Identifier parentId : parent.getIdentifiers()) {
|
||||
<a class="jxr_linenumber" name="L414" href="#L414">414</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(parentId.getType()) && parentId.getValue().startsWith(trimmedCPE)) {
|
||||
<a class="jxr_linenumber" name="L415" href="#L415">415</a> remove |= <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L416" href="#L416">416</a> }
|
||||
<a class="jxr_linenumber" name="L417" href="#L417">417</a> }
|
||||
<a class="jxr_linenumber" name="L418" href="#L418">418</a> }
|
||||
<a class="jxr_linenumber" name="L419" href="#L419">419</a> <strong class="jxr_keyword">if</strong> (!remove) { <em class="jxr_comment">//we can escape early</em>
|
||||
<a class="jxr_linenumber" name="L420" href="#L420">420</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L421" href="#L421">421</a> }
|
||||
<a class="jxr_linenumber" name="L422" href="#L422">422</a> }
|
||||
<a class="jxr_linenumber" name="L423" href="#L423">423</a> <strong class="jxr_keyword">if</strong> (remove) {
|
||||
<a class="jxr_linenumber" name="L424" href="#L424">424</a> engine.getDependencies().remove(dependency);
|
||||
<a class="jxr_linenumber" name="L425" href="#L425">425</a> }
|
||||
<a class="jxr_linenumber" name="L426" href="#L426">426</a> }
|
||||
<a class="jxr_linenumber" name="L427" href="#L427">427</a> }
|
||||
<a class="jxr_linenumber" name="L428" href="#L428">428</a>
|
||||
<a class="jxr_linenumber" name="L429" href="#L429">429</a> }
|
||||
<a class="jxr_linenumber" name="L430" href="#L430">430</a> }
|
||||
<a class="jxr_linenumber" name="L431" href="#L431">431</a>
|
||||
<a class="jxr_linenumber" name="L432" href="#L432">432</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L433" href="#L433">433</a> <em class="jxr_javadoccomment"> * Retrieves a given dependency, based on a given path, from a list of dependencies.</em>
|
||||
<a class="jxr_linenumber" name="L434" href="#L434">434</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L435" href="#L435">435</a> <em class="jxr_javadoccomment"> * @param dependencyPath the path of the dependency to return</em>
|
||||
<a class="jxr_linenumber" name="L436" href="#L436">436</a> <em class="jxr_javadoccomment"> * @param dependencies the collection of dependencies to search</em>
|
||||
<a class="jxr_linenumber" name="L437" href="#L437">437</a> <em class="jxr_javadoccomment"> * @return the dependency object for the given path, otherwise null</em>
|
||||
<a class="jxr_linenumber" name="L438" href="#L438">438</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L439" href="#L439">439</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> findDependency(String dependencyPath, List<Dependency> dependencies) {
|
||||
<a class="jxr_linenumber" name="L440" href="#L440">440</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
|
||||
<a class="jxr_linenumber" name="L441" href="#L441">441</a> <strong class="jxr_keyword">if</strong> (d.getFilePath().equalsIgnoreCase(dependencyPath)) {
|
||||
<a class="jxr_linenumber" name="L442" href="#L442">442</a> <strong class="jxr_keyword">return</strong> d;
|
||||
<a class="jxr_linenumber" name="L443" href="#L443">443</a> }
|
||||
<a class="jxr_linenumber" name="L444" href="#L444">444</a> }
|
||||
<a class="jxr_linenumber" name="L445" href="#L445">445</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L446" href="#L446">446</a> }
|
||||
<a class="jxr_linenumber" name="L447" href="#L447">447</a>
|
||||
<a class="jxr_linenumber" name="L448" href="#L448">448</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L449" href="#L449">449</a> <em class="jxr_javadoccomment"> * Takes a full CPE and returns the CPE trimmed to include only vendor and product.</em>
|
||||
<a class="jxr_linenumber" name="L450" href="#L450">450</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L451" href="#L451">451</a> <em class="jxr_javadoccomment"> * @param value the CPE value to trim</em>
|
||||
<a class="jxr_linenumber" name="L452" href="#L452">452</a> <em class="jxr_javadoccomment"> * @return a CPE value that only includes the vendor and product</em>
|
||||
<a class="jxr_linenumber" name="L453" href="#L453">453</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L454" href="#L454">454</a> <strong class="jxr_keyword">private</strong> String trimCpeToVendor(String value) {
|
||||
<a class="jxr_linenumber" name="L455" href="#L455">455</a> <em class="jxr_comment">//cpe:/a:jruby:jruby:1.0.8</em>
|
||||
<a class="jxr_linenumber" name="L456" href="#L456">456</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> pos1 = value.indexOf(<span class="jxr_string">":"</span>, 7); <em class="jxr_comment">//right of vendor</em>
|
||||
<a class="jxr_linenumber" name="L457" href="#L457">457</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> pos2 = value.indexOf(<span class="jxr_string">":"</span>, pos1 + 1); <em class="jxr_comment">//right of product</em>
|
||||
<a class="jxr_linenumber" name="L458" href="#L458">458</a> <strong class="jxr_keyword">if</strong> (pos2 < 0) {
|
||||
<a class="jxr_linenumber" name="L459" href="#L459">459</a> <strong class="jxr_keyword">return</strong> value;
|
||||
<a class="jxr_linenumber" name="L460" href="#L460">460</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L461" href="#L461">461</a> <strong class="jxr_keyword">return</strong> value.substring(0, pos2);
|
||||
<a class="jxr_linenumber" name="L462" href="#L462">462</a> }
|
||||
<a class="jxr_linenumber" name="L463" href="#L463">463</a> }
|
||||
<a class="jxr_linenumber" name="L464" href="#L464">464</a> }
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern CORE_FILES = Pattern.compile(<span class="jxr_string">"(^|/)((alt[-])?rt|jsse|jfxrt|jfr|jce|javaws|deploy|charsets)\\.jar$"</span>);
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <em class="jxr_javadoccomment"> * Regex to identify core jsf java library files. This is currently incomplete.</em>
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern CORE_JSF_FILES = Pattern.compile(<span class="jxr_string">"(^|/)jsf[-][^/]*\\.jar$"</span>);
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a>
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <em class="jxr_javadoccomment"> * Removes any CPE entries for the JDK/JRE unless the filename ends with rt.jar</em>
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to remove JRE CPEs from</em>
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeJreEntries(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">final</strong> Set<Identifier> identifiers = dependency.getIdentifiers();
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <strong class="jxr_keyword">final</strong> Iterator<Identifier> itr = identifiers.iterator();
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <strong class="jxr_keyword">final</strong> Matcher coreCPE = CORE_JAVA.matcher(i.getValue());
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">final</strong> Matcher coreFiles = CORE_FILES.matcher(dependency.getFileName());
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">if</strong> (coreCPE.matches() && !coreFiles.matches()) {
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> }
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <strong class="jxr_keyword">final</strong> Matcher coreJsfCPE = CORE_JAVA_JSF.matcher(i.getValue());
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> <strong class="jxr_keyword">final</strong> Matcher coreJsfFiles = CORE_JSF_FILES.matcher(dependency.getFileName());
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <strong class="jxr_keyword">if</strong> (coreJsfCPE.matches() && !coreJsfFiles.matches()) {
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> }
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> }
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> }
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a>
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <em class="jxr_javadoccomment"> * Parses a CPE string into an IndexEntry.</em>
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <em class="jxr_javadoccomment"> * @param type the type of identifier</em>
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <em class="jxr_javadoccomment"> * @param value the cpe identifier to parse</em>
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <em class="jxr_javadoccomment"> * @return an VulnerableSoftware object constructed from the identifier</em>
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> parseCpe(String type, String value) {
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <strong class="jxr_keyword">if</strong> (!<span class="jxr_string">"cpe"</span>.equals(type)) {
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> }
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a> cpe = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/VulnerableSoftware.html">VulnerableSoftware</a>();
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> cpe.parseName(value);
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> }
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <strong class="jxr_keyword">return</strong> cpe;
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> }
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a>
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <em class="jxr_javadoccomment"> * Removes bad CPE matches for a dependency. Unfortunately, right now these are hard-coded patches for specific</em>
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <em class="jxr_javadoccomment"> * problems identified when testing this on a LARGE volume of jar files.</em>
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeBadMatches(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> <strong class="jxr_keyword">final</strong> Set<Identifier> identifiers = dependency.getIdentifiers();
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> <strong class="jxr_keyword">final</strong> Iterator<Identifier> itr = identifiers.iterator();
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a>
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> <em class="jxr_comment">/* TODO - can we utilize the pom's groupid and artifactId to filter??? most of</em>
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> <em class="jxr_comment"> * these are due to low quality data. Other idea would be to say any CPE</em>
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <em class="jxr_comment"> * found based on LOW confidence evidence should have a different CPE type? (this</em>
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <em class="jxr_comment"> * might be a better solution then just removing the URL for "best-guess" matches).</em>
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_comment">//Set<Evidence> groupId = dependency.getVendorEvidence().getEvidence("pom", "groupid");</em>
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <em class="jxr_comment">//Set<Evidence> artifactId = dependency.getVendorEvidence().getEvidence("pom", "artifactid");</em>
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <em class="jxr_comment">//TODO move this startsWith expression to a configuration file?</em>
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <strong class="jxr_keyword">if</strong> ((i.getValue().matches(<span class="jxr_string">".*c\\+\\+.*"</span>)
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:file:file"</span>)
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:mozilla:mozilla"</span>)
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:cvs:cvs"</span>)
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:ftp:ftp"</span>)
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:tcp:tcp"</span>)
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:ssh:ssh"</span>)
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:lookup:lookup"</span>))
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> && (dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".jar"</span>)
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">"pom.xml"</span>)
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".dll"</span>)
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".exe"</span>)
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".nuspec"</span>)
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".nupkg"</span>))) {
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> ((i.getValue().startsWith(<span class="jxr_string">"cpe:/a:jquery:jquery"</span>)
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:prototypejs:prototype"</span>)
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:yahoo:yui"</span>))
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> && (dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".jar"</span>)
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">"pom.xml"</span>)
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".dll"</span>)
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".exe"</span>))) {
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> ((i.getValue().startsWith(<span class="jxr_string">"cpe:/a:microsoft:excel"</span>)
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:microsoft:word"</span>)
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:microsoft:visio"</span>)
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:microsoft:powerpoint"</span>)
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:microsoft:office"</span>))
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> && (dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">".jar"</span>)
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> || dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">"pom.xml"</span>))) {
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (i.getValue().startsWith(<span class="jxr_string">"cpe:/a:apache:maven"</span>)
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> && !dependency.getFileName().toLowerCase().matches(<span class="jxr_string">"maven-core-[\\d\\.]+\\.jar"</span>)) {
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (i.getValue().startsWith(<span class="jxr_string">"cpe:/a:m-core:m-core"</span>)
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> && !dependency.getEvidenceUsed().containsUsedString(<span class="jxr_string">"m-core"</span>)) {
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (i.getValue().startsWith(<span class="jxr_string">"cpe:/a:jboss:jboss"</span>)
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> && !dependency.getFileName().toLowerCase().matches(<span class="jxr_string">"jboss-?[\\d\\.-]+(GA)?\\.jar"</span>)) {
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> }
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> }
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> }
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> }
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a>
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> <em class="jxr_javadoccomment"> * Removes CPE matches for the wrong version of a dependency. Currently, this only covers Axis 1 & 2.</em>
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeWrongVersionMatches(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a> <strong class="jxr_keyword">final</strong> Set<Identifier> identifiers = dependency.getIdentifiers();
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> <strong class="jxr_keyword">final</strong> Iterator<Identifier> itr = identifiers.iterator();
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a>
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> <strong class="jxr_keyword">final</strong> String fileName = dependency.getFileName();
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> <strong class="jxr_keyword">if</strong> (fileName != <strong class="jxr_keyword">null</strong> && fileName.contains(<span class="jxr_string">"axis2"</span>)) {
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a> <strong class="jxr_keyword">final</strong> String cpe = i.getValue();
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> <strong class="jxr_keyword">if</strong> (cpe != <strong class="jxr_keyword">null</strong> && (cpe.startsWith(<span class="jxr_string">"cpe:/a:apache:axis:"</span>) || <span class="jxr_string">"cpe:/a:apache:axis"</span>.equals(cpe))) {
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> }
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> }
|
||||
<a class="jxr_linenumber" name="L342" href="#L342">342</a> }
|
||||
<a class="jxr_linenumber" name="L343" href="#L343">343</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (fileName != <strong class="jxr_keyword">null</strong> && fileName.contains(<span class="jxr_string">"axis"</span>)) {
|
||||
<a class="jxr_linenumber" name="L344" href="#L344">344</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L345" href="#L345">345</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L346" href="#L346">346</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L347" href="#L347">347</a> <strong class="jxr_keyword">final</strong> String cpe = i.getValue();
|
||||
<a class="jxr_linenumber" name="L348" href="#L348">348</a> <strong class="jxr_keyword">if</strong> (cpe != <strong class="jxr_keyword">null</strong> && (cpe.startsWith(<span class="jxr_string">"cpe:/a:apache:axis2:"</span>) || <span class="jxr_string">"cpe:/a:apache:axis2"</span>.equals(cpe))) {
|
||||
<a class="jxr_linenumber" name="L349" href="#L349">349</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L350" href="#L350">350</a> }
|
||||
<a class="jxr_linenumber" name="L351" href="#L351">351</a> }
|
||||
<a class="jxr_linenumber" name="L352" href="#L352">352</a> }
|
||||
<a class="jxr_linenumber" name="L353" href="#L353">353</a> }
|
||||
<a class="jxr_linenumber" name="L354" href="#L354">354</a> }
|
||||
<a class="jxr_linenumber" name="L355" href="#L355">355</a>
|
||||
<a class="jxr_linenumber" name="L356" href="#L356">356</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <em class="jxr_javadoccomment"> * There are some known CPE entries, specifically regarding sun and oracle products due to the acquisition and</em>
|
||||
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <em class="jxr_javadoccomment"> * changes in product names, that based on given evidence we can add the related CPE entries to ensure a complete</em>
|
||||
<a class="jxr_linenumber" name="L359" href="#L359">359</a> <em class="jxr_javadoccomment"> * list of CVE entries.</em>
|
||||
<a class="jxr_linenumber" name="L360" href="#L360">360</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L361" href="#L361">361</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
|
||||
<a class="jxr_linenumber" name="L362" href="#L362">362</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L363" href="#L363">363</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> addFalseNegativeCPEs(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L364" href="#L364">364</a> <em class="jxr_comment">//TODO move this to the hint analyzer</em>
|
||||
<a class="jxr_linenumber" name="L365" href="#L365">365</a> <strong class="jxr_keyword">final</strong> Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
|
||||
<a class="jxr_linenumber" name="L366" href="#L366">366</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L367" href="#L367">367</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L368" href="#L368">368</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType()) && i.getValue() != <strong class="jxr_keyword">null</strong>
|
||||
<a class="jxr_linenumber" name="L369" href="#L369">369</a> && (i.getValue().startsWith(<span class="jxr_string">"cpe:/a:oracle:opensso:"</span>)
|
||||
<a class="jxr_linenumber" name="L370" href="#L370">370</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:oracle:opensso_enterprise:"</span>)
|
||||
<a class="jxr_linenumber" name="L371" href="#L371">371</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:sun:opensso_enterprise:"</span>)
|
||||
<a class="jxr_linenumber" name="L372" href="#L372">372</a> || i.getValue().startsWith(<span class="jxr_string">"cpe:/a:sun:opensso:"</span>))) {
|
||||
<a class="jxr_linenumber" name="L373" href="#L373">373</a> <strong class="jxr_keyword">final</strong> String newCpe = String.format(<span class="jxr_string">"cpe:/a:sun:opensso_enterprise:%s"</span>, i.getValue().substring(22));
|
||||
<a class="jxr_linenumber" name="L374" href="#L374">374</a> <strong class="jxr_keyword">final</strong> String newCpe2 = String.format(<span class="jxr_string">"cpe:/a:oracle:opensso_enterprise:%s"</span>, i.getValue().substring(22));
|
||||
<a class="jxr_linenumber" name="L375" href="#L375">375</a> <strong class="jxr_keyword">final</strong> String newCpe3 = String.format(<span class="jxr_string">"cpe:/a:sun:opensso:%s"</span>, i.getValue().substring(22));
|
||||
<a class="jxr_linenumber" name="L376" href="#L376">376</a> <strong class="jxr_keyword">final</strong> String newCpe4 = String.format(<span class="jxr_string">"cpe:/a:oracle:opensso:%s"</span>, i.getValue().substring(22));
|
||||
<a class="jxr_linenumber" name="L377" href="#L377">377</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L378" href="#L378">378</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
|
||||
<a class="jxr_linenumber" name="L379" href="#L379">379</a> newCpe,
|
||||
<a class="jxr_linenumber" name="L380" href="#L380">380</a> String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe, <span class="jxr_string">"UTF-8"</span>)));
|
||||
<a class="jxr_linenumber" name="L381" href="#L381">381</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
|
||||
<a class="jxr_linenumber" name="L382" href="#L382">382</a> newCpe2,
|
||||
<a class="jxr_linenumber" name="L383" href="#L383">383</a> String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe2, <span class="jxr_string">"UTF-8"</span>)));
|
||||
<a class="jxr_linenumber" name="L384" href="#L384">384</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
|
||||
<a class="jxr_linenumber" name="L385" href="#L385">385</a> newCpe3,
|
||||
<a class="jxr_linenumber" name="L386" href="#L386">386</a> String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe3, <span class="jxr_string">"UTF-8"</span>)));
|
||||
<a class="jxr_linenumber" name="L387" href="#L387">387</a> dependency.addIdentifier(<span class="jxr_string">"cpe"</span>,
|
||||
<a class="jxr_linenumber" name="L388" href="#L388">388</a> newCpe4,
|
||||
<a class="jxr_linenumber" name="L389" href="#L389">389</a> String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe4, <span class="jxr_string">"UTF-8"</span>)));
|
||||
<a class="jxr_linenumber" name="L390" href="#L390">390</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
|
||||
<a class="jxr_linenumber" name="L391" href="#L391">391</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L392" href="#L392">392</a> }
|
||||
<a class="jxr_linenumber" name="L393" href="#L393">393</a> }
|
||||
<a class="jxr_linenumber" name="L394" href="#L394">394</a> }
|
||||
<a class="jxr_linenumber" name="L395" href="#L395">395</a> }
|
||||
<a class="jxr_linenumber" name="L396" href="#L396">396</a>
|
||||
<a class="jxr_linenumber" name="L397" href="#L397">397</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L398" href="#L398">398</a> <em class="jxr_javadoccomment"> * Removes duplicate entries identified that are contained within JAR files. These occasionally crop up due to POM</em>
|
||||
<a class="jxr_linenumber" name="L399" href="#L399">399</a> <em class="jxr_javadoccomment"> * entries or other types of files (such as DLLs and EXEs) being contained within the JAR.</em>
|
||||
<a class="jxr_linenumber" name="L400" href="#L400">400</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L401" href="#L401">401</a> <em class="jxr_javadoccomment"> * @param dependency the dependency that might be a duplicate</em>
|
||||
<a class="jxr_linenumber" name="L402" href="#L402">402</a> <em class="jxr_javadoccomment"> * @param engine the engine used to scan all dependencies</em>
|
||||
<a class="jxr_linenumber" name="L403" href="#L403">403</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L404" href="#L404">404</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> removeDuplicativeEntriesFromJar(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) {
|
||||
<a class="jxr_linenumber" name="L405" href="#L405">405</a> <strong class="jxr_keyword">if</strong> (dependency.getFileName().toLowerCase().endsWith(<span class="jxr_string">"pom.xml"</span>)
|
||||
<a class="jxr_linenumber" name="L406" href="#L406">406</a> || <span class="jxr_string">"dll"</span>.equals(dependency.getFileExtension())
|
||||
<a class="jxr_linenumber" name="L407" href="#L407">407</a> || <span class="jxr_string">"exe"</span>.equals(dependency.getFileExtension())) {
|
||||
<a class="jxr_linenumber" name="L408" href="#L408">408</a> String parentPath = dependency.getFilePath().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L409" href="#L409">409</a> <strong class="jxr_keyword">if</strong> (parentPath.contains(<span class="jxr_string">".jar"</span>)) {
|
||||
<a class="jxr_linenumber" name="L410" href="#L410">410</a> parentPath = parentPath.substring(0, parentPath.indexOf(<span class="jxr_string">".jar"</span>) + 4);
|
||||
<a class="jxr_linenumber" name="L411" href="#L411">411</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> parent = findDependency(parentPath, engine.getDependencies());
|
||||
<a class="jxr_linenumber" name="L412" href="#L412">412</a> <strong class="jxr_keyword">if</strong> (parent != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L413" href="#L413">413</a> <strong class="jxr_keyword">boolean</strong> remove = false;
|
||||
<a class="jxr_linenumber" name="L414" href="#L414">414</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency.getIdentifiers()) {
|
||||
<a class="jxr_linenumber" name="L415" href="#L415">415</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
|
||||
<a class="jxr_linenumber" name="L416" href="#L416">416</a> <strong class="jxr_keyword">final</strong> String trimmedCPE = trimCpeToVendor(i.getValue());
|
||||
<a class="jxr_linenumber" name="L417" href="#L417">417</a> <strong class="jxr_keyword">for</strong> (Identifier parentId : parent.getIdentifiers()) {
|
||||
<a class="jxr_linenumber" name="L418" href="#L418">418</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(parentId.getType()) && parentId.getValue().startsWith(trimmedCPE)) {
|
||||
<a class="jxr_linenumber" name="L419" href="#L419">419</a> remove |= <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L420" href="#L420">420</a> }
|
||||
<a class="jxr_linenumber" name="L421" href="#L421">421</a> }
|
||||
<a class="jxr_linenumber" name="L422" href="#L422">422</a> }
|
||||
<a class="jxr_linenumber" name="L423" href="#L423">423</a> <strong class="jxr_keyword">if</strong> (!remove) { <em class="jxr_comment">//we can escape early</em>
|
||||
<a class="jxr_linenumber" name="L424" href="#L424">424</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L425" href="#L425">425</a> }
|
||||
<a class="jxr_linenumber" name="L426" href="#L426">426</a> }
|
||||
<a class="jxr_linenumber" name="L427" href="#L427">427</a> <strong class="jxr_keyword">if</strong> (remove) {
|
||||
<a class="jxr_linenumber" name="L428" href="#L428">428</a> engine.getDependencies().remove(dependency);
|
||||
<a class="jxr_linenumber" name="L429" href="#L429">429</a> }
|
||||
<a class="jxr_linenumber" name="L430" href="#L430">430</a> }
|
||||
<a class="jxr_linenumber" name="L431" href="#L431">431</a> }
|
||||
<a class="jxr_linenumber" name="L432" href="#L432">432</a>
|
||||
<a class="jxr_linenumber" name="L433" href="#L433">433</a> }
|
||||
<a class="jxr_linenumber" name="L434" href="#L434">434</a> }
|
||||
<a class="jxr_linenumber" name="L435" href="#L435">435</a>
|
||||
<a class="jxr_linenumber" name="L436" href="#L436">436</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L437" href="#L437">437</a> <em class="jxr_javadoccomment"> * Retrieves a given dependency, based on a given path, from a list of dependencies.</em>
|
||||
<a class="jxr_linenumber" name="L438" href="#L438">438</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L439" href="#L439">439</a> <em class="jxr_javadoccomment"> * @param dependencyPath the path of the dependency to return</em>
|
||||
<a class="jxr_linenumber" name="L440" href="#L440">440</a> <em class="jxr_javadoccomment"> * @param dependencies the collection of dependencies to search</em>
|
||||
<a class="jxr_linenumber" name="L441" href="#L441">441</a> <em class="jxr_javadoccomment"> * @return the dependency object for the given path, otherwise null</em>
|
||||
<a class="jxr_linenumber" name="L442" href="#L442">442</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L443" href="#L443">443</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> findDependency(String dependencyPath, List<Dependency> dependencies) {
|
||||
<a class="jxr_linenumber" name="L444" href="#L444">444</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
|
||||
<a class="jxr_linenumber" name="L445" href="#L445">445</a> <strong class="jxr_keyword">if</strong> (d.getFilePath().equalsIgnoreCase(dependencyPath)) {
|
||||
<a class="jxr_linenumber" name="L446" href="#L446">446</a> <strong class="jxr_keyword">return</strong> d;
|
||||
<a class="jxr_linenumber" name="L447" href="#L447">447</a> }
|
||||
<a class="jxr_linenumber" name="L448" href="#L448">448</a> }
|
||||
<a class="jxr_linenumber" name="L449" href="#L449">449</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L450" href="#L450">450</a> }
|
||||
<a class="jxr_linenumber" name="L451" href="#L451">451</a>
|
||||
<a class="jxr_linenumber" name="L452" href="#L452">452</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L453" href="#L453">453</a> <em class="jxr_javadoccomment"> * Takes a full CPE and returns the CPE trimmed to include only vendor and product.</em>
|
||||
<a class="jxr_linenumber" name="L454" href="#L454">454</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L455" href="#L455">455</a> <em class="jxr_javadoccomment"> * @param value the CPE value to trim</em>
|
||||
<a class="jxr_linenumber" name="L456" href="#L456">456</a> <em class="jxr_javadoccomment"> * @return a CPE value that only includes the vendor and product</em>
|
||||
<a class="jxr_linenumber" name="L457" href="#L457">457</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L458" href="#L458">458</a> <strong class="jxr_keyword">private</strong> String trimCpeToVendor(String value) {
|
||||
<a class="jxr_linenumber" name="L459" href="#L459">459</a> <em class="jxr_comment">//cpe:/a:jruby:jruby:1.0.8</em>
|
||||
<a class="jxr_linenumber" name="L460" href="#L460">460</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> pos1 = value.indexOf(<span class="jxr_string">":"</span>, 7); <em class="jxr_comment">//right of vendor</em>
|
||||
<a class="jxr_linenumber" name="L461" href="#L461">461</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> pos2 = value.indexOf(<span class="jxr_string">":"</span>, pos1 + 1); <em class="jxr_comment">//right of product</em>
|
||||
<a class="jxr_linenumber" name="L462" href="#L462">462</a> <strong class="jxr_keyword">if</strong> (pos2 < 0) {
|
||||
<a class="jxr_linenumber" name="L463" href="#L463">463</a> <strong class="jxr_keyword">return</strong> value;
|
||||
<a class="jxr_linenumber" name="L464" href="#L464">464</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L465" href="#L465">465</a> <strong class="jxr_keyword">return</strong> value.substring(0, pos2);
|
||||
<a class="jxr_linenumber" name="L466" href="#L466">466</a> }
|
||||
<a class="jxr_linenumber" name="L467" href="#L467">467</a> }
|
||||
<a class="jxr_linenumber" name="L468" href="#L468">468</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -81,7 +81,7 @@
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyze(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_comment">//strip any path information that may get added by ArchiveAnalyzer, etc.</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <strong class="jxr_keyword">final</strong> File f = <strong class="jxr_keyword">new</strong> File(dependency.getFileName());
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <strong class="jxr_keyword">final</strong> File f = dependency.getActualFile();
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> String fileName = f.getName();
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_comment">//remove file extension</em>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -38,7 +38,7 @@
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nexus.NexusSearch;
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Confidence;
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Identifier;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.InvalidSettingException;
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment">/**</em>
|
||||
@@ -58,144 +58,171 @@
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/NexusAnalyzer.html">NexusAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> * The default URL - this will be used by the CentralAnalyzer to determine whether to enable this.</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = Logger.getLogger(NexusAnalyzer.<strong class="jxr_keyword">class</strong>.getName());
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String DEFAULT_URL = <span class="jxr_string">"https://repository.sonatype.org/service/local/"</span>;
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Nexus Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = Logger.getLogger(NexusAnalyzer.<strong class="jxr_keyword">class</strong>.getName());
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> * The phase in which the analyzer runs.</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Nexus Analyzer"</span>;
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> * The types of files on which this will work.</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> * The phase in which the analyzer runs.</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Set<String> SUPPORTED_EXTENSIONS = newHashSet(<span class="jxr_string">"jar"</span>);
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> * The Nexus Search to be set up for this analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> * The types of files on which this will work.</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/data/nexus/NexusSearch.html">NexusSearch</a> searcher;
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Set<String> SUPPORTED_EXTENSIONS = newHashSet(<span class="jxr_string">"jar"</span>);
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * Initializes the analyzer once before any analysis is performed.</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> * @throws Exception if there's an error during initialization</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> @Override
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> LOGGER.fine(<span class="jxr_string">"Initializing Nexus Analyzer"</span>);
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> LOGGER.fine(String.format(<span class="jxr_string">"Nexus Analyzer enabled: %s"</span>, isEnabled()));
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <strong class="jxr_keyword">if</strong> (isEnabled()) {
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">final</strong> String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL);
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> LOGGER.fine(String.format(<span class="jxr_string">"Nexus Analyzer URL: %s"</span>, searchUrl));
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> searcher = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/nexus/NexusSearch.html">NexusSearch</a>(<strong class="jxr_keyword">new</strong> URL(searchUrl));
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">if</strong> (!searcher.preflightRequest()) {
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> LOGGER.warning(<span class="jxr_string">"There was an issue getting Nexus status. Disabling analyzer."</span>);
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> }
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> } <strong class="jxr_keyword">catch</strong> (MalformedURLException mue) {
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_comment">// I know that initialize can throw an exception, but we'll</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_comment">// just disable the analyzer if the URL isn't valid</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> LOGGER.warning(String.format(<span class="jxr_string">"Property %s not a valid URL. Nexus Analyzer disabled"</span>, searchUrl));
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> }
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> }
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> }
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> * Returns the analyzer's name.</em>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> @Override
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> }
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> @Override
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_NEXUS_ENABLED;
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> }
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment"> * Returns the analysis phase under which the analyzer runs.</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> * @return the phase under which this analyzer runs</em>
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> @Override
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> }
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment"> * Returns the extensions for which this Analyzer runs.</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> * @return the extensions for which this Analyzer runs</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> @Override
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">public</strong> Set<String> getSupportedExtensions() {
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">return</strong> SUPPORTED_EXTENSIONS;
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> }
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> * Performs the analysis.</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> * @param engine the engine</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment"> * @throws AnalysisException when there's an exception during analysis</em>
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> @Override
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/data/nexus/MavenArtifact.html">MavenArtifact</a> ma = searcher.searchSha1(dependency.getSha1sum());
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">if</strong> (ma.getGroupId() != <strong class="jxr_keyword">null</strong> && !<span class="jxr_string">""</span>.equals(ma.getGroupId())) {
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> dependency.getVendorEvidence().addEvidence(<span class="jxr_string">"nexus"</span>, <span class="jxr_string">"groupid"</span>, ma.getGroupId(), Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> }
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">if</strong> (ma.getArtifactId() != <strong class="jxr_keyword">null</strong> && !<span class="jxr_string">""</span>.equals(ma.getArtifactId())) {
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> dependency.getProductEvidence().addEvidence(<span class="jxr_string">"nexus"</span>, <span class="jxr_string">"artifactid"</span>, ma.getArtifactId(), Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> }
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">if</strong> (ma.getVersion() != <strong class="jxr_keyword">null</strong> && !<span class="jxr_string">""</span>.equals(ma.getVersion())) {
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> dependency.getVersionEvidence().addEvidence(<span class="jxr_string">"nexus"</span>, <span class="jxr_string">"version"</span>, ma.getVersion(), Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> }
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">if</strong> (ma.getArtifactUrl() != <strong class="jxr_keyword">null</strong> && !<span class="jxr_string">""</span>.equals(ma.getArtifactUrl())) {
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">boolean</strong> found = false;
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency.getIdentifiers()) {
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"maven"</span>.equals(i.getType()) && i.getValue().equals(ma.toString())) {
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> found = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> i.setConfidence(Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> i.setUrl(ma.getArtifactUrl());
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> }
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> }
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <strong class="jxr_keyword">if</strong> (!found) {
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> dependency.addIdentifier(<span class="jxr_string">"maven"</span>, ma.toString(), ma.getArtifactUrl(), Confidence.HIGHEST);
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> }
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> }
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> } <strong class="jxr_keyword">catch</strong> (IllegalArgumentException iae) {
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <em class="jxr_comment">//dependency.addAnalysisException(new AnalysisException("Invalid SHA-1"));</em>
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> LOGGER.info(String.format(<span class="jxr_string">"invalid sha-1 hash on %s"</span>, dependency.getFileName()));
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException fnfe) {
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <em class="jxr_comment">//dependency.addAnalysisException(new AnalysisException("Artifact not found on repository"));</em>
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> LOGGER.fine(String.format(<span class="jxr_string">"Artifact not found in repository '%s'"</span>, dependency.getFileName()));
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> LOGGER.log(Level.FINE, fnfe.getMessage(), fnfe);
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <em class="jxr_comment">//dependency.addAnalysisException(new AnalysisException("Could not connect to repository", ioe));</em>
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> LOGGER.log(Level.FINE, <span class="jxr_string">"Could not connect to nexus repository"</span>, ioe);
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> }
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> }
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> }
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * The Nexus Search to be set up for this analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/data/nexus/NexusSearch.html">NexusSearch</a> searcher;
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> * Field indicating if the analyzer is enabled.</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> enabled = checkEnabled();
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment"> * Determines if this analyzer is enabled</em>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment"> * @return <code>true</code> if the analyzer is enabled; otherwise <code>false</code></em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> checkEnabled() {
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_comment">/* Enable this analyzer ONLY if the Nexus URL has been set to something</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_comment"> other than the default one (if it's the default one, we'll use the</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_comment"> central one) and it's enabled by the user.</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <strong class="jxr_keyword">boolean</strong> retval = false;
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">if</strong> ((!DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL)))
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> && Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED)) {
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> LOGGER.info(<span class="jxr_string">"Enabling Nexus analyzer"</span>);
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> retval = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> LOGGER.info(<span class="jxr_string">"Nexus analyzer disabled, using Central instead"</span>);
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> }
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> } <strong class="jxr_keyword">catch</strong> (InvalidSettingException ise) {
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> LOGGER.warning(<span class="jxr_string">"Invalid setting. Disabling Nexus analyzer"</span>);
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> }
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a>
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">return</strong> retval;
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> }
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a>
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <em class="jxr_javadoccomment"> * Determine whether to enable this analyzer or not.</em>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment"> * @return whether the analyzer should be enabled</em>
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> @Override
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> isEnabled() {
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <strong class="jxr_keyword">return</strong> enabled;
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> }
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a>
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_javadoccomment"> * Initializes the analyzer once before any analysis is performed.</em>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> * @throws Exception if there's an error during initialization</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> @Override
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> LOGGER.fine(<span class="jxr_string">"Initializing Nexus Analyzer"</span>);
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> LOGGER.fine(String.format(<span class="jxr_string">"Nexus Analyzer enabled: %s"</span>, isEnabled()));
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">if</strong> (isEnabled()) {
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">final</strong> String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL);
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> LOGGER.fine(String.format(<span class="jxr_string">"Nexus Analyzer URL: %s"</span>, searchUrl));
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> searcher = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/nexus/NexusSearch.html">NexusSearch</a>(<strong class="jxr_keyword">new</strong> URL(searchUrl));
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <strong class="jxr_keyword">if</strong> (!searcher.preflightRequest()) {
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> LOGGER.warning(<span class="jxr_string">"There was an issue getting Nexus status. Disabling analyzer."</span>);
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> }
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> } <strong class="jxr_keyword">catch</strong> (MalformedURLException mue) {
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_comment">// I know that initialize can throw an exception, but we'll</em>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_comment">// just disable the analyzer if the URL isn't valid</em>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> LOGGER.warning(String.format(<span class="jxr_string">"Property %s not a valid URL. Nexus Analyzer disabled"</span>, searchUrl));
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> setEnabled(false);
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> }
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> }
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> }
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a>
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <em class="jxr_javadoccomment"> * Returns the analyzer's name.</em>
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> @Override
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <strong class="jxr_keyword">public</strong> String getName() {
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> }
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a>
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's enabled property.</em>
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> @Override
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_NEXUS_ENABLED;
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> }
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <em class="jxr_javadoccomment"> * Returns the analysis phase under which the analyzer runs.</em>
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment"> * @return the phase under which this analyzer runs</em>
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> @Override
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> }
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a>
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <em class="jxr_javadoccomment"> * Returns the extensions for which this Analyzer runs.</em>
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <em class="jxr_javadoccomment"> * @return the extensions for which this Analyzer runs</em>
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> @Override
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <strong class="jxr_keyword">public</strong> Set<String> getSupportedExtensions() {
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <strong class="jxr_keyword">return</strong> SUPPORTED_EXTENSIONS;
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> }
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> * Performs the analysis.</em>
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <em class="jxr_javadoccomment"> * @param engine the engine</em>
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <em class="jxr_javadoccomment"> * @throws AnalysisException when there's an exception during analysis</em>
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> @Override
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <strong class="jxr_keyword">if</strong> (!isEnabled()) {
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> }
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/data/nexus/MavenArtifact.html">MavenArtifact</a> ma = searcher.searchSha1(dependency.getSha1sum());
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> dependency.addAsEvidence(<span class="jxr_string">"nexus"</span>, ma, Confidence.HIGH);
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> } <strong class="jxr_keyword">catch</strong> (IllegalArgumentException iae) {
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_comment">//dependency.addAnalysisException(new AnalysisException("Invalid SHA-1"));</em>
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> LOGGER.info(String.format(<span class="jxr_string">"invalid sha-1 hash on %s"</span>, dependency.getFileName()));
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException fnfe) {
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <em class="jxr_comment">//dependency.addAnalysisException(new AnalysisException("Artifact not found on repository"));</em>
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> LOGGER.fine(String.format(<span class="jxr_string">"Artifact not found in repository '%s'"</span>, dependency.getFileName()));
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> LOGGER.log(Level.FINE, fnfe.getMessage(), fnfe);
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <em class="jxr_comment">//dependency.addAnalysisException(new AnalysisException("Could not connect to repository", ioe));</em>
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> LOGGER.log(Level.FINE, <span class="jxr_string">"Could not connect to nexus repository"</span>, ioe);
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> }
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> }
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.analyzer.exception</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.analyzer.exception</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.analyzer.exception</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.analyzer.exception</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.analyzer</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.analyzer</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
@@ -41,6 +41,9 @@
|
||||
</li>
|
||||
<li>
|
||||
<a href="CPEAnalyzer.html" target="classFrame">CPEAnalyzer</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="CentralAnalyzer.html" target="classFrame">CentralAnalyzer</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="JarAnalyzer.html" target="classFrame">ClassNameInformation</a>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.analyzer</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.analyzer</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
@@ -79,6 +79,11 @@
|
||||
<td>
|
||||
<a href="CPEAnalyzer.html" target="classFrame">CPEAnalyzer</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="CentralAnalyzer.html" target="classFrame">CentralAnalyzer</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
|
||||
@@ -0,0 +1,164 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head><meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>CentralSearch xref</title>
|
||||
<link type="text/css" rel="stylesheet" href="../../../../../stylesheet.css" />
|
||||
</head>
|
||||
<body>
|
||||
<div id="overview"><a href="../../../../../../apidocs/org/owasp/dependencycheck/data/central/CentralSearch.html">View Javadoc</a></div><pre>
|
||||
<a class="jxr_linenumber" name="L1" href="#L1">1</a> <em class="jxr_comment">/*</em>
|
||||
<a class="jxr_linenumber" name="L2" href="#L2">2</a> <em class="jxr_comment"> * This file is part of dependency-check-core.</em>
|
||||
<a class="jxr_linenumber" name="L3" href="#L3">3</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L4" href="#L4">4</a> <em class="jxr_comment"> * Licensed under the Apache License, Version 2.0 (the "License");</em>
|
||||
<a class="jxr_linenumber" name="L5" href="#L5">5</a> <em class="jxr_comment"> * you may not use this file except in compliance with the License.</em>
|
||||
<a class="jxr_linenumber" name="L6" href="#L6">6</a> <em class="jxr_comment"> * You may obtain a copy of the License at</em>
|
||||
<a class="jxr_linenumber" name="L7" href="#L7">7</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L8" href="#L8">8</a> <em class="jxr_comment"> * <a href="http://www.apache.org/licenses/LICENSE-2." target="alexandria_uri">http://www.apache.org/licenses/LICENSE-2.</a>0</em>
|
||||
<a class="jxr_linenumber" name="L9" href="#L9">9</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L10" href="#L10">10</a> <em class="jxr_comment"> * Unless required by applicable law or agreed to in writing, software</em>
|
||||
<a class="jxr_linenumber" name="L11" href="#L11">11</a> <em class="jxr_comment"> * distributed under the License is distributed on an "AS IS" BASIS,</em>
|
||||
<a class="jxr_linenumber" name="L12" href="#L12">12</a> <em class="jxr_comment"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</em>
|
||||
<a class="jxr_linenumber" name="L13" href="#L13">13</a> <em class="jxr_comment"> * See the License for the specific language governing permissions and</em>
|
||||
<a class="jxr_linenumber" name="L14" href="#L14">14</a> <em class="jxr_comment"> * limitations under the License.</em>
|
||||
<a class="jxr_linenumber" name="L15" href="#L15">15</a> <em class="jxr_comment"> *</em>
|
||||
<a class="jxr_linenumber" name="L16" href="#L16">16</a> <em class="jxr_comment"> * Copyright (c) 2014 Jeremy Long. All Rights Reserved.</em>
|
||||
<a class="jxr_linenumber" name="L17" href="#L17">17</a> <em class="jxr_comment"> */</em>
|
||||
<a class="jxr_linenumber" name="L18" href="#L18">18</a> <strong class="jxr_keyword">package</strong> org.owasp.dependencycheck.data.central;
|
||||
<a class="jxr_linenumber" name="L19" href="#L19">19</a>
|
||||
<a class="jxr_linenumber" name="L20" href="#L20">20</a> <strong class="jxr_keyword">import</strong> java.io.FileNotFoundException;
|
||||
<a class="jxr_linenumber" name="L21" href="#L21">21</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
|
||||
<a class="jxr_linenumber" name="L22" href="#L22">22</a> <strong class="jxr_keyword">import</strong> java.net.HttpURLConnection;
|
||||
<a class="jxr_linenumber" name="L23" href="#L23">23</a> <strong class="jxr_keyword">import</strong> java.net.URL;
|
||||
<a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> java.util.ArrayList;
|
||||
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> java.util.List;
|
||||
<a class="jxr_linenumber" name="L26" href="#L26">26</a> <strong class="jxr_keyword">import</strong> java.util.logging.Logger;
|
||||
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> javax.xml.parsers.DocumentBuilder;
|
||||
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <strong class="jxr_keyword">import</strong> javax.xml.parsers.DocumentBuilderFactory;
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> javax.xml.xpath.XPath;
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> javax.xml.xpath.XPathConstants;
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> javax.xml.xpath.XPathFactory;
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nexus.MavenArtifact;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.URLConnectionFactory;
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> org.w3c.dom.Document;
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> org.w3c.dom.NodeList;
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> * Class of methods to search Maven Central via Central.</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * @author colezlaw</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../../org/owasp/dependencycheck/data/central/CentralSearch.html">CentralSearch</a> {
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> * The URL for the Central service</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> URL rootURL;
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> * Whether to use the Proxy when making requests</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> useProxy;
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> * Used for logging.</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = Logger.getLogger(CentralSearch.<strong class="jxr_keyword">class</strong>.getName());
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> * Creates a NexusSearch for the given repository URL.</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> * @param rootURL the URL of the repository on which searches should execute. Only parameters are added to this (so</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment"> * it should end in /select)</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <strong class="jxr_keyword">public</strong> <a href="../../../../../org/owasp/dependencycheck/data/central/CentralSearch.html">CentralSearch</a>(URL rootURL) {
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <strong class="jxr_keyword">this</strong>.rootURL = rootURL;
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != Settings.getString(Settings.KEYS.PROXY_SERVER)) {
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> useProxy = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> LOGGER.fine(<span class="jxr_string">"Using proxy"</span>);
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> useProxy = false;
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> LOGGER.fine(<span class="jxr_string">"Not using proxy"</span>);
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> }
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> }
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * Searches the configured Central URL for the given sha1 hash. If the artifact is found, a</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> * <code>MavenArtifact</code> is populated with the GAV.</em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * @param sha1 the SHA-1 hash string for which to search</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> * @return the populated Maven GAV.</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> * @throws IOException if it's unable to connect to the specified repository or if the specified artifact is not</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> * found.</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <strong class="jxr_keyword">public</strong> List<MavenArtifact> searchSha1(String sha1) <strong class="jxr_keyword">throws</strong> IOException {
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> == sha1 || !sha1.matches(<span class="jxr_string">"^[0-9A-Fa-f]{40}$"</span>)) {
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IllegalArgumentException(<span class="jxr_string">"Invalid SHA1 format"</span>);
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> }
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">final</strong> URL url = <strong class="jxr_keyword">new</strong> URL(rootURL + String.format(<span class="jxr_string">"?q=1:\"%s\"&wt=xml"</span>, sha1));
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> LOGGER.fine(String.format(<span class="jxr_string">"Searching Central url %s"</span>, url.toString()));
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_comment">// Determine if we need to use a proxy. The rules:</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_comment">// 1) If the proxy is set, AND the setting is set to true, use the proxy</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_comment">// 2) Otherwise, don't use the proxy (either the proxy isn't configured,</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_comment">// or proxy is specifically set to false)</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">final</strong> HttpURLConnection conn = URLConnectionFactory.createHttpURLConnection(url, useProxy);
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> conn.setDoOutput(<strong class="jxr_keyword">true</strong>);
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_comment">// JSON would be more elegant, but there's not currently a dependency</em>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_comment">// on JSON, so don't want to add one just for this</em>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> conn.addRequestProperty(<span class="jxr_string">"Accept"</span>, <span class="jxr_string">"application/xml"</span>);
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> conn.connect();
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">if</strong> (conn.getResponseCode() == 200) {
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">boolean</strong> missing = false;
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">final</strong> DocumentBuilder builder = DocumentBuilderFactory
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> .newInstance().newDocumentBuilder();
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">final</strong> Document doc = builder.parse(conn.getInputStream());
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">final</strong> XPath xpath = XPathFactory.newInstance().newXPath();
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">final</strong> String numFound = xpath.evaluate(<span class="jxr_string">"/response/result/@numFound"</span>, doc);
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"0"</span>.equals(numFound)) {
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> missing = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <strong class="jxr_keyword">final</strong> ArrayList<MavenArtifact> result = <strong class="jxr_keyword">new</strong> ArrayList<MavenArtifact>();
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <strong class="jxr_keyword">final</strong> NodeList docs = (NodeList) xpath.evaluate(<span class="jxr_string">"/response/result/doc"</span>, doc, XPathConstants.NODESET);
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> i = 0; i < docs.getLength(); i++) {
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">final</strong> String g = xpath.evaluate(<span class="jxr_string">"./str[@name='g']"</span>, docs.item(i));
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> LOGGER.finest(String.format(<span class="jxr_string">"GroupId: %s"</span>, g));
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <strong class="jxr_keyword">final</strong> String a = xpath.evaluate(<span class="jxr_string">"./str[@name='a']"</span>, docs.item(i));
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> LOGGER.finest(String.format(<span class="jxr_string">"ArtifactId: %s"</span>, a));
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">final</strong> String v = xpath.evaluate(<span class="jxr_string">"./str[@name='v']"</span>, docs.item(i));
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> LOGGER.finest(String.format(<span class="jxr_string">"Version: %s"</span>, v));
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> result.add(<strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/nexus/MavenArtifact.html">MavenArtifact</a>(g, a, v, url.toString()));
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> }
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a>
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <strong class="jxr_keyword">return</strong> result;
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> }
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> } <strong class="jxr_keyword">catch</strong> (Throwable e) {
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_comment">// Anything else is jacked up XML stuff that we really can't recover</em>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_comment">// from well</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IOException(e.getMessage(), e);
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> }
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <strong class="jxr_keyword">if</strong> (missing) {
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> FileNotFoundException(<span class="jxr_string">"Artifact not found in Central"</span>);
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> }
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Could not connect to Central received response code: %d %s"</span>,
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> conn.getResponseCode(), conn.getResponseMessage());
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> LOGGER.fine(msg);
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IOException(msg);
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> }
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> }
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,24 @@
|
||||
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.central</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<h3>
|
||||
<a href="package-summary.html" target="classFrame">org.owasp.dependencycheck.data.central</a>
|
||||
</h3>
|
||||
|
||||
<h3>Classes</h3>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
<a href="CentralSearch.html" target="classFrame">CentralSearch</a>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,69 @@
|
||||
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.central</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
<div class="overview">
|
||||
<ul>
|
||||
<li>
|
||||
<a href="../../../../../overview-summary.html">Overview</a>
|
||||
</li>
|
||||
<li class="selected">Package</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="framenoframe">
|
||||
<ul>
|
||||
<li>
|
||||
<a href="../../../../../index.html" target="_top">FRAMES</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="package-summary.html" target="_top">NO FRAMES</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<h2>Package org.owasp.dependencycheck.data.central</h2>
|
||||
|
||||
<table class="summary">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Class Summary</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="CentralSearch.html" target="classFrame">CentralSearch</a>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
<div class="overview">
|
||||
<ul>
|
||||
<li>
|
||||
<a href="../../../../../overview-summary.html">Overview</a>
|
||||
</li>
|
||||
<li class="selected">Package</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="framenoframe">
|
||||
<ul>
|
||||
<li>
|
||||
<a href="../../../../../index.html" target="_top">FRAMES</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="package-summary.html" target="_top">NO FRAMES</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<hr />
|
||||
<div id="footer">
|
||||
Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
@@ -62,277 +62,278 @@
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> * @author Jeremy Long <jeremy.long@owasp.org></em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.html">CpeMemoryIndex</a> {
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = Logger.getLogger(CpeMemoryIndex.<strong class="jxr_keyword">class</strong>.getName());
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> * singleton instance.</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.html">CpeMemoryIndex</a> instance = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.html">CpeMemoryIndex</a>();
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> * private constructor for singleton.</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.html">CpeMemoryIndex</a>() {
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> }
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> * Gets the singleton instance of the CpeMemoryIndex.</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment"> * @return the instance of the CpeMemoryIndex</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.html">CpeMemoryIndex</a> getInstance() {
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">return</strong> instance;
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> }
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * The in memory Lucene index.</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <strong class="jxr_keyword">private</strong> RAMDirectory index;
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> * The Lucene IndexReader.</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">private</strong> IndexReader indexReader;
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment"> * The Lucene IndexSearcher.</em>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">private</strong> IndexSearcher indexSearcher;
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment"> * The Lucene Analyzer used for Searching.</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <strong class="jxr_keyword">private</strong> Analyzer searchingAnalyzer;
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> * The Lucene QueryParser used for Searching.</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">private</strong> QueryParser queryParser;
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> * The search field analyzer for the product field.</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.html">SearchFieldAnalyzer</a> productSearchFieldAnalyzer;
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> * The search field analyzer for the vendor field.</em>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.html">SearchFieldAnalyzer</a> vendorSearchFieldAnalyzer;
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a>
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment"> * Creates and loads data into an in memory index.</em>
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> * @param cve the data source to retrieve the cpe data</em>
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> * @throws IndexException thrown if there is an error creating the index</em>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> open(<a href="../../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a> cve) <strong class="jxr_keyword">throws</strong> IndexException {
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <strong class="jxr_keyword">if</strong> (!openState) {
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> index = <strong class="jxr_keyword">new</strong> RAMDirectory();
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> buildIndex(cve);
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> indexReader = DirectoryReader.open(index);
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/IndexException.html">IndexException</a>(ex);
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> }
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> indexSearcher = <strong class="jxr_keyword">new</strong> IndexSearcher(indexReader);
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> searchingAnalyzer = createSearchingAnalyzer();
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> queryParser = <strong class="jxr_keyword">new</strong> QueryParser(LuceneUtils.CURRENT_VERSION, Fields.DOCUMENT_KEY, searchingAnalyzer);
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> openState = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> }
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> }
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> * A flag indicating whether or not the index is open.</em>
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> openState = false;
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> * returns whether or not the index is open.</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> * @return whether or not the index is open</em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> isOpen() {
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">return</strong> openState;
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> }
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> * Creates the indexing analyzer for the CPE Index.</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> * @return the CPE Analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> @SuppressWarnings(<span class="jxr_string">"unchecked"</span>)
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <strong class="jxr_keyword">private</strong> Analyzer createIndexingAnalyzer() {
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">final</strong> Map fieldAnalyzers = <strong class="jxr_keyword">new</strong> HashMap();
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> fieldAnalyzers.put(Fields.DOCUMENT_KEY, <strong class="jxr_keyword">new</strong> KeywordAnalyzer());
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> PerFieldAnalyzerWrapper(<strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/lucene/FieldAnalyzer.html">FieldAnalyzer</a>(LuceneUtils.CURRENT_VERSION), fieldAnalyzers);
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> }
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> * Creates an Analyzer for searching the CPE Index.</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_javadoccomment"> * @return the CPE Analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> @SuppressWarnings(<span class="jxr_string">"unchecked"</span>)
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">private</strong> Analyzer createSearchingAnalyzer() {
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">final</strong> Map fieldAnalyzers = <strong class="jxr_keyword">new</strong> HashMap();
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> fieldAnalyzers.put(Fields.DOCUMENT_KEY, <strong class="jxr_keyword">new</strong> KeywordAnalyzer());
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> productSearchFieldAnalyzer = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.html">SearchFieldAnalyzer</a>(LuceneUtils.CURRENT_VERSION);
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> vendorSearchFieldAnalyzer = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.html">SearchFieldAnalyzer</a>(LuceneUtils.CURRENT_VERSION);
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> fieldAnalyzers.put(Fields.PRODUCT, productSearchFieldAnalyzer);
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> fieldAnalyzers.put(Fields.VENDOR, vendorSearchFieldAnalyzer);
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> PerFieldAnalyzerWrapper(<strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/lucene/FieldAnalyzer.html">FieldAnalyzer</a>(LuceneUtils.CURRENT_VERSION), fieldAnalyzers);
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> }
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a>
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment"> * Saves a CPE IndexEntry into the Lucene index.</em>
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <em class="jxr_javadoccomment"> * @param vendor the vendor to index</em>
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <em class="jxr_javadoccomment"> * @param product the product to index</em>
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <em class="jxr_javadoccomment"> * @param indexWriter the index writer to write the entry into</em>
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <em class="jxr_javadoccomment"> * @throws CorruptIndexException is thrown if the index is corrupt</em>
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <em class="jxr_javadoccomment"> * @throws IOException is thrown if an IOException occurs</em>
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> saveEntry(String vendor, String product, IndexWriter indexWriter) <strong class="jxr_keyword">throws</strong> CorruptIndexException, IOException {
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <strong class="jxr_keyword">final</strong> Document doc = <strong class="jxr_keyword">new</strong> Document();
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <strong class="jxr_keyword">final</strong> Field v = <strong class="jxr_keyword">new</strong> TextField(Fields.VENDOR, vendor, Field.Store.YES);
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <strong class="jxr_keyword">final</strong> Field p = <strong class="jxr_keyword">new</strong> TextField(Fields.PRODUCT, product, Field.Store.YES);
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> doc.add(v);
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> doc.add(p);
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> indexWriter.addDocument(doc);
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> }
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment"> * Closes the CPE Index.</em>
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() {
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">if</strong> (searchingAnalyzer != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> searchingAnalyzer.close();
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> searchingAnalyzer = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> }
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <strong class="jxr_keyword">if</strong> (indexReader != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> indexReader.close();
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> }
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> indexReader = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> }
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> queryParser = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> indexSearcher = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <strong class="jxr_keyword">if</strong> (index != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> index.close();
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> index = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> }
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> openState = false;
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> }
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a>
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <em class="jxr_javadoccomment"> * Builds the CPE Lucene Index based off of the data within the CveDB.</em>
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <em class="jxr_javadoccomment"> * @param cve the data base containing the CPE data</em>
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <em class="jxr_javadoccomment"> * @throws IndexException thrown if there is an issue creating the index</em>
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> buildIndex(<a href="../../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a> cve) <strong class="jxr_keyword">throws</strong> IndexException {
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> Analyzer analyzer = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> IndexWriter indexWriter = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> analyzer = createIndexingAnalyzer();
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> <strong class="jxr_keyword">final</strong> IndexWriterConfig conf = <strong class="jxr_keyword">new</strong> IndexWriterConfig(LuceneUtils.CURRENT_VERSION, analyzer);
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> indexWriter = <strong class="jxr_keyword">new</strong> IndexWriter(index, conf);
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <strong class="jxr_keyword">final</strong> Set<Pair<String, String>> data = cve.getVendorProductList();
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <strong class="jxr_keyword">for</strong> (Pair<String, String> pair : data) {
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> saveEntry(pair.getLeft(), pair.getRight(), indexWriter);
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> }
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/IndexException.html">IndexException</a>(<span class="jxr_string">"Error reading CPE data"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> }
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> } <strong class="jxr_keyword">catch</strong> (CorruptIndexException ex) {
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/IndexException.html">IndexException</a>(<span class="jxr_string">"Unable to close an in-memory index"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/IndexException.html">IndexException</a>(<span class="jxr_string">"Unable to close an in-memory index"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <strong class="jxr_keyword">if</strong> (indexWriter != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> indexWriter.commit();
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> indexWriter.close(<strong class="jxr_keyword">true</strong>);
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> }
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> } <strong class="jxr_keyword">catch</strong> (CorruptIndexException ex) {
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/IndexException.html">IndexException</a>(<span class="jxr_string">"Unable to close an in-memory index"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/IndexException.html">IndexException</a>(<span class="jxr_string">"Unable to close an in-memory index"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> }
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <strong class="jxr_keyword">if</strong> (analyzer != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> analyzer.close();
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> }
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> }
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> }
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> }
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a>
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <em class="jxr_javadoccomment"> * Resets the searching analyzers</em>
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> resetSearchingAnalyzer() {
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> <strong class="jxr_keyword">if</strong> (productSearchFieldAnalyzer != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> productSearchFieldAnalyzer.clear();
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> }
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <strong class="jxr_keyword">if</strong> (vendorSearchFieldAnalyzer != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> vendorSearchFieldAnalyzer.clear();
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> }
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> }
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a>
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <em class="jxr_javadoccomment"> * Searches the index using the given search string.</em>
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <em class="jxr_javadoccomment"> * @param searchString the query text</em>
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <em class="jxr_javadoccomment"> * @param maxQueryResults the maximum number of documents to return</em>
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <em class="jxr_javadoccomment"> * @return the TopDocs found by the search</em>
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <em class="jxr_javadoccomment"> * @throws ParseException thrown when the searchString is invalid</em>
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <em class="jxr_javadoccomment"> * @throws IOException is thrown if there is an issue with the underlying Index</em>
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> <strong class="jxr_keyword">public</strong> TopDocs search(String searchString, <strong class="jxr_keyword">int</strong> maxQueryResults) <strong class="jxr_keyword">throws</strong> ParseException, IOException {
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> <strong class="jxr_keyword">if</strong> (searchString == <strong class="jxr_keyword">null</strong> || searchString.trim().isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> ParseException(<span class="jxr_string">"Query is null or empty"</span>);
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> }
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <strong class="jxr_keyword">final</strong> Query query = queryParser.parse(searchString);
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <strong class="jxr_keyword">return</strong> indexSearcher.search(query, maxQueryResults);
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> }
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a>
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <em class="jxr_javadoccomment"> * Searches the index using the given query.</em>
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <em class="jxr_javadoccomment"> * @param query the query used to search the index</em>
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <em class="jxr_javadoccomment"> * @param maxQueryResults the max number of results to return</em>
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <em class="jxr_javadoccomment"> * @return the TopDocs found be the query</em>
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_javadoccomment"> * @throws CorruptIndexException thrown if the Index is corrupt</em>
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <em class="jxr_javadoccomment"> * @throws IOException thrown if there is an IOException</em>
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <strong class="jxr_keyword">public</strong> TopDocs search(Query query, <strong class="jxr_keyword">int</strong> maxQueryResults) <strong class="jxr_keyword">throws</strong> CorruptIndexException, IOException {
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> resetSearchingAnalyzer();
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <strong class="jxr_keyword">return</strong> indexSearcher.search(query, maxQueryResults);
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> }
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a>
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <em class="jxr_javadoccomment"> * Retrieves a document from the Index.</em>
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <em class="jxr_javadoccomment"> * @param documentId the id of the document to retrieve</em>
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <em class="jxr_javadoccomment"> * @return the Document</em>
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> <em class="jxr_javadoccomment"> * @throws IOException thrown if there is an IOException</em>
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <strong class="jxr_keyword">public</strong> Document getDocument(<strong class="jxr_keyword">int</strong> documentId) <strong class="jxr_keyword">throws</strong> IOException {
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <strong class="jxr_keyword">return</strong> indexSearcher.doc(documentId);
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> }
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a>
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <em class="jxr_javadoccomment"> * Returns the number of CPE entries stored in the index.</em>
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <em class="jxr_javadoccomment"> * @return the number of CPE entries stored in the index</em>
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">int</strong> numDocs() {
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <strong class="jxr_keyword">if</strong> (indexReader == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <strong class="jxr_keyword">return</strong> -1;
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> }
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> <strong class="jxr_keyword">return</strong> indexReader.numDocs();
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> }
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> }
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment"> * The logger.</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = Logger.getLogger(CpeMemoryIndex.<strong class="jxr_keyword">class</strong>.getName());
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> * singleton instance.</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.html">CpeMemoryIndex</a> instance = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.html">CpeMemoryIndex</a>();
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> * private constructor for singleton.</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.html">CpeMemoryIndex</a>() {
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> }
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> * Gets the singleton instance of the CpeMemoryIndex.</em>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> * @return the instance of the CpeMemoryIndex</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.html">CpeMemoryIndex</a> getInstance() {
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <strong class="jxr_keyword">return</strong> instance;
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> }
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> * The in memory Lucene index.</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <strong class="jxr_keyword">private</strong> RAMDirectory index;
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> * The Lucene IndexReader.</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">private</strong> IndexReader indexReader;
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment"> * The Lucene IndexSearcher.</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">private</strong> IndexSearcher indexSearcher;
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> * The Lucene Analyzer used for Searching.</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <strong class="jxr_keyword">private</strong> Analyzer searchingAnalyzer;
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> * The Lucene QueryParser used for Searching.</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <strong class="jxr_keyword">private</strong> QueryParser queryParser;
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> * The search field analyzer for the product field.</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.html">SearchFieldAnalyzer</a> productSearchFieldAnalyzer;
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> * The search field analyzer for the vendor field.</em>
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.html">SearchFieldAnalyzer</a> vendorSearchFieldAnalyzer;
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a>
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment"> * Creates and loads data into an in memory index.</em>
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> * @param cve the data source to retrieve the cpe data</em>
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <em class="jxr_javadoccomment"> * @throws IndexException thrown if there is an error creating the index</em>
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> open(<a href="../../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a> cve) <strong class="jxr_keyword">throws</strong> IndexException {
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <strong class="jxr_keyword">if</strong> (!openState) {
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> index = <strong class="jxr_keyword">new</strong> RAMDirectory();
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> buildIndex(cve);
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> indexReader = DirectoryReader.open(index);
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/IndexException.html">IndexException</a>(ex);
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> }
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> indexSearcher = <strong class="jxr_keyword">new</strong> IndexSearcher(indexReader);
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> searchingAnalyzer = createSearchingAnalyzer();
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> queryParser = <strong class="jxr_keyword">new</strong> QueryParser(LuceneUtils.CURRENT_VERSION, Fields.DOCUMENT_KEY, searchingAnalyzer);
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> openState = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> }
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> }
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment"> * A flag indicating whether or not the index is open.</em>
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> openState = false;
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a>
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> * returns whether or not the index is open.</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> * @return whether or not the index is open</em>
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> isOpen() {
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <strong class="jxr_keyword">return</strong> openState;
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> }
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> * Creates the indexing analyzer for the CPE Index.</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> * @return the CPE Analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> @SuppressWarnings(<span class="jxr_string">"unchecked"</span>)
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">private</strong> Analyzer createIndexingAnalyzer() {
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">final</strong> Map fieldAnalyzers = <strong class="jxr_keyword">new</strong> HashMap();
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> fieldAnalyzers.put(Fields.DOCUMENT_KEY, <strong class="jxr_keyword">new</strong> KeywordAnalyzer());
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> PerFieldAnalyzerWrapper(<strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/lucene/FieldAnalyzer.html">FieldAnalyzer</a>(LuceneUtils.CURRENT_VERSION), fieldAnalyzers);
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> }
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> * Creates an Analyzer for searching the CPE Index.</em>
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <em class="jxr_javadoccomment"> * @return the CPE Analyzer.</em>
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> @SuppressWarnings(<span class="jxr_string">"unchecked"</span>)
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">private</strong> Analyzer createSearchingAnalyzer() {
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">final</strong> Map<String, Analyzer> fieldAnalyzers = <strong class="jxr_keyword">new</strong> HashMap<String, Analyzer>();
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> fieldAnalyzers.put(Fields.DOCUMENT_KEY, <strong class="jxr_keyword">new</strong> KeywordAnalyzer());
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> productSearchFieldAnalyzer = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.html">SearchFieldAnalyzer</a>(LuceneUtils.CURRENT_VERSION);
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> vendorSearchFieldAnalyzer = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.html">SearchFieldAnalyzer</a>(LuceneUtils.CURRENT_VERSION);
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> fieldAnalyzers.put(Fields.PRODUCT, productSearchFieldAnalyzer);
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> fieldAnalyzers.put(Fields.VENDOR, vendorSearchFieldAnalyzer);
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a>
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">new</strong> PerFieldAnalyzerWrapper(<strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/lucene/FieldAnalyzer.html">FieldAnalyzer</a>(LuceneUtils.CURRENT_VERSION), fieldAnalyzers);
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> }
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a>
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_javadoccomment"> * Saves a CPE IndexEntry into the Lucene index.</em>
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <em class="jxr_javadoccomment"> * @param vendor the vendor to index</em>
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <em class="jxr_javadoccomment"> * @param product the product to index</em>
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <em class="jxr_javadoccomment"> * @param indexWriter the index writer to write the entry into</em>
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <em class="jxr_javadoccomment"> * @throws CorruptIndexException is thrown if the index is corrupt</em>
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <em class="jxr_javadoccomment"> * @throws IOException is thrown if an IOException occurs</em>
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> saveEntry(String vendor, String product, IndexWriter indexWriter) <strong class="jxr_keyword">throws</strong> CorruptIndexException, IOException {
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <strong class="jxr_keyword">final</strong> Document doc = <strong class="jxr_keyword">new</strong> Document();
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <strong class="jxr_keyword">final</strong> Field v = <strong class="jxr_keyword">new</strong> TextField(Fields.VENDOR, vendor, Field.Store.YES);
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <strong class="jxr_keyword">final</strong> Field p = <strong class="jxr_keyword">new</strong> TextField(Fields.PRODUCT, product, Field.Store.YES);
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> doc.add(v);
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> doc.add(p);
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> indexWriter.addDocument(doc);
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> }
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a>
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment"> * Closes the CPE Index.</em>
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() {
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">if</strong> (searchingAnalyzer != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> searchingAnalyzer.close();
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> searchingAnalyzer = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> }
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <strong class="jxr_keyword">if</strong> (indexReader != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> indexReader.close();
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> }
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> indexReader = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> }
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> queryParser = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> indexSearcher = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <strong class="jxr_keyword">if</strong> (index != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> index.close();
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> index = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> }
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> openState = false;
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> }
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a>
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <em class="jxr_javadoccomment"> * Builds the CPE Lucene Index based off of the data within the CveDB.</em>
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <em class="jxr_javadoccomment"> * @param cve the data base containing the CPE data</em>
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <em class="jxr_javadoccomment"> * @throws IndexException thrown if there is an issue creating the index</em>
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> buildIndex(<a href="../../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a> cve) <strong class="jxr_keyword">throws</strong> IndexException {
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> Analyzer analyzer = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> IndexWriter indexWriter = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> analyzer = createIndexingAnalyzer();
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <strong class="jxr_keyword">final</strong> IndexWriterConfig conf = <strong class="jxr_keyword">new</strong> IndexWriterConfig(LuceneUtils.CURRENT_VERSION, analyzer);
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> indexWriter = <strong class="jxr_keyword">new</strong> IndexWriter(index, conf);
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <strong class="jxr_keyword">final</strong> Set<Pair<String, String>> data = cve.getVendorProductList();
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <strong class="jxr_keyword">for</strong> (Pair<String, String> pair : data) {
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> saveEntry(pair.getLeft(), pair.getRight(), indexWriter);
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> }
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/IndexException.html">IndexException</a>(<span class="jxr_string">"Error reading CPE data"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> }
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> } <strong class="jxr_keyword">catch</strong> (CorruptIndexException ex) {
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/IndexException.html">IndexException</a>(<span class="jxr_string">"Unable to close an in-memory index"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/IndexException.html">IndexException</a>(<span class="jxr_string">"Unable to close an in-memory index"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <strong class="jxr_keyword">if</strong> (indexWriter != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> indexWriter.commit();
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> indexWriter.close(<strong class="jxr_keyword">true</strong>);
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> }
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> } <strong class="jxr_keyword">catch</strong> (CorruptIndexException ex) {
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/IndexException.html">IndexException</a>(<span class="jxr_string">"Unable to close an in-memory index"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/data/cpe/IndexException.html">IndexException</a>(<span class="jxr_string">"Unable to close an in-memory index"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> }
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <strong class="jxr_keyword">if</strong> (analyzer != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> analyzer.close();
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> }
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> }
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> }
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> }
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a>
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> <em class="jxr_javadoccomment"> * Resets the searching analyzers</em>
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> resetSearchingAnalyzer() {
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> <strong class="jxr_keyword">if</strong> (productSearchFieldAnalyzer != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> productSearchFieldAnalyzer.clear();
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> }
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <strong class="jxr_keyword">if</strong> (vendorSearchFieldAnalyzer != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> vendorSearchFieldAnalyzer.clear();
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> }
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> }
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a>
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <em class="jxr_javadoccomment"> * Searches the index using the given search string.</em>
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <em class="jxr_javadoccomment"> * @param searchString the query text</em>
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <em class="jxr_javadoccomment"> * @param maxQueryResults the maximum number of documents to return</em>
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <em class="jxr_javadoccomment"> * @return the TopDocs found by the search</em>
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <em class="jxr_javadoccomment"> * @throws ParseException thrown when the searchString is invalid</em>
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <em class="jxr_javadoccomment"> * @throws IOException is thrown if there is an issue with the underlying Index</em>
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> <strong class="jxr_keyword">public</strong> TopDocs search(String searchString, <strong class="jxr_keyword">int</strong> maxQueryResults) <strong class="jxr_keyword">throws</strong> ParseException, IOException {
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> <strong class="jxr_keyword">if</strong> (searchString == <strong class="jxr_keyword">null</strong> || searchString.trim().isEmpty()) {
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> ParseException(<span class="jxr_string">"Query is null or empty"</span>);
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> }
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <strong class="jxr_keyword">final</strong> Query query = queryParser.parse(searchString);
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <strong class="jxr_keyword">return</strong> indexSearcher.search(query, maxQueryResults);
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> }
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a>
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <em class="jxr_javadoccomment"> * Searches the index using the given query.</em>
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <em class="jxr_javadoccomment"> * @param query the query used to search the index</em>
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <em class="jxr_javadoccomment"> * @param maxQueryResults the max number of results to return</em>
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_javadoccomment"> * @return the TopDocs found be the query</em>
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <em class="jxr_javadoccomment"> * @throws CorruptIndexException thrown if the Index is corrupt</em>
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <em class="jxr_javadoccomment"> * @throws IOException thrown if there is an IOException</em>
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <strong class="jxr_keyword">public</strong> TopDocs search(Query query, <strong class="jxr_keyword">int</strong> maxQueryResults) <strong class="jxr_keyword">throws</strong> CorruptIndexException, IOException {
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> resetSearchingAnalyzer();
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <strong class="jxr_keyword">return</strong> indexSearcher.search(query, maxQueryResults);
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> }
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a>
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <em class="jxr_javadoccomment"> * Retrieves a document from the Index.</em>
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <em class="jxr_javadoccomment"> * @param documentId the id of the document to retrieve</em>
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> <em class="jxr_javadoccomment"> * @return the Document</em>
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> <em class="jxr_javadoccomment"> * @throws IOException thrown if there is an IOException</em>
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <strong class="jxr_keyword">public</strong> Document getDocument(<strong class="jxr_keyword">int</strong> documentId) <strong class="jxr_keyword">throws</strong> IOException {
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> <strong class="jxr_keyword">return</strong> indexSearcher.doc(documentId);
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> }
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a>
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <em class="jxr_javadoccomment"> * Returns the number of CPE entries stored in the index.</em>
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> <em class="jxr_javadoccomment"> * @return the number of CPE entries stored in the index</em>
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">int</strong> numDocs() {
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <strong class="jxr_keyword">if</strong> (indexReader == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> <strong class="jxr_keyword">return</strong> -1;
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> }
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> <strong class="jxr_keyword">return</strong> indexReader.numDocs();
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> }
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.cpe</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.cpe</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.cpe</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.cpe</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -37,65 +37,69 @@
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <em class="jxr_javadoccomment"> * @author Jeremy Long <jeremy.long@owasp.org></em>
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../../org/owasp/dependencycheck/data/cwe/CweDB.html">CweDB</a> {
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <em class="jxr_javadoccomment"> * The Logger.</em>
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = Logger.getLogger(CweDB.<strong class="jxr_keyword">class</strong>.getName());
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> * Empty private constructor as this is a utility class.</em>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/owasp/dependencycheck/data/cwe/CweDB.html">CweDB</a>() {
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_comment">//empty</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> }
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * A HashMap of the CWE data.</em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> HashMap<String, String> CWE = loadData();
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * Loads a HashMap containing the CWE data from a resource found in the jar.</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment"> * @return a HashMap of CWE data</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> HashMap<String, String> loadData() {
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> ObjectInputStream oin = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <strong class="jxr_keyword">final</strong> String filePath = <span class="jxr_string">"data/cwe.hashmap.serialized"</span>;
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <strong class="jxr_keyword">final</strong> InputStream input = CweDB.<strong class="jxr_keyword">class</strong>.getClassLoader().getResourceAsStream(filePath);
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> oin = <strong class="jxr_keyword">new</strong> ObjectInputStream(input);
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">return</strong> (HashMap<String, String>) oin.readObject();
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> } <strong class="jxr_keyword">catch</strong> (ClassNotFoundException ex) {
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> LOGGER.log(Level.WARNING, <span class="jxr_string">"Unable to load CWE data. This should not be an issue."</span>);
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> LOGGER.log(Level.WARNING, <span class="jxr_string">"Unable to load CWE data due to an IO Error. This should not be an issue."</span>);
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <strong class="jxr_keyword">if</strong> (oin != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> oin.close();
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> }
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> }
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> }
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> }
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> * Returns the full CWE name from the CWE ID.</p></em>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * @param cweId the CWE ID</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> * @return the full name of the CWE</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> String getCweName(String cweId) {
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <strong class="jxr_keyword">if</strong> (cweId != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <strong class="jxr_keyword">return</strong> CWE.get(cweId);
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> }
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> }
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> }
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a>
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <em class="jxr_javadoccomment"> * The Logger.</em>
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = Logger.getLogger(CweDB.<strong class="jxr_keyword">class</strong>.getName());
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> * Empty private constructor as this is a utility class.</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/owasp/dependencycheck/data/cwe/CweDB.html">CweDB</a>() {
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_comment">//empty</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> }
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> * A HashMap of the CWE data.</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> HashMap<String, String> CWE = loadData();
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment"> * Loads a HashMap containing the CWE data from a resource found in the jar.</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> * @return a HashMap of CWE data</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> HashMap<String, String> loadData() {
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> ObjectInputStream oin = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">final</strong> String filePath = <span class="jxr_string">"data/cwe.hashmap.serialized"</span>;
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">final</strong> InputStream input = CweDB.<strong class="jxr_keyword">class</strong>.getClassLoader().getResourceAsStream(filePath);
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> oin = <strong class="jxr_keyword">new</strong> ObjectInputStream(input);
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> @SuppressWarnings(<span class="jxr_string">"unchecked"</span>)
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <strong class="jxr_keyword">final</strong> HashMap<String, String> ret = (HashMap<String, String>) oin.readObject();
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <strong class="jxr_keyword">return</strong> ret;
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> } <strong class="jxr_keyword">catch</strong> (ClassNotFoundException ex) {
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> LOGGER.log(Level.WARNING, <span class="jxr_string">"Unable to load CWE data. This should not be an issue."</span>);
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> LOGGER.log(Level.WARNING, <span class="jxr_string">"Unable to load CWE data due to an IO Error. This should not be an issue."</span>);
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">if</strong> (oin != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> oin.close();
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> }
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> }
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> }
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> }
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> * <p></em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> * Returns the full CWE name from the CWE ID.</p></em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> * @param cweId the CWE ID</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> * @return the full name of the CWE</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> String getCweName(String cweId) {
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">if</strong> (cweId != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <strong class="jxr_keyword">return</strong> CWE.get(cweId);
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> }
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> }
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.cwe</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.cwe</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.cwe</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.cwe</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.lucene</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.lucene</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.lucene</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.lucene</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.nexus</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.nexus</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.nexus</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.nexus</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.nuget</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.nuget</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.nuget</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.nuget</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -314,14 +314,14 @@
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <em class="jxr_javadoccomment"> * @throws DatabaseException thrown when there is an error retrieving the data from the DB</em>
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <strong class="jxr_keyword">public</strong> Set<Pair<String, String>> getVendorProductList() <strong class="jxr_keyword">throws</strong> DatabaseException {
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <strong class="jxr_keyword">final</strong> HashSet data = <strong class="jxr_keyword">new</strong> HashSet<Pair<String, String>>();
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <strong class="jxr_keyword">final</strong> Set<Pair<String, String>> data = <strong class="jxr_keyword">new</strong> HashSet<Pair<String, String>>();
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> ResultSet rs = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> PreparedStatement ps = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> ps = getConnection().prepareStatement(SELECT_VENDOR_PRODUCT_LIST);
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> rs = ps.executeQuery();
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> <strong class="jxr_keyword">while</strong> (rs.next()) {
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> data.add(<strong class="jxr_keyword">new</strong> <a href="../../../../../org/owasp/dependencycheck/utils/Pair.html">Pair</a>(rs.getString(1), rs.getString(2)));
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> data.add(<strong class="jxr_keyword">new</strong> Pair<String, String>(rs.getString(1), rs.getString(2)));
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> }
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> } <strong class="jxr_keyword">catch</strong> (SQLException ex) {
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <strong class="jxr_keyword">final</strong> String msg = <span class="jxr_string">"An unexpected SQL Exception occurred; please see the verbose log for more details."</span>;
|
||||
@@ -739,7 +739,7 @@
|
||||
<a class="jxr_linenumber" name="L731" href="#L731">731</a> <em class="jxr_javadoccomment"> * @param previous a flag indicating if previous versions of the product are vulnerable</em>
|
||||
<a class="jxr_linenumber" name="L732" href="#L732">732</a> <em class="jxr_javadoccomment"> * @return true if the identified version is affected, otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L733" href="#L733">733</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L734" href="#L734">734</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isAffected(String vendor, String product, <a href="../../../../../org/owasp/dependencycheck/utils/DependencyVersion.html">DependencyVersion</a> identifiedVersion, String cpeId, String previous) {
|
||||
<a class="jxr_linenumber" name="L734" href="#L734">734</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">boolean</strong> isAffected(String vendor, String product, <a href="../../../../../org/owasp/dependencycheck/utils/DependencyVersion.html">DependencyVersion</a> identifiedVersion, String cpeId, String previous) {
|
||||
<a class="jxr_linenumber" name="L735" href="#L735">735</a> <strong class="jxr_keyword">boolean</strong> affected = false;
|
||||
<a class="jxr_linenumber" name="L736" href="#L736">736</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> isStruts = <span class="jxr_string">"apache"</span>.equals(vendor) && <span class="jxr_string">"struts"</span>.equals(product);
|
||||
<a class="jxr_linenumber" name="L737" href="#L737">737</a> <strong class="jxr_keyword">final</strong> <a href="../../../../../org/owasp/dependencycheck/utils/DependencyVersion.html">DependencyVersion</a> v = parseDependencyVersion(cpeId);
|
||||
|
||||
@@ -150,8 +150,8 @@
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment"> * @return a map of the database meta data</em>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <strong class="jxr_keyword">public</strong> Map getMetaData() {
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <strong class="jxr_keyword">final</strong> TreeMap map = <strong class="jxr_keyword">new</strong> TreeMap();
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <strong class="jxr_keyword">public</strong> Map<String, String> getMetaData() {
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <strong class="jxr_keyword">final</strong> TreeMap<String, String> map = <strong class="jxr_keyword">new</strong> TreeMap<String, String>();
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <strong class="jxr_keyword">for</strong> (Entry<Object, Object> entry : properties.entrySet()) {
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <strong class="jxr_keyword">final</strong> String key = (String) entry.getKey();
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">if</strong> (!<span class="jxr_string">"version"</span>.equals(key)) {
|
||||
@@ -164,10 +164,10 @@
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> map.put(key, formatted);
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) { <em class="jxr_comment">//deliberately being broad in this catch clause</em>
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> LOGGER.log(Level.FINE, <span class="jxr_string">"Unable to parse timestamp from DB"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> map.put(key, entry.getValue());
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> map.put(key, (String) entry.getValue());
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> }
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> map.put(key, entry.getValue());
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> map.put(key, (String) entry.getValue());
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> }
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> }
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> }
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.nvdcve</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.nvdcve</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.nvdcve</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.nvdcve</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.update.exception</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.update.exception</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.update.exception</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.update.exception</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.update</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.update</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.update</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.update</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -26,226 +26,283 @@
|
||||
<a class="jxr_linenumber" name="L18" href="#L18">18</a> <strong class="jxr_keyword">package</strong> org.owasp.dependencycheck.data.update.task;
|
||||
<a class="jxr_linenumber" name="L19" href="#L19">19</a>
|
||||
<a class="jxr_linenumber" name="L20" href="#L20">20</a> <strong class="jxr_keyword">import</strong> java.io.File;
|
||||
<a class="jxr_linenumber" name="L21" href="#L21">21</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
|
||||
<a class="jxr_linenumber" name="L22" href="#L22">22</a> <strong class="jxr_keyword">import</strong> java.net.URL;
|
||||
<a class="jxr_linenumber" name="L23" href="#L23">23</a> <strong class="jxr_keyword">import</strong> java.util.concurrent.Callable;
|
||||
<a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> java.util.concurrent.ExecutorService;
|
||||
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> java.util.concurrent.Future;
|
||||
<a class="jxr_linenumber" name="L26" href="#L26">26</a> <strong class="jxr_keyword">import</strong> java.util.logging.Level;
|
||||
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> java.util.logging.Logger;
|
||||
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.update.NvdCveInfo;
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.update.exception.UpdateException;
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.DownloadFailedException;
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Downloader;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a>
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment"> * A callable object to download two files.</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> * @author Jeremy Long <jeremy.long@owasp.org></em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/task/DownloadTask.html">DownloadTask</a> <strong class="jxr_keyword">implements</strong> Callable<Future<ProcessTask>> {
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * The Logger.</em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = Logger.getLogger(DownloadTask.<strong class="jxr_keyword">class</strong>.getName());
|
||||
<a class="jxr_linenumber" name="L21" href="#L21">21</a> <strong class="jxr_keyword">import</strong> java.io.FileInputStream;
|
||||
<a class="jxr_linenumber" name="L22" href="#L22">22</a> <strong class="jxr_keyword">import</strong> java.io.FileNotFoundException;
|
||||
<a class="jxr_linenumber" name="L23" href="#L23">23</a> <strong class="jxr_keyword">import</strong> java.io.FileOutputStream;
|
||||
<a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
|
||||
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> java.net.URL;
|
||||
<a class="jxr_linenumber" name="L26" href="#L26">26</a> <strong class="jxr_keyword">import</strong> java.util.concurrent.Callable;
|
||||
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> java.util.concurrent.ExecutorService;
|
||||
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <strong class="jxr_keyword">import</strong> java.util.concurrent.Future;
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> java.util.logging.Level;
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> java.util.logging.Logger;
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> java.util.zip.GZIPInputStream;
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> org.apache.commons.io.FileUtils;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.update.NvdCveInfo;
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.update.exception.UpdateException;
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.DownloadFailedException;
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Downloader;
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * A callable object to download two files.</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * @author Jeremy Long <jeremy.long@owasp.org></em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/task/DownloadTask.html">DownloadTask</a> <strong class="jxr_keyword">implements</strong> Callable<Future<ProcessTask>> {
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * Simple constructor for the callable download task.</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment"> * @param nvdCveInfo the NVD CVE info</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> * @param processor the processor service to submit the downloaded files to</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> * @param cveDB the CVE DB to use to store the vulnerability data</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> * @param settings a reference to the global settings object; this is necessary so that when the thread is started</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> * the dependencies have a correct reference to the global settings.</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> * @throws UpdateException thrown if temporary files could not be created</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">public</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/task/DownloadTask.html">DownloadTask</a>(<a href="../../../../../../org/owasp/dependencycheck/data/update/NvdCveInfo.html">NvdCveInfo</a> nvdCveInfo, ExecutorService processor, <a href="../../../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a> cveDB, Settings settings) <strong class="jxr_keyword">throws</strong> UpdateException {
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">this</strong>.nvdCveInfo = nvdCveInfo;
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <strong class="jxr_keyword">this</strong>.processorService = processor;
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <strong class="jxr_keyword">this</strong>.cveDB = cveDB;
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <strong class="jxr_keyword">this</strong>.settings = settings;
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <strong class="jxr_keyword">final</strong> File file1;
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">final</strong> File file2;
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a>
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> file1 = File.createTempFile(<span class="jxr_string">"cve"</span> + nvdCveInfo.getId() + <span class="jxr_string">"_"</span>, <span class="jxr_string">".xml"</span>, Settings.getTempDirectory());
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> file2 = File.createTempFile(<span class="jxr_string">"cve_1_2_"</span> + nvdCveInfo.getId() + <span class="jxr_string">"_"</span>, <span class="jxr_string">".xml"</span>, Settings.getTempDirectory());
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/exception/UpdateException.html">UpdateException</a>(<span class="jxr_string">"Unable to create temporary files"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> }
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <strong class="jxr_keyword">this</strong>.first = file1;
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <strong class="jxr_keyword">this</strong>.second = file2;
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a>
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> }
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> * The CVE DB to use when processing the files.</em>
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a> cveDB;
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * The processor service to pass the results of the download to.</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <strong class="jxr_keyword">private</strong> ExecutorService processorService;
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> * The NVD CVE Meta Data.</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/NvdCveInfo.html">NvdCveInfo</a> nvdCveInfo;
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment"> * A reference to the global settings object.</em>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">private</strong> Settings settings;
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * The Logger.</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = Logger.getLogger(DownloadTask.<strong class="jxr_keyword">class</strong>.getName());
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> * Simple constructor for the callable download task.</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> * @param nvdCveInfo the NVD CVE info</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> * @param processor the processor service to submit the downloaded files to</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> * @param cveDB the CVE DB to use to store the vulnerability data</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> * @param settings a reference to the global settings object; this is necessary so that when the thread is started</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment"> * the dependencies have a correct reference to the global settings.</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment"> * @throws UpdateException thrown if temporary files could not be created</em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <strong class="jxr_keyword">public</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/task/DownloadTask.html">DownloadTask</a>(<a href="../../../../../../org/owasp/dependencycheck/data/update/NvdCveInfo.html">NvdCveInfo</a> nvdCveInfo, ExecutorService processor, <a href="../../../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a> cveDB, Settings settings) <strong class="jxr_keyword">throws</strong> UpdateException {
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <strong class="jxr_keyword">this</strong>.nvdCveInfo = nvdCveInfo;
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">this</strong>.processorService = processor;
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <strong class="jxr_keyword">this</strong>.cveDB = cveDB;
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <strong class="jxr_keyword">this</strong>.settings = settings;
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">final</strong> File file1;
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <strong class="jxr_keyword">final</strong> File file2;
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> file1 = File.createTempFile(<span class="jxr_string">"cve"</span> + nvdCveInfo.getId() + <span class="jxr_string">"_"</span>, <span class="jxr_string">".xml"</span>, Settings.getTempDirectory());
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> file2 = File.createTempFile(<span class="jxr_string">"cve_1_2_"</span> + nvdCveInfo.getId() + <span class="jxr_string">"_"</span>, <span class="jxr_string">".xml"</span>, Settings.getTempDirectory());
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/exception/UpdateException.html">UpdateException</a>(<span class="jxr_string">"Unable to create temporary files"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> }
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <strong class="jxr_keyword">this</strong>.first = file1;
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">this</strong>.second = file2;
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a>
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> }
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> * The CVE DB to use when processing the files.</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a> cveDB;
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> * The processor service to pass the results of the download to.</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">private</strong> ExecutorService processorService;
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment"> * The NVD CVE Meta Data.</em>
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/NvdCveInfo.html">NvdCveInfo</a> nvdCveInfo;
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> * Get the value of nvdCveInfo.</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * @return the value of nvdCveInfo</em>
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">public</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/NvdCveInfo.html">NvdCveInfo</a> getNvdCveInfo() {
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">return</strong> nvdCveInfo;
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> }
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> * Set the value of nvdCveInfo.</em>
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> * @param nvdCveInfo new value of nvdCveInfo</em>
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setNvdCveInfo(<a href="../../../../../../org/owasp/dependencycheck/data/update/NvdCveInfo.html">NvdCveInfo</a> nvdCveInfo) {
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">this</strong>.nvdCveInfo = nvdCveInfo;
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> }
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment"> * a file.</em>
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">private</strong> File first;
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a>
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> * A reference to the global settings object.</em>
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <strong class="jxr_keyword">private</strong> Settings settings;
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a>
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment"> * Get the value of nvdCveInfo.</em>
|
||||
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> * @return the value of nvdCveInfo</em>
|
||||
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <strong class="jxr_keyword">public</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/NvdCveInfo.html">NvdCveInfo</a> getNvdCveInfo() {
|
||||
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <strong class="jxr_keyword">return</strong> nvdCveInfo;
|
||||
<a class="jxr_linenumber" name="L105" href="#L105">105</a> }
|
||||
<a class="jxr_linenumber" name="L106" href="#L106">106</a>
|
||||
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_javadoccomment"> * Set the value of nvdCveInfo.</em>
|
||||
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment"> * @param nvdCveInfo new value of nvdCveInfo</em>
|
||||
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setNvdCveInfo(<a href="../../../../../../org/owasp/dependencycheck/data/update/NvdCveInfo.html">NvdCveInfo</a> nvdCveInfo) {
|
||||
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">this</strong>.nvdCveInfo = nvdCveInfo;
|
||||
<a class="jxr_linenumber" name="L114" href="#L114">114</a> }
|
||||
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment"> * Get the value of first.</em>
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment"> * @return the value of first</em>
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <strong class="jxr_keyword">public</strong> File getFirst() {
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">return</strong> first;
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> }
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment"> * Set the value of first.</em>
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> * @param first new value of first</em>
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setFirst(File first) {
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <strong class="jxr_keyword">this</strong>.first = first;
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> }
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <em class="jxr_javadoccomment"> * a file.</em>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <strong class="jxr_keyword">private</strong> File second;
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a>
|
||||
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment"> * a file.</em>
|
||||
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <strong class="jxr_keyword">private</strong> File first;
|
||||
<a class="jxr_linenumber" name="L119" href="#L119">119</a>
|
||||
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <em class="jxr_javadoccomment"> * Get the value of first.</em>
|
||||
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <em class="jxr_javadoccomment"> * @return the value of first</em>
|
||||
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <strong class="jxr_keyword">public</strong> File getFirst() {
|
||||
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">return</strong> first;
|
||||
<a class="jxr_linenumber" name="L127" href="#L127">127</a> }
|
||||
<a class="jxr_linenumber" name="L128" href="#L128">128</a>
|
||||
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment"> * Set the value of first.</em>
|
||||
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment"> * @param first new value of first</em>
|
||||
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setFirst(File first) {
|
||||
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <strong class="jxr_keyword">this</strong>.first = first;
|
||||
<a class="jxr_linenumber" name="L136" href="#L136">136</a> }
|
||||
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> * Get the value of second.</em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <em class="jxr_javadoccomment"> * @return the value of second</em>
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <strong class="jxr_keyword">public</strong> File getSecond() {
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <strong class="jxr_keyword">return</strong> second;
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> }
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> * Set the value of second.</em>
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment"> * @param second new value of second</em>
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setSecond(File second) {
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">this</strong>.second = second;
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> }
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> * A placeholder for an exception.</em>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">private</strong> Exception exception = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a>
|
||||
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> * a file.</em>
|
||||
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">private</strong> File second;
|
||||
<a class="jxr_linenumber" name="L141" href="#L141">141</a>
|
||||
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment"> * Get the value of second.</em>
|
||||
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> * @return the value of second</em>
|
||||
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <strong class="jxr_keyword">public</strong> File getSecond() {
|
||||
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <strong class="jxr_keyword">return</strong> second;
|
||||
<a class="jxr_linenumber" name="L149" href="#L149">149</a> }
|
||||
<a class="jxr_linenumber" name="L150" href="#L150">150</a>
|
||||
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_javadoccomment"> * Set the value of second.</em>
|
||||
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment"> * @param second new value of second</em>
|
||||
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setSecond(File second) {
|
||||
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">this</strong>.second = second;
|
||||
<a class="jxr_linenumber" name="L158" href="#L158">158</a> }
|
||||
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <em class="jxr_javadoccomment"> * Get the value of exception.</em>
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <em class="jxr_javadoccomment"> * @return the value of exception</em>
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">public</strong> Exception getException() {
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">return</strong> exception;
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> }
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a>
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_javadoccomment"> * returns whether or not an exception occurred during download.</em>
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <em class="jxr_javadoccomment"> * @return whether or not an exception occurred during download</em>
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> hasException() {
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <strong class="jxr_keyword">return</strong> exception != <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> }
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a>
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> @Override
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">public</strong> Future<ProcessTask> call() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> Settings.setInstance(settings);
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <strong class="jxr_keyword">final</strong> URL url1 = <strong class="jxr_keyword">new</strong> URL(nvdCveInfo.getUrl());
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <strong class="jxr_keyword">final</strong> URL url2 = <strong class="jxr_keyword">new</strong> URL(nvdCveInfo.getOldSchemaVersionUrl());
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> String msg = String.format(<span class="jxr_string">"Download Started for NVD CVE - %s"</span>, nvdCveInfo.getId());
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> LOGGER.log(Level.INFO, msg);
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> Downloader.fetchFile(url1, first);
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> Downloader.fetchFile(url2, second);
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> } <strong class="jxr_keyword">catch</strong> (DownloadFailedException ex) {
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> msg = String.format(<span class="jxr_string">"Download Failed for NVD CVE - %s%nSome CVEs may not be reported."</span>, nvdCveInfo.getId());
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> LOGGER.log(Level.WARNING, msg);
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <strong class="jxr_keyword">if</strong> (Settings.getString(Settings.KEYS.PROXY_SERVER) == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> LOGGER.log(Level.INFO,
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <span class="jxr_string">"If you are behind a proxy you may need to configure dependency-check to use the proxy."</span>);
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> }
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> }
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a>
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> msg = String.format(<span class="jxr_string">"Download Complete for NVD CVE - %s"</span>, nvdCveInfo.getId());
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> LOGGER.log(Level.INFO, msg);
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a>
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <strong class="jxr_keyword">final</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/task/ProcessTask.html">ProcessTask</a> task = <strong class="jxr_keyword">new</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/task/ProcessTask.html">ProcessTask</a>(cveDB, <strong class="jxr_keyword">this</strong>, settings);
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">this</strong>.processorService.submit(task);
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a>
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"An exception occurred downloading NVD CVE - %s%nSome CVEs may not be reported."</span>, nvdCveInfo.getId());
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> LOGGER.log(Level.WARNING, msg);
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> LOGGER.log(Level.FINE, <span class="jxr_string">"Download Task Failed"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> Settings.cleanup(false);
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> }
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> }
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a>
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <em class="jxr_javadoccomment"> * Attempts to delete the files that were downloaded.</em>
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> cleanup() {
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">boolean</strong> deleted = false;
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">if</strong> (first != <strong class="jxr_keyword">null</strong> && first.exists()) {
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> deleted = first.delete();
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> }
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">if</strong> (first != <strong class="jxr_keyword">null</strong> && (first.exists() || !deleted)) {
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> first.deleteOnExit();
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> }
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> }
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> deleted = false;
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <strong class="jxr_keyword">if</strong> (second != <strong class="jxr_keyword">null</strong> && second.exists()) {
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> deleted = second.delete();
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> }
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <strong class="jxr_keyword">if</strong> (second != <strong class="jxr_keyword">null</strong> && (second.exists() || !deleted)) {
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> second.deleteOnExit();
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> }
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> }
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> }
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> }
|
||||
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <em class="jxr_javadoccomment"> * A placeholder for an exception.</em>
|
||||
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">private</strong> Exception exception = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L163" href="#L163">163</a>
|
||||
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_javadoccomment"> * Get the value of exception.</em>
|
||||
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <em class="jxr_javadoccomment"> * @return the value of exception</em>
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <strong class="jxr_keyword">public</strong> Exception getException() {
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">return</strong> exception;
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> }
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a>
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment"> * returns whether or not an exception occurred during download.</em>
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <em class="jxr_javadoccomment"> * @return whether or not an exception occurred during download</em>
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> hasException() {
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">return</strong> exception != <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> }
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a>
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> @Override
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <strong class="jxr_keyword">public</strong> Future<ProcessTask> call() <strong class="jxr_keyword">throws</strong> Exception {
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> Settings.setInstance(settings);
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <strong class="jxr_keyword">final</strong> URL url1 = <strong class="jxr_keyword">new</strong> URL(nvdCveInfo.getUrl());
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <strong class="jxr_keyword">final</strong> URL url2 = <strong class="jxr_keyword">new</strong> URL(nvdCveInfo.getOldSchemaVersionUrl());
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> String msg = String.format(<span class="jxr_string">"Download Started for NVD CVE - %s"</span>, nvdCveInfo.getId());
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> LOGGER.log(Level.INFO, msg);
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> Downloader.fetchFile(url1, first);
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> Downloader.fetchFile(url2, second);
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> } <strong class="jxr_keyword">catch</strong> (DownloadFailedException ex) {
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> msg = String.format(<span class="jxr_string">"Download Failed for NVD CVE - %s%nSome CVEs may not be reported."</span>, nvdCveInfo.getId());
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> LOGGER.log(Level.WARNING, msg);
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">if</strong> (Settings.getString(Settings.KEYS.PROXY_SERVER) == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> LOGGER.log(Level.INFO,
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <span class="jxr_string">"If you are behind a proxy you may need to configure dependency-check to use the proxy."</span>);
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> }
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> }
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <strong class="jxr_keyword">if</strong> (url1.toExternalForm().endsWith(<span class="jxr_string">".xml.gz"</span>)) {
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> extractGzip(first);
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> }
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <strong class="jxr_keyword">if</strong> (url2.toExternalForm().endsWith(<span class="jxr_string">".xml.gz"</span>)) {
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> extractGzip(second);
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> }
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a>
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> msg = String.format(<span class="jxr_string">"Download Complete for NVD CVE - %s"</span>, nvdCveInfo.getId());
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> LOGGER.log(Level.INFO, msg);
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.processorService == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> }
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <strong class="jxr_keyword">final</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/task/ProcessTask.html">ProcessTask</a> task = <strong class="jxr_keyword">new</strong> <a href="../../../../../../org/owasp/dependencycheck/data/update/task/ProcessTask.html">ProcessTask</a>(cveDB, <strong class="jxr_keyword">this</strong>, settings);
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">this</strong>.processorService.submit(task);
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a>
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"An exception occurred downloading NVD CVE - %s%nSome CVEs may not be reported."</span>, nvdCveInfo.getId());
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> LOGGER.log(Level.WARNING, msg);
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> LOGGER.log(Level.FINE, <span class="jxr_string">"Download Task Failed"</span>, ex);
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> Settings.cleanup(false);
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> }
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> }
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a>
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a> <em class="jxr_javadoccomment"> * Attempts to delete the files that were downloaded.</em>
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> cleanup() {
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <strong class="jxr_keyword">boolean</strong> deleted = false;
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <strong class="jxr_keyword">if</strong> (first != <strong class="jxr_keyword">null</strong> && first.exists()) {
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> deleted = first.delete();
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> }
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <strong class="jxr_keyword">if</strong> (first != <strong class="jxr_keyword">null</strong> && (first.exists() || !deleted)) {
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> first.deleteOnExit();
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> }
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> }
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> deleted = false;
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <strong class="jxr_keyword">if</strong> (second != <strong class="jxr_keyword">null</strong> && second.exists()) {
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> deleted = second.delete();
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> }
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <strong class="jxr_keyword">if</strong> (second != <strong class="jxr_keyword">null</strong> && (second.exists() || !deleted)) {
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> second.deleteOnExit();
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> }
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> }
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> }
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a>
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <em class="jxr_javadoccomment"> * Extracts the file contained in a gzip archive. The extracted file is placed in the exact same path as the file</em>
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <em class="jxr_javadoccomment"> * specified.</em>
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <em class="jxr_javadoccomment"> * @param file the archive file</em>
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <em class="jxr_javadoccomment"> * @throws FileNotFoundException thrown if the file does not exist</em>
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <em class="jxr_javadoccomment"> * @throws IOException thrown if there is an error extracting the file.</em>
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractGzip(File file) <strong class="jxr_keyword">throws</strong> FileNotFoundException, IOException {
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <strong class="jxr_keyword">final</strong> String originalPath = file.getPath();
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> File gzip = <strong class="jxr_keyword">new</strong> File(originalPath + <span class="jxr_string">".gz"</span>);
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> <strong class="jxr_keyword">if</strong> (gzip.isFile()) {
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> gzip.delete();
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> }
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> <strong class="jxr_keyword">if</strong> (!file.renameTo(gzip)) {
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IOException(<span class="jxr_string">"Unable to rename '"</span> + file.getPath() + <span class="jxr_string">"'"</span>);
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> }
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <strong class="jxr_keyword">final</strong> File newfile = <strong class="jxr_keyword">new</strong> File(originalPath);
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a>
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <strong class="jxr_keyword">final</strong> byte[] buffer = <strong class="jxr_keyword">new</strong> byte[4096];
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a>
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> GZIPInputStream cin = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> FileOutputStream out = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> cin = <strong class="jxr_keyword">new</strong> GZIPInputStream(<strong class="jxr_keyword">new</strong> FileInputStream(gzip));
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> out = <strong class="jxr_keyword">new</strong> FileOutputStream(newfile);
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a>
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <strong class="jxr_keyword">int</strong> len;
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <strong class="jxr_keyword">while</strong> ((len = cin.read(buffer)) > 0) {
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> out.write(buffer, 0, len);
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> }
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <strong class="jxr_keyword">if</strong> (cin != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> cin.close();
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> }
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <strong class="jxr_keyword">if</strong> (out != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> out.close();
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> }
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <strong class="jxr_keyword">if</strong> (gzip.isFile()) {
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> FileUtils.deleteQuietly(gzip);
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> }
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> }
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> }
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.update.task</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.update.task</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.update.task</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.update.task</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.update.xml</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.update.xml</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.data.update.xml</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.data.update.xml</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.dependency</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.dependency</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.dependency</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.dependency</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.exception</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.exception</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.exception</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.exception</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.jaxb.pom.generated</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.jaxb.pom.generated</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.jaxb.pom.generated</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.jaxb.pom.generated</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.jaxb.pom</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.jaxb.pom</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.jaxb.pom</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.jaxb.pom</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -175,96 +175,109 @@
|
||||
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> generateReports(String outputDir, String outputFormat) <strong class="jxr_keyword">throws</strong> IOException, Exception {
|
||||
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <strong class="jxr_keyword">final</strong> String format = outputFormat.toUpperCase();
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">if</strong> (format.matches(<span class="jxr_string">"^(XML|HTML|VULN|ALL)$"</span>)) {
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"XML"</span>.equalsIgnoreCase(format)) {
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> generateReports(outputDir, Format.XML);
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> }
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"HTML"</span>.equalsIgnoreCase(format)) {
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> generateReports(outputDir, Format.HTML);
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> }
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"VULN"</span>.equalsIgnoreCase(format)) {
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> generateReports(outputDir, Format.VULN);
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> }
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"ALL"</span>.equalsIgnoreCase(format)) {
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> generateReports(outputDir, Format.ALL);
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> }
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> }
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> }
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a>
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment"> * Generates a report from a given Velocity Template. The template name provided can be the name of a template</em>
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment"> * contained in the jar file, such as 'XmlReport' or 'HtmlReport', or the template name can be the path to a</em>
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> * template file.</em>
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> * @param templateName the name of the template to load.</em>
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment"> * @param outFileName the filename and path to write the report to.</em>
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment"> * @throws IOException is thrown when the template file does not exist.</em>
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <em class="jxr_javadoccomment"> * @throws Exception is thrown when an exception occurs.</em>
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> generateReport(String templateName, String outFileName) <strong class="jxr_keyword">throws</strong> IOException, Exception {
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> InputStream input = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a> String templatePath = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <strong class="jxr_keyword">final</strong> File f = <strong class="jxr_keyword">new</strong> File(templateName);
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <strong class="jxr_keyword">if</strong> (f.exists() && f.isFile()) {
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> templatePath = templateName;
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> input = <strong class="jxr_keyword">new</strong> FileInputStream(f);
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <strong class="jxr_keyword">final</strong> String msg = <span class="jxr_string">"Unable to generate the report, the report template file could not be found."</span>;
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> LOGGER.log(Level.SEVERE, msg);
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> }
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> templatePath = <span class="jxr_string">"templates/"</span> + templateName + <span class="jxr_string">".vsl"</span>;
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> input = <strong class="jxr_keyword">this</strong>.getClass().getClassLoader().getResourceAsStream(templatePath);
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> }
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <strong class="jxr_keyword">if</strong> (input == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IOException(<span class="jxr_string">"Template file doesn't exist"</span>);
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> }
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a>
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <strong class="jxr_keyword">final</strong> InputStreamReader reader = <strong class="jxr_keyword">new</strong> InputStreamReader(input, <span class="jxr_string">"UTF-8"</span>);
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> OutputStreamWriter writer = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> OutputStream outputStream = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a>
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <strong class="jxr_keyword">final</strong> File outDir = <strong class="jxr_keyword">new</strong> File(outFileName).getParentFile();
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <strong class="jxr_keyword">if</strong> (!outDir.exists()) {
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> created = outDir.mkdirs();
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">if</strong> (!created) {
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> Exception(<span class="jxr_string">"Unable to create directory '"</span> + outDir.getAbsolutePath() + <span class="jxr_string">"'."</span>);
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> }
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> }
|
||||
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">final</strong> String pathToCheck = outputDir.toLowerCase();
|
||||
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">if</strong> (format.matches(<span class="jxr_string">"^(XML|HTML|VULN|ALL)$"</span>)) {
|
||||
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"XML"</span>.equalsIgnoreCase(format)) {
|
||||
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <strong class="jxr_keyword">if</strong> (pathToCheck.endsWith(<span class="jxr_string">".xml"</span>)) {
|
||||
<a class="jxr_linenumber" name="L174" href="#L174">174</a> generateReport(<span class="jxr_string">"XmlReport"</span>, outputDir);
|
||||
<a class="jxr_linenumber" name="L175" href="#L175">175</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L176" href="#L176">176</a> generateReports(outputDir, Format.XML);
|
||||
<a class="jxr_linenumber" name="L177" href="#L177">177</a> }
|
||||
<a class="jxr_linenumber" name="L178" href="#L178">178</a> }
|
||||
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"HTML"</span>.equalsIgnoreCase(format)) {
|
||||
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">if</strong> (pathToCheck.endsWith(<span class="jxr_string">".html"</span>) || pathToCheck.endsWith(<span class="jxr_string">".htm"</span>)) {
|
||||
<a class="jxr_linenumber" name="L181" href="#L181">181</a> generateReport(<span class="jxr_string">"HtmlReport"</span>, outputDir);
|
||||
<a class="jxr_linenumber" name="L182" href="#L182">182</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L183" href="#L183">183</a> generateReports(outputDir, Format.HTML);
|
||||
<a class="jxr_linenumber" name="L184" href="#L184">184</a> }
|
||||
<a class="jxr_linenumber" name="L185" href="#L185">185</a> }
|
||||
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"VULN"</span>.equalsIgnoreCase(format)) {
|
||||
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <strong class="jxr_keyword">if</strong> (pathToCheck.endsWith(<span class="jxr_string">".html"</span>) || pathToCheck.endsWith(<span class="jxr_string">".htm"</span>)) {
|
||||
<a class="jxr_linenumber" name="L188" href="#L188">188</a> generateReport(<span class="jxr_string">"VulnReport"</span>, outputDir);
|
||||
<a class="jxr_linenumber" name="L189" href="#L189">189</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L190" href="#L190">190</a> generateReports(outputDir, Format.VULN);
|
||||
<a class="jxr_linenumber" name="L191" href="#L191">191</a> }
|
||||
<a class="jxr_linenumber" name="L192" href="#L192">192</a> }
|
||||
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"ALL"</span>.equalsIgnoreCase(format)) {
|
||||
<a class="jxr_linenumber" name="L194" href="#L194">194</a> generateReports(outputDir, Format.ALL);
|
||||
<a class="jxr_linenumber" name="L195" href="#L195">195</a> }
|
||||
<a class="jxr_linenumber" name="L196" href="#L196">196</a> }
|
||||
<a class="jxr_linenumber" name="L197" href="#L197">197</a> }
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a>
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <em class="jxr_javadoccomment"> * Generates a report from a given Velocity Template. The template name provided can be the name of a template</em>
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <em class="jxr_javadoccomment"> * contained in the jar file, such as 'XmlReport' or 'HtmlReport', or the template name can be the path to a</em>
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <em class="jxr_javadoccomment"> * template file.</em>
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_javadoccomment"> * @param templateName the name of the template to load.</em>
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <em class="jxr_javadoccomment"> * @param outFileName the filename and path to write the report to.</em>
|
||||
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_javadoccomment"> * @throws IOException is thrown when the template file does not exist.</em>
|
||||
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <em class="jxr_javadoccomment"> * @throws Exception is thrown when an exception occurs.</em>
|
||||
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> generateReport(String templateName, String outFileName) <strong class="jxr_keyword">throws</strong> IOException, Exception {
|
||||
<a class="jxr_linenumber" name="L210" href="#L210">210</a> InputStream input = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L211" href="#L211">211</a> String templatePath = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <strong class="jxr_keyword">final</strong> File f = <strong class="jxr_keyword">new</strong> File(templateName);
|
||||
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <strong class="jxr_keyword">if</strong> (f.exists() && f.isFile()) {
|
||||
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L215" href="#L215">215</a> templatePath = templateName;
|
||||
<a class="jxr_linenumber" name="L216" href="#L216">216</a> input = <strong class="jxr_keyword">new</strong> FileInputStream(f);
|
||||
<a class="jxr_linenumber" name="L217" href="#L217">217</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
|
||||
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">final</strong> String msg = <span class="jxr_string">"Unable to generate the report, the report template file could not be found."</span>;
|
||||
<a class="jxr_linenumber" name="L219" href="#L219">219</a> LOGGER.log(Level.SEVERE, msg);
|
||||
<a class="jxr_linenumber" name="L220" href="#L220">220</a> LOGGER.log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L221" href="#L221">221</a> }
|
||||
<a class="jxr_linenumber" name="L222" href="#L222">222</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L223" href="#L223">223</a> templatePath = <span class="jxr_string">"templates/"</span> + templateName + <span class="jxr_string">".vsl"</span>;
|
||||
<a class="jxr_linenumber" name="L224" href="#L224">224</a> input = <strong class="jxr_keyword">this</strong>.getClass().getClassLoader().getResourceAsStream(templatePath);
|
||||
<a class="jxr_linenumber" name="L225" href="#L225">225</a> }
|
||||
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <strong class="jxr_keyword">if</strong> (input == <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L227" href="#L227">227</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IOException(<span class="jxr_string">"Template file doesn't exist"</span>);
|
||||
<a class="jxr_linenumber" name="L228" href="#L228">228</a> }
|
||||
<a class="jxr_linenumber" name="L229" href="#L229">229</a>
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> outputStream = <strong class="jxr_keyword">new</strong> FileOutputStream(outFileName);
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> writer = <strong class="jxr_keyword">new</strong> OutputStreamWriter(outputStream, <span class="jxr_string">"UTF-8"</span>);
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a>
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <strong class="jxr_keyword">if</strong> (!engine.evaluate(context, writer, templatePath, reader)) {
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> Exception(<span class="jxr_string">"Failed to convert the template into html."</span>);
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> }
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> writer.flush();
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <strong class="jxr_keyword">if</strong> (writer != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> writer.close();
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> }
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> }
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <strong class="jxr_keyword">if</strong> (outputStream != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> outputStream.close();
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> }
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> }
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> reader.close();
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> }
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> }
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> }
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> }
|
||||
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <strong class="jxr_keyword">final</strong> InputStreamReader reader = <strong class="jxr_keyword">new</strong> InputStreamReader(input, <span class="jxr_string">"UTF-8"</span>);
|
||||
<a class="jxr_linenumber" name="L231" href="#L231">231</a> OutputStreamWriter writer = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L232" href="#L232">232</a> OutputStream outputStream = <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L233" href="#L233">233</a>
|
||||
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <strong class="jxr_keyword">final</strong> File outDir = <strong class="jxr_keyword">new</strong> File(outFileName).getParentFile();
|
||||
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <strong class="jxr_keyword">if</strong> (!outDir.exists()) {
|
||||
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> created = outDir.mkdirs();
|
||||
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <strong class="jxr_keyword">if</strong> (!created) {
|
||||
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> Exception(<span class="jxr_string">"Unable to create directory '"</span> + outDir.getAbsolutePath() + <span class="jxr_string">"'."</span>);
|
||||
<a class="jxr_linenumber" name="L240" href="#L240">240</a> }
|
||||
<a class="jxr_linenumber" name="L241" href="#L241">241</a> }
|
||||
<a class="jxr_linenumber" name="L242" href="#L242">242</a>
|
||||
<a class="jxr_linenumber" name="L243" href="#L243">243</a> outputStream = <strong class="jxr_keyword">new</strong> FileOutputStream(outFileName);
|
||||
<a class="jxr_linenumber" name="L244" href="#L244">244</a> writer = <strong class="jxr_keyword">new</strong> OutputStreamWriter(outputStream, <span class="jxr_string">"UTF-8"</span>);
|
||||
<a class="jxr_linenumber" name="L245" href="#L245">245</a>
|
||||
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <strong class="jxr_keyword">if</strong> (!engine.evaluate(context, writer, templatePath, reader)) {
|
||||
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> Exception(<span class="jxr_string">"Failed to convert the template into html."</span>);
|
||||
<a class="jxr_linenumber" name="L248" href="#L248">248</a> }
|
||||
<a class="jxr_linenumber" name="L249" href="#L249">249</a> writer.flush();
|
||||
<a class="jxr_linenumber" name="L250" href="#L250">250</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <strong class="jxr_keyword">if</strong> (writer != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L253" href="#L253">253</a> writer.close();
|
||||
<a class="jxr_linenumber" name="L254" href="#L254">254</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L255" href="#L255">255</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L256" href="#L256">256</a> }
|
||||
<a class="jxr_linenumber" name="L257" href="#L257">257</a> }
|
||||
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <strong class="jxr_keyword">if</strong> (outputStream != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L260" href="#L260">260</a> outputStream.close();
|
||||
<a class="jxr_linenumber" name="L261" href="#L261">261</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L262" href="#L262">262</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L263" href="#L263">263</a> }
|
||||
<a class="jxr_linenumber" name="L264" href="#L264">264</a> }
|
||||
<a class="jxr_linenumber" name="L265" href="#L265">265</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> reader.close();
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a> LOGGER.log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> }
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> }
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> }
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.reporting</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.reporting</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.reporting</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.reporting</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -35,45 +35,40 @@
|
||||
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParseException.html">SuppressionParseException</a> <strong class="jxr_keyword">extends</strong> IOException {
|
||||
<a class="jxr_linenumber" name="L28" href="#L28">28</a>
|
||||
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <em class="jxr_javadoccomment"> * The serial version UID.</em>
|
||||
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <em class="jxr_javadoccomment"> * Creates a new SuppressionParseException.</em>
|
||||
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">long</strong> serialVersionUID = 1L;
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a>
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <em class="jxr_javadoccomment"> * Creates a new SuppressionParseException.</em>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParseException.html">SuppressionParseException</a>() {
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">super</strong>();
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> }
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> * Creates a new SuppressionParseException.</em>
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> * @param msg a message for the exception.</em>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParseException.html">SuppressionParseException</a>(String msg) {
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <strong class="jxr_keyword">super</strong>(msg);
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> }
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> * Creates a new SuppressionParseException.</em>
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> * @param ex the cause of the download failure.</em>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParseException.html">SuppressionParseException</a>(Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <strong class="jxr_keyword">super</strong>(ex);
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> }
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment"> * Creates a new SuppressionParseException.</em>
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> * @param msg a message for the exception.</em>
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> * @param ex the cause of the download failure.</em>
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParseException.html">SuppressionParseException</a>(String msg, Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <strong class="jxr_keyword">super</strong>(msg, ex);
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> }
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> }
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParseException.html">SuppressionParseException</a>() {
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">super</strong>();
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> }
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a>
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> * Creates a new SuppressionParseException.</em>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> * @param msg a message for the exception.</em>
|
||||
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParseException.html">SuppressionParseException</a>(String msg) {
|
||||
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <strong class="jxr_keyword">super</strong>(msg);
|
||||
<a class="jxr_linenumber" name="L43" href="#L43">43</a> }
|
||||
<a class="jxr_linenumber" name="L44" href="#L44">44</a>
|
||||
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> * Creates a new SuppressionParseException.</em>
|
||||
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> * @param ex the cause of the parse exception</em>
|
||||
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParseException.html">SuppressionParseException</a>(Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <strong class="jxr_keyword">super</strong>(ex);
|
||||
<a class="jxr_linenumber" name="L52" href="#L52">52</a> }
|
||||
<a class="jxr_linenumber" name="L53" href="#L53">53</a>
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> * Creates a new SuppressionParseException.</em>
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> * @param msg a message for the exception.</em>
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> * @param ex the cause of the parse exception</em>
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/suppression/SuppressionParseException.html">SuppressionParseException</a>(String msg, Throwable ex) {
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <strong class="jxr_keyword">super</strong>(msg, ex);
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> }
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -274,218 +274,222 @@
|
||||
<a class="jxr_linenumber" name="L266" href="#L266">266</a> <strong class="jxr_keyword">return</strong> gav != <strong class="jxr_keyword">null</strong>;
|
||||
<a class="jxr_linenumber" name="L267" href="#L267">267</a> }
|
||||
<a class="jxr_linenumber" name="L268" href="#L268">268</a>
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> base;
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a>
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_javadoccomment"> * Get the value of base</em>
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <em class="jxr_javadoccomment"> * @return the value of base</em>
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> isBase() {
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <strong class="jxr_keyword">return</strong> base;
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> }
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a>
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <em class="jxr_javadoccomment"> * Set the value of base</em>
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a> <em class="jxr_javadoccomment"> * @param base new value of base</em>
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setBase(<strong class="jxr_keyword">boolean</strong> base) {
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <strong class="jxr_keyword">this</strong>.base = base;
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> }
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a>
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <em class="jxr_javadoccomment"> * Processes a given dependency to determine if any CPE, CVE, CWE, or CVSS scores should be suppressed. If any</em>
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <em class="jxr_javadoccomment"> * should be, they are removed from the dependency.</em>
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <em class="jxr_javadoccomment"> * @param dependency a project dependency to analyze</em>
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> process(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <strong class="jxr_keyword">if</strong> (filePath != <strong class="jxr_keyword">null</strong> && !filePath.matches(dependency.getFilePath())) {
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> }
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <strong class="jxr_keyword">if</strong> (sha1 != <strong class="jxr_keyword">null</strong> && !sha1.equalsIgnoreCase(dependency.getSha1sum())) {
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> }
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <strong class="jxr_keyword">if</strong> (gav != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <strong class="jxr_keyword">final</strong> Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <strong class="jxr_keyword">boolean</strong> gavFound = false;
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <strong class="jxr_keyword">if</strong> (identifierMatches(<span class="jxr_string">"maven"</span>, <strong class="jxr_keyword">this</strong>.gav, i)) {
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> gavFound = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> }
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> }
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <strong class="jxr_keyword">if</strong> (!gavFound) {
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> }
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> }
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a>
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.hasCpe()) {
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <strong class="jxr_keyword">final</strong> Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> <strong class="jxr_keyword">for</strong> (PropertyType c : <strong class="jxr_keyword">this</strong>.cpe) {
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <strong class="jxr_keyword">if</strong> (identifierMatches(<span class="jxr_string">"cpe"</span>, c, i)) {
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <strong class="jxr_keyword">if</strong> (!isBase()) {
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> dependency.addSuppressedIdentifier(i);
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> }
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a> }
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a> }
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> }
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a> }
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> <strong class="jxr_keyword">if</strong> (hasCve() || hasCwe() || hasCvssBelow()) {
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> <strong class="jxr_keyword">final</strong> Iterator<Vulnerability> itr = dependency.getVulnerabilities().iterator();
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a> <strong class="jxr_keyword">boolean</strong> remove = false;
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> v = itr.next();
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a> <strong class="jxr_keyword">for</strong> (String entry : <strong class="jxr_keyword">this</strong>.cve) {
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> <strong class="jxr_keyword">if</strong> (entry.equalsIgnoreCase(v.getName())) {
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a> remove = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> }
|
||||
<a class="jxr_linenumber" name="L342" href="#L342">342</a> }
|
||||
<a class="jxr_linenumber" name="L343" href="#L343">343</a> <strong class="jxr_keyword">if</strong> (!remove) {
|
||||
<a class="jxr_linenumber" name="L344" href="#L344">344</a> <strong class="jxr_keyword">for</strong> (String entry : <strong class="jxr_keyword">this</strong>.cwe) {
|
||||
<a class="jxr_linenumber" name="L345" href="#L345">345</a> <strong class="jxr_keyword">if</strong> (v.getCwe() != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L346" href="#L346">346</a> <strong class="jxr_keyword">final</strong> String toMatch = String.format(<span class="jxr_string">"CWE-%s "</span>, entry);
|
||||
<a class="jxr_linenumber" name="L347" href="#L347">347</a> <strong class="jxr_keyword">final</strong> String toTest = v.getCwe().substring(0, toMatch.length()).toUpperCase();
|
||||
<a class="jxr_linenumber" name="L348" href="#L348">348</a> <strong class="jxr_keyword">if</strong> (toTest.equals(toMatch)) {
|
||||
<a class="jxr_linenumber" name="L349" href="#L349">349</a> remove = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L350" href="#L350">350</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L351" href="#L351">351</a> }
|
||||
<a class="jxr_linenumber" name="L352" href="#L352">352</a> }
|
||||
<a class="jxr_linenumber" name="L353" href="#L353">353</a> }
|
||||
<a class="jxr_linenumber" name="L354" href="#L354">354</a> }
|
||||
<a class="jxr_linenumber" name="L355" href="#L355">355</a> <strong class="jxr_keyword">if</strong> (!remove) {
|
||||
<a class="jxr_linenumber" name="L356" href="#L356">356</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">float</strong> cvss : <strong class="jxr_keyword">this</strong>.cvssBelow) {
|
||||
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <strong class="jxr_keyword">if</strong> (v.getCvssScore() < cvss) {
|
||||
<a class="jxr_linenumber" name="L358" href="#L358">358</a> remove = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L359" href="#L359">359</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L360" href="#L360">360</a> }
|
||||
<a class="jxr_linenumber" name="L361" href="#L361">361</a> }
|
||||
<a class="jxr_linenumber" name="L362" href="#L362">362</a> }
|
||||
<a class="jxr_linenumber" name="L363" href="#L363">363</a> <strong class="jxr_keyword">if</strong> (remove) {
|
||||
<a class="jxr_linenumber" name="L364" href="#L364">364</a> <strong class="jxr_keyword">if</strong> (!isBase()) {
|
||||
<a class="jxr_linenumber" name="L365" href="#L365">365</a> dependency.addSuppressedVulnerability(v);
|
||||
<a class="jxr_linenumber" name="L366" href="#L366">366</a> }
|
||||
<a class="jxr_linenumber" name="L367" href="#L367">367</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L368" href="#L368">368</a> }
|
||||
<a class="jxr_linenumber" name="L369" href="#L369">369</a> }
|
||||
<a class="jxr_linenumber" name="L370" href="#L370">370</a> }
|
||||
<a class="jxr_linenumber" name="L371" href="#L371">371</a> }
|
||||
<a class="jxr_linenumber" name="L372" href="#L372">372</a>
|
||||
<a class="jxr_linenumber" name="L373" href="#L373">373</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L374" href="#L374">374</a> <em class="jxr_javadoccomment"> * Identifies if the cpe specified by the cpe suppression rule does not specify a version.</em>
|
||||
<a class="jxr_linenumber" name="L375" href="#L375">375</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L376" href="#L376">376</a> <em class="jxr_javadoccomment"> * @param c a suppression rule identifier</em>
|
||||
<a class="jxr_linenumber" name="L377" href="#L377">377</a> <em class="jxr_javadoccomment"> * @return true if the property type does not specify a version; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L378" href="#L378">378</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L379" href="#L379">379</a> <strong class="jxr_keyword">boolean</strong> cpeHasNoVersion(<a href="../../../../org/owasp/dependencycheck/suppression/PropertyType.html">PropertyType</a> c) {
|
||||
<a class="jxr_linenumber" name="L380" href="#L380">380</a> <strong class="jxr_keyword">if</strong> (c.isRegex()) {
|
||||
<a class="jxr_linenumber" name="L381" href="#L381">381</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L382" href="#L382">382</a> }
|
||||
<a class="jxr_linenumber" name="L383" href="#L383">383</a> <strong class="jxr_keyword">if</strong> (countCharacter(c.getValue(), ':') == 3) {
|
||||
<a class="jxr_linenumber" name="L384" href="#L384">384</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L385" href="#L385">385</a> }
|
||||
<a class="jxr_linenumber" name="L386" href="#L386">386</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L387" href="#L387">387</a> }
|
||||
<a class="jxr_linenumber" name="L388" href="#L388">388</a>
|
||||
<a class="jxr_linenumber" name="L389" href="#L389">389</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L390" href="#L390">390</a> <em class="jxr_javadoccomment"> * Counts the number of occurrences of the character found within the string.</em>
|
||||
<a class="jxr_linenumber" name="L391" href="#L391">391</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L392" href="#L392">392</a> <em class="jxr_javadoccomment"> * @param str the string to check</em>
|
||||
<a class="jxr_linenumber" name="L393" href="#L393">393</a> <em class="jxr_javadoccomment"> * @param c the character to count</em>
|
||||
<a class="jxr_linenumber" name="L394" href="#L394">394</a> <em class="jxr_javadoccomment"> * @return the number of times the character is found in the string</em>
|
||||
<a class="jxr_linenumber" name="L395" href="#L395">395</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L396" href="#L396">396</a> <strong class="jxr_keyword">int</strong> countCharacter(String str, <strong class="jxr_keyword">char</strong> c) {
|
||||
<a class="jxr_linenumber" name="L397" href="#L397">397</a> <strong class="jxr_keyword">int</strong> count = 0;
|
||||
<a class="jxr_linenumber" name="L398" href="#L398">398</a> <strong class="jxr_keyword">int</strong> pos = str.indexOf(c) + 1;
|
||||
<a class="jxr_linenumber" name="L399" href="#L399">399</a> <strong class="jxr_keyword">while</strong> (pos > 0) {
|
||||
<a class="jxr_linenumber" name="L400" href="#L400">400</a> count += 1;
|
||||
<a class="jxr_linenumber" name="L401" href="#L401">401</a> pos = str.indexOf(c, pos) + 1;
|
||||
<a class="jxr_linenumber" name="L402" href="#L402">402</a> }
|
||||
<a class="jxr_linenumber" name="L403" href="#L403">403</a> <strong class="jxr_keyword">return</strong> count;
|
||||
<a class="jxr_linenumber" name="L404" href="#L404">404</a> }
|
||||
<a class="jxr_linenumber" name="L405" href="#L405">405</a>
|
||||
<a class="jxr_linenumber" name="L406" href="#L406">406</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L407" href="#L407">407</a> <em class="jxr_javadoccomment"> * Determines if the cpeEntry specified as a PropertyType matches the given Identifier.</em>
|
||||
<a class="jxr_linenumber" name="L408" href="#L408">408</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L409" href="#L409">409</a> <em class="jxr_javadoccomment"> * @param identifierType the type of identifier ("cpe", "maven", etc.)</em>
|
||||
<a class="jxr_linenumber" name="L410" href="#L410">410</a> <em class="jxr_javadoccomment"> * @param suppressionEntry a suppression rule entry</em>
|
||||
<a class="jxr_linenumber" name="L411" href="#L411">411</a> <em class="jxr_javadoccomment"> * @param identifier a CPE identifier to check</em>
|
||||
<a class="jxr_linenumber" name="L412" href="#L412">412</a> <em class="jxr_javadoccomment"> * @return true if the entry matches; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L413" href="#L413">413</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L414" href="#L414">414</a> <strong class="jxr_keyword">boolean</strong> identifierMatches(String identifierType, <a href="../../../../org/owasp/dependencycheck/suppression/PropertyType.html">PropertyType</a> suppressionEntry, <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> identifier) {
|
||||
<a class="jxr_linenumber" name="L415" href="#L415">415</a> <strong class="jxr_keyword">if</strong> (identifierType.equals(identifier.getType())) {
|
||||
<a class="jxr_linenumber" name="L416" href="#L416">416</a> <strong class="jxr_keyword">if</strong> (suppressionEntry.matches(identifier.getValue())) {
|
||||
<a class="jxr_linenumber" name="L417" href="#L417">417</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L418" href="#L418">418</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(identifierType) && cpeHasNoVersion(suppressionEntry)) {
|
||||
<a class="jxr_linenumber" name="L419" href="#L419">419</a> <strong class="jxr_keyword">if</strong> (suppressionEntry.isCaseSensitive()) {
|
||||
<a class="jxr_linenumber" name="L420" href="#L420">420</a> <strong class="jxr_keyword">return</strong> identifier.getValue().startsWith(suppressionEntry.getValue());
|
||||
<a class="jxr_linenumber" name="L421" href="#L421">421</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L422" href="#L422">422</a> <strong class="jxr_keyword">final</strong> String id = identifier.getValue().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L423" href="#L423">423</a> <strong class="jxr_keyword">final</strong> String check = suppressionEntry.getValue().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L424" href="#L424">424</a> <strong class="jxr_keyword">return</strong> id.startsWith(check);
|
||||
<a class="jxr_linenumber" name="L425" href="#L425">425</a> }
|
||||
<a class="jxr_linenumber" name="L426" href="#L426">426</a> }
|
||||
<a class="jxr_linenumber" name="L427" href="#L427">427</a> }
|
||||
<a class="jxr_linenumber" name="L428" href="#L428">428</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L429" href="#L429">429</a> }
|
||||
<a class="jxr_linenumber" name="L430" href="#L430">430</a>
|
||||
<a class="jxr_linenumber" name="L431" href="#L431">431</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L432" href="#L432">432</a> <em class="jxr_javadoccomment"> * Standard toString implementation.</em>
|
||||
<a class="jxr_linenumber" name="L433" href="#L433">433</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L434" href="#L434">434</a> <em class="jxr_javadoccomment"> * @return a string representation of this object</em>
|
||||
<a class="jxr_linenumber" name="L435" href="#L435">435</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L436" href="#L436">436</a> @Override
|
||||
<a class="jxr_linenumber" name="L437" href="#L437">437</a> <strong class="jxr_keyword">public</strong> String toString() {
|
||||
<a class="jxr_linenumber" name="L438" href="#L438">438</a> <strong class="jxr_keyword">final</strong> StringBuilder sb = <strong class="jxr_keyword">new</strong> StringBuilder();
|
||||
<a class="jxr_linenumber" name="L439" href="#L439">439</a> sb.append(<span class="jxr_string">"SuppressionRule{"</span>);
|
||||
<a class="jxr_linenumber" name="L440" href="#L440">440</a> <strong class="jxr_keyword">if</strong> (filePath != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L441" href="#L441">441</a> sb.append(<span class="jxr_string">"filePath="</span>).append(filePath).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L442" href="#L442">442</a> }
|
||||
<a class="jxr_linenumber" name="L443" href="#L443">443</a> <strong class="jxr_keyword">if</strong> (sha1 != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L444" href="#L444">444</a> sb.append(<span class="jxr_string">"sha1="</span>).append(sha1).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L445" href="#L445">445</a> }
|
||||
<a class="jxr_linenumber" name="L446" href="#L446">446</a> <strong class="jxr_keyword">if</strong> (gav != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L447" href="#L447">447</a> sb.append(<span class="jxr_string">"gav="</span>).append(gav).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L448" href="#L448">448</a> }
|
||||
<a class="jxr_linenumber" name="L449" href="#L449">449</a> <strong class="jxr_keyword">if</strong> (cpe != <strong class="jxr_keyword">null</strong> && cpe.size() > 0) {
|
||||
<a class="jxr_linenumber" name="L450" href="#L450">450</a> sb.append(<span class="jxr_string">"cpe={"</span>);
|
||||
<a class="jxr_linenumber" name="L451" href="#L451">451</a> <strong class="jxr_keyword">for</strong> (PropertyType pt : cpe) {
|
||||
<a class="jxr_linenumber" name="L452" href="#L452">452</a> sb.append(pt).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L453" href="#L453">453</a> }
|
||||
<a class="jxr_linenumber" name="L454" href="#L454">454</a> sb.append(<span class="jxr_string">"}"</span>);
|
||||
<a class="jxr_linenumber" name="L455" href="#L455">455</a> }
|
||||
<a class="jxr_linenumber" name="L456" href="#L456">456</a> <strong class="jxr_keyword">if</strong> (cwe != <strong class="jxr_keyword">null</strong> && cwe.size() > 0) {
|
||||
<a class="jxr_linenumber" name="L457" href="#L457">457</a> sb.append(<span class="jxr_string">"cwe={"</span>);
|
||||
<a class="jxr_linenumber" name="L458" href="#L458">458</a> <strong class="jxr_keyword">for</strong> (String s : cwe) {
|
||||
<a class="jxr_linenumber" name="L459" href="#L459">459</a> sb.append(s).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L460" href="#L460">460</a> }
|
||||
<a class="jxr_linenumber" name="L461" href="#L461">461</a> sb.append(<span class="jxr_string">"}"</span>);
|
||||
<a class="jxr_linenumber" name="L462" href="#L462">462</a> }
|
||||
<a class="jxr_linenumber" name="L463" href="#L463">463</a> <strong class="jxr_keyword">if</strong> (cve != <strong class="jxr_keyword">null</strong> && cve.size() > 0) {
|
||||
<a class="jxr_linenumber" name="L464" href="#L464">464</a> sb.append(<span class="jxr_string">"cve={"</span>);
|
||||
<a class="jxr_linenumber" name="L465" href="#L465">465</a> <strong class="jxr_keyword">for</strong> (String s : cve) {
|
||||
<a class="jxr_linenumber" name="L466" href="#L466">466</a> sb.append(s).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L467" href="#L467">467</a> }
|
||||
<a class="jxr_linenumber" name="L468" href="#L468">468</a> sb.append(<span class="jxr_string">"}"</span>);
|
||||
<a class="jxr_linenumber" name="L469" href="#L469">469</a> }
|
||||
<a class="jxr_linenumber" name="L470" href="#L470">470</a> <strong class="jxr_keyword">if</strong> (cvssBelow != <strong class="jxr_keyword">null</strong> && cvssBelow.size() > 0) {
|
||||
<a class="jxr_linenumber" name="L471" href="#L471">471</a> sb.append(<span class="jxr_string">"cvssBelow={"</span>);
|
||||
<a class="jxr_linenumber" name="L472" href="#L472">472</a> <strong class="jxr_keyword">for</strong> (Float s : cvssBelow) {
|
||||
<a class="jxr_linenumber" name="L473" href="#L473">473</a> sb.append(s).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L474" href="#L474">474</a> }
|
||||
<a class="jxr_linenumber" name="L475" href="#L475">475</a> sb.append(<span class="jxr_string">"}"</span>);
|
||||
<a class="jxr_linenumber" name="L476" href="#L476">476</a> }
|
||||
<a class="jxr_linenumber" name="L477" href="#L477">477</a> sb.append(<span class="jxr_string">"}"</span>);
|
||||
<a class="jxr_linenumber" name="L478" href="#L478">478</a> <strong class="jxr_keyword">return</strong> sb.toString();
|
||||
<a class="jxr_linenumber" name="L479" href="#L479">479</a> }
|
||||
<a class="jxr_linenumber" name="L480" href="#L480">480</a> }
|
||||
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <em class="jxr_javadoccomment"> * A flag indicating whether or not the suppression rule is a core/base rule that should not be included in the</em>
|
||||
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <em class="jxr_javadoccomment"> * resulting report in the "suppressed" section.</em>
|
||||
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> base;
|
||||
<a class="jxr_linenumber" name="L274" href="#L274">274</a>
|
||||
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <em class="jxr_javadoccomment"> * Get the value of base.</em>
|
||||
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <em class="jxr_javadoccomment"> * @return the value of base</em>
|
||||
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> isBase() {
|
||||
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <strong class="jxr_keyword">return</strong> base;
|
||||
<a class="jxr_linenumber" name="L282" href="#L282">282</a> }
|
||||
<a class="jxr_linenumber" name="L283" href="#L283">283</a>
|
||||
<a class="jxr_linenumber" name="L284" href="#L284">284</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L285" href="#L285">285</a> <em class="jxr_javadoccomment"> * Set the value of base.</em>
|
||||
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <em class="jxr_javadoccomment"> * @param base new value of base</em>
|
||||
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setBase(<strong class="jxr_keyword">boolean</strong> base) {
|
||||
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <strong class="jxr_keyword">this</strong>.base = base;
|
||||
<a class="jxr_linenumber" name="L291" href="#L291">291</a> }
|
||||
<a class="jxr_linenumber" name="L292" href="#L292">292</a>
|
||||
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <em class="jxr_javadoccomment"> * Processes a given dependency to determine if any CPE, CVE, CWE, or CVSS scores should be suppressed. If any</em>
|
||||
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <em class="jxr_javadoccomment"> * should be, they are removed from the dependency.</em>
|
||||
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_javadoccomment"> * @param dependency a project dependency to analyze</em>
|
||||
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> process(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
|
||||
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <strong class="jxr_keyword">if</strong> (filePath != <strong class="jxr_keyword">null</strong> && !filePath.matches(dependency.getFilePath())) {
|
||||
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L302" href="#L302">302</a> }
|
||||
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <strong class="jxr_keyword">if</strong> (sha1 != <strong class="jxr_keyword">null</strong> && !sha1.equalsIgnoreCase(dependency.getSha1sum())) {
|
||||
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L305" href="#L305">305</a> }
|
||||
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <strong class="jxr_keyword">if</strong> (gav != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <strong class="jxr_keyword">final</strong> Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
|
||||
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <strong class="jxr_keyword">boolean</strong> gavFound = false;
|
||||
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L310" href="#L310">310</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L311" href="#L311">311</a> <strong class="jxr_keyword">if</strong> (identifierMatches(<span class="jxr_string">"maven"</span>, <strong class="jxr_keyword">this</strong>.gav, i)) {
|
||||
<a class="jxr_linenumber" name="L312" href="#L312">312</a> gavFound = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L314" href="#L314">314</a> }
|
||||
<a class="jxr_linenumber" name="L315" href="#L315">315</a> }
|
||||
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <strong class="jxr_keyword">if</strong> (!gavFound) {
|
||||
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <strong class="jxr_keyword">return</strong>;
|
||||
<a class="jxr_linenumber" name="L318" href="#L318">318</a> }
|
||||
<a class="jxr_linenumber" name="L319" href="#L319">319</a> }
|
||||
<a class="jxr_linenumber" name="L320" href="#L320">320</a>
|
||||
<a class="jxr_linenumber" name="L321" href="#L321">321</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.hasCpe()) {
|
||||
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <strong class="jxr_keyword">final</strong> Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
|
||||
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L324" href="#L324">324</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> i = itr.next();
|
||||
<a class="jxr_linenumber" name="L325" href="#L325">325</a> <strong class="jxr_keyword">for</strong> (PropertyType c : <strong class="jxr_keyword">this</strong>.cpe) {
|
||||
<a class="jxr_linenumber" name="L326" href="#L326">326</a> <strong class="jxr_keyword">if</strong> (identifierMatches(<span class="jxr_string">"cpe"</span>, c, i)) {
|
||||
<a class="jxr_linenumber" name="L327" href="#L327">327</a> <strong class="jxr_keyword">if</strong> (!isBase()) {
|
||||
<a class="jxr_linenumber" name="L328" href="#L328">328</a> dependency.addSuppressedIdentifier(i);
|
||||
<a class="jxr_linenumber" name="L329" href="#L329">329</a> }
|
||||
<a class="jxr_linenumber" name="L330" href="#L330">330</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L331" href="#L331">331</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L332" href="#L332">332</a> }
|
||||
<a class="jxr_linenumber" name="L333" href="#L333">333</a> }
|
||||
<a class="jxr_linenumber" name="L334" href="#L334">334</a> }
|
||||
<a class="jxr_linenumber" name="L335" href="#L335">335</a> }
|
||||
<a class="jxr_linenumber" name="L336" href="#L336">336</a> <strong class="jxr_keyword">if</strong> (hasCve() || hasCwe() || hasCvssBelow()) {
|
||||
<a class="jxr_linenumber" name="L337" href="#L337">337</a> <strong class="jxr_keyword">final</strong> Iterator<Vulnerability> itr = dependency.getVulnerabilities().iterator();
|
||||
<a class="jxr_linenumber" name="L338" href="#L338">338</a> <strong class="jxr_keyword">while</strong> (itr.hasNext()) {
|
||||
<a class="jxr_linenumber" name="L339" href="#L339">339</a> <strong class="jxr_keyword">boolean</strong> remove = false;
|
||||
<a class="jxr_linenumber" name="L340" href="#L340">340</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Vulnerability.html">Vulnerability</a> v = itr.next();
|
||||
<a class="jxr_linenumber" name="L341" href="#L341">341</a> <strong class="jxr_keyword">for</strong> (String entry : <strong class="jxr_keyword">this</strong>.cve) {
|
||||
<a class="jxr_linenumber" name="L342" href="#L342">342</a> <strong class="jxr_keyword">if</strong> (entry.equalsIgnoreCase(v.getName())) {
|
||||
<a class="jxr_linenumber" name="L343" href="#L343">343</a> remove = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L344" href="#L344">344</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L345" href="#L345">345</a> }
|
||||
<a class="jxr_linenumber" name="L346" href="#L346">346</a> }
|
||||
<a class="jxr_linenumber" name="L347" href="#L347">347</a> <strong class="jxr_keyword">if</strong> (!remove) {
|
||||
<a class="jxr_linenumber" name="L348" href="#L348">348</a> <strong class="jxr_keyword">for</strong> (String entry : <strong class="jxr_keyword">this</strong>.cwe) {
|
||||
<a class="jxr_linenumber" name="L349" href="#L349">349</a> <strong class="jxr_keyword">if</strong> (v.getCwe() != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L350" href="#L350">350</a> <strong class="jxr_keyword">final</strong> String toMatch = String.format(<span class="jxr_string">"CWE-%s "</span>, entry);
|
||||
<a class="jxr_linenumber" name="L351" href="#L351">351</a> <strong class="jxr_keyword">final</strong> String toTest = v.getCwe().substring(0, toMatch.length()).toUpperCase();
|
||||
<a class="jxr_linenumber" name="L352" href="#L352">352</a> <strong class="jxr_keyword">if</strong> (toTest.equals(toMatch)) {
|
||||
<a class="jxr_linenumber" name="L353" href="#L353">353</a> remove = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L355" href="#L355">355</a> }
|
||||
<a class="jxr_linenumber" name="L356" href="#L356">356</a> }
|
||||
<a class="jxr_linenumber" name="L357" href="#L357">357</a> }
|
||||
<a class="jxr_linenumber" name="L358" href="#L358">358</a> }
|
||||
<a class="jxr_linenumber" name="L359" href="#L359">359</a> <strong class="jxr_keyword">if</strong> (!remove) {
|
||||
<a class="jxr_linenumber" name="L360" href="#L360">360</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">float</strong> cvss : <strong class="jxr_keyword">this</strong>.cvssBelow) {
|
||||
<a class="jxr_linenumber" name="L361" href="#L361">361</a> <strong class="jxr_keyword">if</strong> (v.getCvssScore() < cvss) {
|
||||
<a class="jxr_linenumber" name="L362" href="#L362">362</a> remove = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L363" href="#L363">363</a> <strong class="jxr_keyword">break</strong>;
|
||||
<a class="jxr_linenumber" name="L364" href="#L364">364</a> }
|
||||
<a class="jxr_linenumber" name="L365" href="#L365">365</a> }
|
||||
<a class="jxr_linenumber" name="L366" href="#L366">366</a> }
|
||||
<a class="jxr_linenumber" name="L367" href="#L367">367</a> <strong class="jxr_keyword">if</strong> (remove) {
|
||||
<a class="jxr_linenumber" name="L368" href="#L368">368</a> <strong class="jxr_keyword">if</strong> (!isBase()) {
|
||||
<a class="jxr_linenumber" name="L369" href="#L369">369</a> dependency.addSuppressedVulnerability(v);
|
||||
<a class="jxr_linenumber" name="L370" href="#L370">370</a> }
|
||||
<a class="jxr_linenumber" name="L371" href="#L371">371</a> itr.remove();
|
||||
<a class="jxr_linenumber" name="L372" href="#L372">372</a> }
|
||||
<a class="jxr_linenumber" name="L373" href="#L373">373</a> }
|
||||
<a class="jxr_linenumber" name="L374" href="#L374">374</a> }
|
||||
<a class="jxr_linenumber" name="L375" href="#L375">375</a> }
|
||||
<a class="jxr_linenumber" name="L376" href="#L376">376</a>
|
||||
<a class="jxr_linenumber" name="L377" href="#L377">377</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L378" href="#L378">378</a> <em class="jxr_javadoccomment"> * Identifies if the cpe specified by the cpe suppression rule does not specify a version.</em>
|
||||
<a class="jxr_linenumber" name="L379" href="#L379">379</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L380" href="#L380">380</a> <em class="jxr_javadoccomment"> * @param c a suppression rule identifier</em>
|
||||
<a class="jxr_linenumber" name="L381" href="#L381">381</a> <em class="jxr_javadoccomment"> * @return true if the property type does not specify a version; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L382" href="#L382">382</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L383" href="#L383">383</a> <strong class="jxr_keyword">boolean</strong> cpeHasNoVersion(<a href="../../../../org/owasp/dependencycheck/suppression/PropertyType.html">PropertyType</a> c) {
|
||||
<a class="jxr_linenumber" name="L384" href="#L384">384</a> <strong class="jxr_keyword">if</strong> (c.isRegex()) {
|
||||
<a class="jxr_linenumber" name="L385" href="#L385">385</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L386" href="#L386">386</a> }
|
||||
<a class="jxr_linenumber" name="L387" href="#L387">387</a> <strong class="jxr_keyword">if</strong> (countCharacter(c.getValue(), ':') == 3) {
|
||||
<a class="jxr_linenumber" name="L388" href="#L388">388</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L389" href="#L389">389</a> }
|
||||
<a class="jxr_linenumber" name="L390" href="#L390">390</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L391" href="#L391">391</a> }
|
||||
<a class="jxr_linenumber" name="L392" href="#L392">392</a>
|
||||
<a class="jxr_linenumber" name="L393" href="#L393">393</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L394" href="#L394">394</a> <em class="jxr_javadoccomment"> * Counts the number of occurrences of the character found within the string.</em>
|
||||
<a class="jxr_linenumber" name="L395" href="#L395">395</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L396" href="#L396">396</a> <em class="jxr_javadoccomment"> * @param str the string to check</em>
|
||||
<a class="jxr_linenumber" name="L397" href="#L397">397</a> <em class="jxr_javadoccomment"> * @param c the character to count</em>
|
||||
<a class="jxr_linenumber" name="L398" href="#L398">398</a> <em class="jxr_javadoccomment"> * @return the number of times the character is found in the string</em>
|
||||
<a class="jxr_linenumber" name="L399" href="#L399">399</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L400" href="#L400">400</a> <strong class="jxr_keyword">int</strong> countCharacter(String str, <strong class="jxr_keyword">char</strong> c) {
|
||||
<a class="jxr_linenumber" name="L401" href="#L401">401</a> <strong class="jxr_keyword">int</strong> count = 0;
|
||||
<a class="jxr_linenumber" name="L402" href="#L402">402</a> <strong class="jxr_keyword">int</strong> pos = str.indexOf(c) + 1;
|
||||
<a class="jxr_linenumber" name="L403" href="#L403">403</a> <strong class="jxr_keyword">while</strong> (pos > 0) {
|
||||
<a class="jxr_linenumber" name="L404" href="#L404">404</a> count += 1;
|
||||
<a class="jxr_linenumber" name="L405" href="#L405">405</a> pos = str.indexOf(c, pos) + 1;
|
||||
<a class="jxr_linenumber" name="L406" href="#L406">406</a> }
|
||||
<a class="jxr_linenumber" name="L407" href="#L407">407</a> <strong class="jxr_keyword">return</strong> count;
|
||||
<a class="jxr_linenumber" name="L408" href="#L408">408</a> }
|
||||
<a class="jxr_linenumber" name="L409" href="#L409">409</a>
|
||||
<a class="jxr_linenumber" name="L410" href="#L410">410</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L411" href="#L411">411</a> <em class="jxr_javadoccomment"> * Determines if the cpeEntry specified as a PropertyType matches the given Identifier.</em>
|
||||
<a class="jxr_linenumber" name="L412" href="#L412">412</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L413" href="#L413">413</a> <em class="jxr_javadoccomment"> * @param identifierType the type of identifier ("cpe", "maven", etc.)</em>
|
||||
<a class="jxr_linenumber" name="L414" href="#L414">414</a> <em class="jxr_javadoccomment"> * @param suppressionEntry a suppression rule entry</em>
|
||||
<a class="jxr_linenumber" name="L415" href="#L415">415</a> <em class="jxr_javadoccomment"> * @param identifier a CPE identifier to check</em>
|
||||
<a class="jxr_linenumber" name="L416" href="#L416">416</a> <em class="jxr_javadoccomment"> * @return true if the entry matches; otherwise false</em>
|
||||
<a class="jxr_linenumber" name="L417" href="#L417">417</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L418" href="#L418">418</a> <strong class="jxr_keyword">boolean</strong> identifierMatches(String identifierType, <a href="../../../../org/owasp/dependencycheck/suppression/PropertyType.html">PropertyType</a> suppressionEntry, <a href="../../../../org/owasp/dependencycheck/dependency/Identifier.html">Identifier</a> identifier) {
|
||||
<a class="jxr_linenumber" name="L419" href="#L419">419</a> <strong class="jxr_keyword">if</strong> (identifierType.equals(identifier.getType())) {
|
||||
<a class="jxr_linenumber" name="L420" href="#L420">420</a> <strong class="jxr_keyword">if</strong> (suppressionEntry.matches(identifier.getValue())) {
|
||||
<a class="jxr_linenumber" name="L421" href="#L421">421</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L422" href="#L422">422</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(identifierType) && cpeHasNoVersion(suppressionEntry)) {
|
||||
<a class="jxr_linenumber" name="L423" href="#L423">423</a> <strong class="jxr_keyword">if</strong> (suppressionEntry.isCaseSensitive()) {
|
||||
<a class="jxr_linenumber" name="L424" href="#L424">424</a> <strong class="jxr_keyword">return</strong> identifier.getValue().startsWith(suppressionEntry.getValue());
|
||||
<a class="jxr_linenumber" name="L425" href="#L425">425</a> } <strong class="jxr_keyword">else</strong> {
|
||||
<a class="jxr_linenumber" name="L426" href="#L426">426</a> <strong class="jxr_keyword">final</strong> String id = identifier.getValue().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L427" href="#L427">427</a> <strong class="jxr_keyword">final</strong> String check = suppressionEntry.getValue().toLowerCase();
|
||||
<a class="jxr_linenumber" name="L428" href="#L428">428</a> <strong class="jxr_keyword">return</strong> id.startsWith(check);
|
||||
<a class="jxr_linenumber" name="L429" href="#L429">429</a> }
|
||||
<a class="jxr_linenumber" name="L430" href="#L430">430</a> }
|
||||
<a class="jxr_linenumber" name="L431" href="#L431">431</a> }
|
||||
<a class="jxr_linenumber" name="L432" href="#L432">432</a> <strong class="jxr_keyword">return</strong> false;
|
||||
<a class="jxr_linenumber" name="L433" href="#L433">433</a> }
|
||||
<a class="jxr_linenumber" name="L434" href="#L434">434</a>
|
||||
<a class="jxr_linenumber" name="L435" href="#L435">435</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L436" href="#L436">436</a> <em class="jxr_javadoccomment"> * Standard toString implementation.</em>
|
||||
<a class="jxr_linenumber" name="L437" href="#L437">437</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L438" href="#L438">438</a> <em class="jxr_javadoccomment"> * @return a string representation of this object</em>
|
||||
<a class="jxr_linenumber" name="L439" href="#L439">439</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L440" href="#L440">440</a> @Override
|
||||
<a class="jxr_linenumber" name="L441" href="#L441">441</a> <strong class="jxr_keyword">public</strong> String toString() {
|
||||
<a class="jxr_linenumber" name="L442" href="#L442">442</a> <strong class="jxr_keyword">final</strong> StringBuilder sb = <strong class="jxr_keyword">new</strong> StringBuilder();
|
||||
<a class="jxr_linenumber" name="L443" href="#L443">443</a> sb.append(<span class="jxr_string">"SuppressionRule{"</span>);
|
||||
<a class="jxr_linenumber" name="L444" href="#L444">444</a> <strong class="jxr_keyword">if</strong> (filePath != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L445" href="#L445">445</a> sb.append(<span class="jxr_string">"filePath="</span>).append(filePath).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L446" href="#L446">446</a> }
|
||||
<a class="jxr_linenumber" name="L447" href="#L447">447</a> <strong class="jxr_keyword">if</strong> (sha1 != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L448" href="#L448">448</a> sb.append(<span class="jxr_string">"sha1="</span>).append(sha1).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L449" href="#L449">449</a> }
|
||||
<a class="jxr_linenumber" name="L450" href="#L450">450</a> <strong class="jxr_keyword">if</strong> (gav != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L451" href="#L451">451</a> sb.append(<span class="jxr_string">"gav="</span>).append(gav).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L452" href="#L452">452</a> }
|
||||
<a class="jxr_linenumber" name="L453" href="#L453">453</a> <strong class="jxr_keyword">if</strong> (cpe != <strong class="jxr_keyword">null</strong> && cpe.size() > 0) {
|
||||
<a class="jxr_linenumber" name="L454" href="#L454">454</a> sb.append(<span class="jxr_string">"cpe={"</span>);
|
||||
<a class="jxr_linenumber" name="L455" href="#L455">455</a> <strong class="jxr_keyword">for</strong> (PropertyType pt : cpe) {
|
||||
<a class="jxr_linenumber" name="L456" href="#L456">456</a> sb.append(pt).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L457" href="#L457">457</a> }
|
||||
<a class="jxr_linenumber" name="L458" href="#L458">458</a> sb.append(<span class="jxr_string">"}"</span>);
|
||||
<a class="jxr_linenumber" name="L459" href="#L459">459</a> }
|
||||
<a class="jxr_linenumber" name="L460" href="#L460">460</a> <strong class="jxr_keyword">if</strong> (cwe != <strong class="jxr_keyword">null</strong> && cwe.size() > 0) {
|
||||
<a class="jxr_linenumber" name="L461" href="#L461">461</a> sb.append(<span class="jxr_string">"cwe={"</span>);
|
||||
<a class="jxr_linenumber" name="L462" href="#L462">462</a> <strong class="jxr_keyword">for</strong> (String s : cwe) {
|
||||
<a class="jxr_linenumber" name="L463" href="#L463">463</a> sb.append(s).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L464" href="#L464">464</a> }
|
||||
<a class="jxr_linenumber" name="L465" href="#L465">465</a> sb.append(<span class="jxr_string">"}"</span>);
|
||||
<a class="jxr_linenumber" name="L466" href="#L466">466</a> }
|
||||
<a class="jxr_linenumber" name="L467" href="#L467">467</a> <strong class="jxr_keyword">if</strong> (cve != <strong class="jxr_keyword">null</strong> && cve.size() > 0) {
|
||||
<a class="jxr_linenumber" name="L468" href="#L468">468</a> sb.append(<span class="jxr_string">"cve={"</span>);
|
||||
<a class="jxr_linenumber" name="L469" href="#L469">469</a> <strong class="jxr_keyword">for</strong> (String s : cve) {
|
||||
<a class="jxr_linenumber" name="L470" href="#L470">470</a> sb.append(s).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L471" href="#L471">471</a> }
|
||||
<a class="jxr_linenumber" name="L472" href="#L472">472</a> sb.append(<span class="jxr_string">"}"</span>);
|
||||
<a class="jxr_linenumber" name="L473" href="#L473">473</a> }
|
||||
<a class="jxr_linenumber" name="L474" href="#L474">474</a> <strong class="jxr_keyword">if</strong> (cvssBelow != <strong class="jxr_keyword">null</strong> && cvssBelow.size() > 0) {
|
||||
<a class="jxr_linenumber" name="L475" href="#L475">475</a> sb.append(<span class="jxr_string">"cvssBelow={"</span>);
|
||||
<a class="jxr_linenumber" name="L476" href="#L476">476</a> <strong class="jxr_keyword">for</strong> (Float s : cvssBelow) {
|
||||
<a class="jxr_linenumber" name="L477" href="#L477">477</a> sb.append(s).append(<span class="jxr_string">","</span>);
|
||||
<a class="jxr_linenumber" name="L478" href="#L478">478</a> }
|
||||
<a class="jxr_linenumber" name="L479" href="#L479">479</a> sb.append(<span class="jxr_string">"}"</span>);
|
||||
<a class="jxr_linenumber" name="L480" href="#L480">480</a> }
|
||||
<a class="jxr_linenumber" name="L481" href="#L481">481</a> sb.append(<span class="jxr_string">"}"</span>);
|
||||
<a class="jxr_linenumber" name="L482" href="#L482">482</a> <strong class="jxr_keyword">return</strong> sb.toString();
|
||||
<a class="jxr_linenumber" name="L483" href="#L483">483</a> }
|
||||
<a class="jxr_linenumber" name="L484" href="#L484">484</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.suppression</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.suppression</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.suppression</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.suppression</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -62,46 +62,48 @@
|
||||
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">int</strong> id = 0;
|
||||
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L56" href="#L56">56</a> rs = statement.getGeneratedKeys();
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> rs.next();
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> id = rs.getInt(1);
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> } <strong class="jxr_keyword">catch</strong> (SQLException ex) {
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/nvdcve/DatabaseException.html">DatabaseException</a>(<span class="jxr_string">"Unable to get primary key for inserted row"</span>);
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> closeResultSet(rs);
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> }
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">return</strong> id;
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> }
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a>
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> * Closes the given statement object ignoring any exceptions that occur.</em>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> * @param statement a Statement object</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> closeStatement(Statement statement) {
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <strong class="jxr_keyword">if</strong> (statement != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> statement.close();
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> } <strong class="jxr_keyword">catch</strong> (SQLException ex) {
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> LOGGER.log(Level.FINEST, statement.toString(), ex);
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> }
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> }
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> }
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a>
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> * Closes the result set capturing and ignoring any SQLExceptions that occur.</em>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> * @param rs a ResultSet to close</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> closeResultSet(ResultSet rs) {
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">if</strong> (rs != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> rs.close();
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> } <strong class="jxr_keyword">catch</strong> (SQLException ex) {
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> LOGGER.log(Level.FINEST, rs.toString(), ex);
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> }
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> }
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> }
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> }
|
||||
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">if</strong> (!rs.next()) {
|
||||
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/nvdcve/DatabaseException.html">DatabaseException</a>(<span class="jxr_string">"Unable to get primary key for inserted row"</span>);
|
||||
<a class="jxr_linenumber" name="L59" href="#L59">59</a> }
|
||||
<a class="jxr_linenumber" name="L60" href="#L60">60</a> id = rs.getInt(1);
|
||||
<a class="jxr_linenumber" name="L61" href="#L61">61</a> } <strong class="jxr_keyword">catch</strong> (SQLException ex) {
|
||||
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/nvdcve/DatabaseException.html">DatabaseException</a>(<span class="jxr_string">"Unable to get primary key for inserted row"</span>);
|
||||
<a class="jxr_linenumber" name="L63" href="#L63">63</a> } <strong class="jxr_keyword">finally</strong> {
|
||||
<a class="jxr_linenumber" name="L64" href="#L64">64</a> closeResultSet(rs);
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> }
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <strong class="jxr_keyword">return</strong> id;
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> }
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a>
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> * Closes the given statement object ignoring any exceptions that occur.</em>
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment"> * @param statement a Statement object</em>
|
||||
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> closeStatement(Statement statement) {
|
||||
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <strong class="jxr_keyword">if</strong> (statement != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L77" href="#L77">77</a> statement.close();
|
||||
<a class="jxr_linenumber" name="L78" href="#L78">78</a> } <strong class="jxr_keyword">catch</strong> (SQLException ex) {
|
||||
<a class="jxr_linenumber" name="L79" href="#L79">79</a> LOGGER.log(Level.FINEST, statement.toString(), ex);
|
||||
<a class="jxr_linenumber" name="L80" href="#L80">80</a> }
|
||||
<a class="jxr_linenumber" name="L81" href="#L81">81</a> }
|
||||
<a class="jxr_linenumber" name="L82" href="#L82">82</a> }
|
||||
<a class="jxr_linenumber" name="L83" href="#L83">83</a>
|
||||
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> * Closes the result set capturing and ignoring any SQLExceptions that occur.</em>
|
||||
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> *</em>
|
||||
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> * @param rs a ResultSet to close</em>
|
||||
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> closeResultSet(ResultSet rs) {
|
||||
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <strong class="jxr_keyword">if</strong> (rs != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">try</strong> {
|
||||
<a class="jxr_linenumber" name="L92" href="#L92">92</a> rs.close();
|
||||
<a class="jxr_linenumber" name="L93" href="#L93">93</a> } <strong class="jxr_keyword">catch</strong> (SQLException ex) {
|
||||
<a class="jxr_linenumber" name="L94" href="#L94">94</a> LOGGER.log(Level.FINEST, rs.toString(), ex);
|
||||
<a class="jxr_linenumber" name="L95" href="#L95">95</a> }
|
||||
<a class="jxr_linenumber" name="L96" href="#L96">96</a> }
|
||||
<a class="jxr_linenumber" name="L97" href="#L97">97</a> }
|
||||
<a class="jxr_linenumber" name="L98" href="#L98">98</a> }
|
||||
</pre>
|
||||
<hr/>
|
||||
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
||||
|
||||
@@ -73,7 +73,7 @@
|
||||
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">void</strong> parseVersion(String version) {
|
||||
<a class="jxr_linenumber" name="L66" href="#L66">66</a> versionParts = <strong class="jxr_keyword">new</strong> ArrayList<String>();
|
||||
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <strong class="jxr_keyword">if</strong> (version != <strong class="jxr_keyword">null</strong>) {
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">final</strong> Pattern rx = Pattern.compile(<span class="jxr_string">"(\\d+|[a-z]+\\d+|(release|beta|alpha)$)"</span>);
|
||||
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">final</strong> Pattern rx = Pattern.compile(<span class="jxr_string">"(\\d+[a-z]{1,3}$|[a-z]+\\d+|\\d+|(release|beta|alpha)$)"</span>);
|
||||
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <strong class="jxr_keyword">final</strong> Matcher matcher = rx.matcher(version.toLowerCase());
|
||||
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">while</strong> (matcher.find()) {
|
||||
<a class="jxr_linenumber" name="L71" href="#L71">71</a> versionParts.add(matcher.group());
|
||||
@@ -206,8 +206,8 @@
|
||||
<a class="jxr_linenumber" name="L198" href="#L198">198</a>
|
||||
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <strong class="jxr_keyword">boolean</strong> ret = <strong class="jxr_keyword">true</strong>;
|
||||
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> i = 0; i < max; i++) {
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> String thisVersion = <strong class="jxr_keyword">this</strong>.versionParts.get(i);
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> String otherVersion = version.getVersionParts().get(i);
|
||||
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <strong class="jxr_keyword">final</strong> String thisVersion = <strong class="jxr_keyword">this</strong>.versionParts.get(i);
|
||||
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <strong class="jxr_keyword">final</strong> String otherVersion = version.getVersionParts().get(i);
|
||||
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <strong class="jxr_keyword">if</strong> (i >= 3) {
|
||||
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <strong class="jxr_keyword">if</strong> (thisVersion.compareToIgnoreCase(otherVersion) >= 0) {
|
||||
<a class="jxr_linenumber" name="L205" href="#L205">205</a> ret = false;
|
||||
|
||||
@@ -40,7 +40,7 @@
|
||||
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <em class="jxr_javadoccomment"> * Regular expression to extract version numbers from file names.</em>
|
||||
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <em class="jxr_javadoccomment"> */</em>
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern RX_VERSION = Pattern.compile(<span class="jxr_string">"\\d+(\\.\\d{1,6})+(\\.?([_-](release|beta|alpha)|[a-zA-Z_-]{1,3}\\d{1,8}))?"</span>);
|
||||
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern RX_VERSION = Pattern.compile(<span class="jxr_string">"\\d+(\\.\\d{1,6})+(\\.?([_-](release|beta|alpha|\\d+)|[a-zA-Z_-]{1,3}\\d{0,8}))?"</span>);
|
||||
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment">/**</em>
|
||||
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> * Regular expression to extract a single version number without periods. This is a last ditch effort just to check</em>
|
||||
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> * in case we are missing a version number using the previous regex.</em>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.utils</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.utils</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference Package org.owasp.dependencycheck.utils</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference Package org.owasp.dependencycheck.utils</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference</title>
|
||||
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
@@ -26,6 +26,9 @@
|
||||
</li>
|
||||
<li>
|
||||
<a href="org/owasp/dependencycheck/analyzer/exception/package-frame.html" target="packageFrame">org.owasp.dependencycheck.analyzer.exception</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="org/owasp/dependencycheck/data/central/package-frame.html" target="packageFrame">org.owasp.dependencycheck.data.central</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="org/owasp/dependencycheck/data/cpe/package-frame.html" target="packageFrame">org.owasp.dependencycheck.data.cpe</a>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<html xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
||||
<title>Dependency-Check Core 1.2.5 Reference</title>
|
||||
<title>Dependency-Check Core 1.2.6 Reference</title>
|
||||
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="style" />
|
||||
</head>
|
||||
<body>
|
||||
@@ -24,7 +24,7 @@
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<h2>Dependency-Check Core 1.2.5 Reference</h2>
|
||||
<h2>Dependency-Check Core 1.2.6 Reference</h2>
|
||||
|
||||
<table class="summary">
|
||||
<thead>
|
||||
@@ -52,6 +52,11 @@
|
||||
<td>
|
||||
<a href="org/owasp/dependencycheck/analyzer/exception/package-summary.html">org.owasp.dependencycheck.analyzer.exception</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="org/owasp/dependencycheck/data/central/package-summary.html">org.owasp.dependencycheck.data.central</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
|
||||
Reference in New Issue
Block a user