catch IOExceptions when parsing jar manifest

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java

@@ -223,7 +223,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
      */
     @Override
     public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
-        try {
         final List<ClassNameInformation> classNames = collectClassNames(dependency);
         final String fileName = dependency.getFileName().toLowerCase();
         if (classNames.isEmpty()
@@ -237,9 +236,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
         final boolean hasPOM = analyzePOM(dependency, classNames, engine);
         final boolean addPackagesAsEvidence = !(hasManifest && hasPOM);
         analyzePackageNames(classNames, dependency, addPackagesAsEvidence);
-        } catch (IOException ex) {
-            throw new AnalysisException("Exception occurred reading the JAR file (" + dependency.getFileName() + ").", ex);
-        }
     }
 
     /**
@@ -587,10 +583,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
      * @param dependency A reference to the dependency
      * @param classInformation a collection of class information
      * @return whether evidence was identified parsing the manifest
-     * @throws IOException if there is an issue reading the JAR file
      */
-    protected boolean parseManifest(Dependency dependency, List<ClassNameInformation> classInformation)
+    protected boolean parseManifest(Dependency dependency, List<ClassNameInformation> classInformation) {
-            throws IOException {
         boolean foundSomething = false;
         try (JarFile jar = new JarFile(dependency.getActualFilePath())) {
             final Manifest manifest = jar.getManifest();
@@ -747,6 +741,9 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                 foundSomething = true;
                 versionEvidence.addEvidence(source, "specification-version", specificationVersion, Confidence.HIGH);
             }
+        } catch (IOException ex) {
+            LOGGER.warn("Unable to read JarFile '{}'.", dependency.getActualFilePath());
+            LOGGER.trace("", ex);
         }
         return foundSomething;
     }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java

@@ -17,24 +17,22 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
 import java.io.File;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
 
 import org.junit.Test;
 import org.owasp.dependencycheck.BaseTest;
+import org.owasp.dependencycheck.analyzer.JarAnalyzer.ClassNameInformation;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Evidence;
 import org.owasp.dependencycheck.utils.Settings;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
 /**
  * @author Jeremy Long
  */
@@ -176,4 +174,11 @@ public class JarAnalyzerTest extends BaseTest {
         List<String> results = instance.getPackageStructure();
         assertEquals(expected, results);
     }
+
+    @Test
+    public void testParseManifest_CatchesIOException() {
+        Dependency dependency = new Dependency();
+        dependency.setActualFilePath("doesNotExist");
+        assertFalse(new JarAnalyzer().parseManifest(dependency, new ArrayList<ClassNameInformation>()));
+    }
 }