From ad0b6c28baf2cea622a06a8e4c7d53b78f35381c Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Tue, 7 Jul 2015 16:48:38 -0400 Subject: [PATCH] Added long hexadecimal to version string conversion function, and passing unit test. Former-commit-id: 846e2a3c07016974c396770397304875fd36b7f6 --- .../analyzer/OpenSSLAnalyzer.java | 31 ++++++++++++++----- .../analyzer/OpenSSLAnalyzerTest.java | 24 ++++++++++++++ 2 files changed, 47 insertions(+), 8 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java index d05b57e80..38438aa08 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java @@ -17,28 +17,20 @@ */ package org.owasp.dependencycheck.analyzer; -import org.apache.commons.io.FileUtils; import org.apache.commons.io.filefilter.NameFileFilter; -import org.apache.commons.io.filefilter.SuffixFileFilter; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; -import org.owasp.dependencycheck.dependency.EvidenceCollection; -import org.owasp.dependencycheck.utils.Settings; -import org.owasp.dependencycheck.utils.UrlStringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.File; import java.io.FileFilter; -import java.io.IOException; -import java.net.MalformedURLException; import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Set; -import java.util.regex.Matcher; import java.util.regex.Pattern; /** @@ -71,6 +63,29 @@ public class OpenSSLAnalyzer extends AbstractFileTypeAnalyzer { */ private static final FileFilter OPENSSLV_FILTER = new NameFileFilter("opensslv.h"); + private static final int MAJOR_OFFSET = 28; + private static final long MINOR_MASK = 0x0ff00000L; + private static final int MINOR_OFFSET = 20; + private static final long FIX_MASK = 0x000ff000L; + private static final int FIX_OFFSET = 12; + private static final long PATCH_MASK = 0x00000ff0L; + private static final int PATCH_OFFSET = 4; + private static final int NUM_LETTERS = 26; + private static final int STATUS_MASK = 0x0000000f; + + static String getOpenSSLVersion(long openSSLVersionConstant) { + long major = openSSLVersionConstant >>> MAJOR_OFFSET; + long minor = (openSSLVersionConstant & MINOR_MASK) >>> MINOR_OFFSET; + long fix = (openSSLVersionConstant & FIX_MASK) >>> FIX_OFFSET; + long patchLevel = (openSSLVersionConstant & PATCH_MASK) >>> PATCH_OFFSET; + String patch = 0 == patchLevel || patchLevel > NUM_LETTERS ? "" : + String.valueOf((char) (patchLevel + 'a' - 1)); + int statusCode = (int) (openSSLVersionConstant & STATUS_MASK); + String status = 0xf == statusCode ? "" : + (0 == statusCode ? "-dev" : "-beta" + statusCode); + return String.format("%d.%d.%d%s%s", major, minor, fix, patch, status); + } + /** * Returns the name of the Python Package Analyzer. * diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzerTest.java index 839bbee8a..1464e8658 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzerTest.java @@ -93,4 +93,28 @@ public class OpenSSLAnalyzerTest extends BaseTest { assertTrue("Should support \"h\" extension.", analyzer.supportsExtension("h")); } + + @Test + public void testVersionConstantExamples() { + final long[] constants = {0x1000203fL + , 0x00903000 + , 0x00903001 + , 0x00903002l + , 0x0090300f + , 0x0090301f + , 0x0090400f + , 0x102031af}; + final String[] versions = {"1.0.2c", + "0.9.3-dev", + "0.9.3-beta1", + "0.9.3-beta2", + "0.9.3", + "0.9.3a", + "0.9.4", + "1.2.3z"}; + assertEquals(constants.length, versions.length); + for (int i = 0; i < constants.length; i++) { + assertEquals(versions[i], OpenSSLAnalyzer.getOpenSSLVersion(constants[i])); + } + } }