github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

cleanup & Rakefile support placeholder

Browse Source
This commit is contained in:
bjiang
2016-05-06 17:25:08 -04:00
parent 06dad8f79c
commit b0f4ab9ba5
2 changed files with 16 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java
View File

@@ -57,11 +57,13 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
private static final FileFilter FILTER
= FileFilterBuilder.newInstance().addExtensions(GEMSPEC).build();
//TODO: support Rakefile
//= FileFilterBuilder.newInstance().addExtensions(GEMSPEC).addFilenames("Rakefile").build();
private static final String VERSION_FILE_NAME = "VERSION";
/**
* @return a filter that accepts files named Rakefile or matching the glob pattern, *.gemspec
* @return a filter that accepts files matching the glob pattern, *.gemspec
*/
@Override
protected FileFilter getFileFilter() {
@@ -133,11 +135,7 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
addStringEvidence(product, contents, blockVariable, "summary", "summary", Confidence.LOW);
addStringEvidence(vendor, contents, blockVariable, "author", "authors?", Confidence.HIGHEST);
// addListEvidence(vendor, contents, blockVariable, "authors", Confidence.HIGHEST);
addStringEvidence(vendor, contents, blockVariable, "email", "emails?", Confidence.MEDIUM);
// if (email.isEmpty()) {
// addListEvidence(vendor, contents, blockVariable, EMAIL, Confidence.MEDIUM);
// }
addStringEvidence(vendor, contents, blockVariable, "homepage", "homepage", Confidence.HIGHEST);
addStringEvidence(vendor, contents, blockVariable, "license", "licen[cs]es?", Confidence.HIGHEST);
@@ -149,16 +147,6 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
setPackagePath(dependency);
}
// private void addListEvidence(EvidenceCollection evidences, String contents,
// String blockVariable, String field, Confidence confidence) {
// final Matcher matcher = Pattern.compile(
// String.format("\\s+?%s\\.%s\\s*?=\\s*?\\[(.*?)\\]", blockVariable, field)).matcher(contents);
// if (matcher.find()) {
// final String value = matcher.group(1).replaceAll("['\"]", " ").trim();
// evidences.addEvidence(GEMSPEC, field, value, confidence);
// }
// }
private String addStringEvidence(EvidenceCollection evidences, String contents,
String blockVariable, String field, String fieldPattern, Confidence confidence) {
String value = "";

13
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java
View File

@@ -100,4 +100,17 @@ public class RubyGemspecAnalyzerTest extends BaseTest {
assertThat(result.getProductEvidence().toString(), containsString("rest-client"));
assertThat(result.getVersionEvidence().toString(), containsString("1.7.2"));
}
/**
* Test Rakefile analysis.
*
* @throws AnalysisException is thrown when an exception occurs.
*/
//@Test TODO: place holder to test Rakefile support
public void testAnalyzeRakefile() throws AnalysisException {
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
"ruby/vulnerable/gems/rails-4.1.15/vendor/bundle/ruby/2.2.0/gems/pg-0.18.4/Rakefile"));
analyzer.analyze(result, null);
//TODO add verification
}
}