diff --git a/src/main/java/org/owasp/dependencycheck/Engine.java b/src/main/java/org/owasp/dependencycheck/Engine.java index 7343cfa5c..b60ecb33d 100644 --- a/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/src/main/java/org/owasp/dependencycheck/Engine.java @@ -209,17 +209,15 @@ public class Engine { final List analyzerList = analyzers.get(phase); for (Analyzer a : analyzerList) { - final Iterator itrDependencies = dependencies.iterator(); - while (itrDependencies.hasNext()) { - final Dependency d = itrDependencies.next(); + //need to create a copy of the collection because some of the + // analyzers may modify it. This prevents ConcurrentModificationExceptions. + final Set dependencySet = new HashSet(); + dependencySet.addAll(dependencies); + for (Dependency d : dependencySet) { if (a.supportsExtension(d.getFileExtension())) { try { a.analyze(d, this); - //the following is mainly to deal with the DependencyBundlingAnalyzer - if (a.getPostAnalysisAction() == Analyzer.PostAnalysisAction.REMOVE_DEPENDENCY) { - itrDependencies.remove(); - } - } catch (AnalysisException ex) { + } catch (AnalysisException ex) { d.addAnalysisException(ex); } } diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java index dde8b7bad..7a768155a 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java @@ -58,13 +58,4 @@ public abstract class AbstractAnalyzer implements Analyzer { public void close() { //do nothing } - - /** - * Used to indicate if any steps should be taken after the analysis. The - * abstract implementation returns NOTHING. - * @return NOTHING - */ - public PostAnalysisAction getPostAnalysisAction() { - return PostAnalysisAction.NOTHING; - } } diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java index 224f22fd4..ad594ffdb 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java @@ -99,23 +99,4 @@ public interface Analyzer { * @throws Exception is thrown if an exception occurs closing the analyzer. */ void close() throws Exception; - - /** - * An enumeration of Post Analysis Actions. - */ - public enum PostAnalysisAction { - /** - * No action should be taken. - */ - NOTHING, - /** - * The dependency should be removed from the list of dependencies scanned. - */ - REMOVE_DEPENDENCY - } - /** - * Returns the post analysis action. - * @return the post analysis action - */ - PostAnalysisAction getPostAnalysisAction(); } diff --git a/src/main/java/org/owasp/dependencycheck/data/cpe/CPEAnalyzer.java b/src/main/java/org/owasp/dependencycheck/data/cpe/CPEAnalyzer.java index dd5f76710..e5097ffaf 100644 --- a/src/main/java/org/owasp/dependencycheck/data/cpe/CPEAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/data/cpe/CPEAnalyzer.java @@ -512,12 +512,4 @@ public class CPEAnalyzer implements Analyzer { public void initialize() throws Exception { this.open(); } - /** - * Used to indicate if any steps should be taken after the analysis. The - * abstract implementation returns NOTHING. - * @return NOTHING - */ - public PostAnalysisAction getPostAnalysisAction() { - return PostAnalysisAction.NOTHING; - } } diff --git a/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCveAnalyzer.java b/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCveAnalyzer.java index 90299d782..a855fd957 100644 --- a/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCveAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCveAnalyzer.java @@ -159,13 +159,4 @@ public class NvdCveAnalyzer implements Analyzer { public void initialize() throws Exception { this.open(); } - - /** - * Used to indicate if any steps should be taken after the analysis. The - * abstract implementation returns NOTHING. - * @return NOTHING - */ - public PostAnalysisAction getPostAnalysisAction() { - return PostAnalysisAction.NOTHING; - } }