github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 08:39:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated to correctly use utility class PomUtils

Browse Source 
Former-commit-id: 4c8cb205df42785aa71fa5f0621a52946000c200
This commit is contained in:
Jeremy Long
2015-04-07 06:58:58 -04:00
parent a088d20612
commit bcd9fb0be9
2 changed files with 8 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
View File

@@ -33,7 +33,7 @@ import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence; import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.jaxb.pom.PomUtils; import org.owasp.dependencycheck.xml.pom.PomUtils;
import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.DownloadFailedException;
import org.owasp.dependencycheck.utils.Downloader; import org.owasp.dependencycheck.utils.Downloader;
import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.InvalidSettingException;
@@ -76,10 +76,6 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
* The searcher itself. * The searcher itself.
*/ */
private CentralSearch searcher; private CentralSearch searcher;
/**
* Utility to read POM files.
*/
private PomUtils pomUtil = new PomUtils();
/** /**
* Field indicating if the analyzer is enabled. * Field indicating if the analyzer is enabled.
*/ */
@@ -216,7 +212,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
} }
LOGGER.fine(String.format("Downloading %s", ma.getPomUrl())); LOGGER.fine(String.format("Downloading %s", ma.getPomUrl()));
Downloader.fetchFile(new URL(ma.getPomUrl()), pomFile); Downloader.fetchFile(new URL(ma.getPomUrl()), pomFile);
pomUtil.analyzePOM(dependency, pomFile); PomUtils.analyzePOM(dependency, pomFile);
} catch (DownloadFailedException ex) { } catch (DownloadFailedException ex) {
final String msg = String.format("Unable to download pom.xml for %s from Central; " final String msg = String.format("Unable to download pom.xml for %s from Central; "

16
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
View File

@@ -33,7 +33,7 @@ import org.owasp.dependencycheck.data.nexus.NexusSearch;
import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence; import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.jaxb.pom.PomUtils; import org.owasp.dependencycheck.xml.pom.PomUtils;
import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.DownloadFailedException;
import org.owasp.dependencycheck.utils.Downloader; import org.owasp.dependencycheck.utils.Downloader;
@@ -45,10 +45,10 @@ import org.owasp.dependencycheck.utils.Settings;
* There are two settings which govern this behavior: * There are two settings which govern this behavior:
* *
* <ul> * <ul>
* <li>{@link org.owasp.dependencycheck.utils.Settings.KEYS#ANALYZER_NEXUS_ENABLED} determines whether this analyzer is * <li>{@link org.owasp.dependencycheck.utils.Settings.KEYS#ANALYZER_NEXUS_ENABLED} determines whether this analyzer is even
* even enabled. This can be overridden by setting the system property.</li> * enabled. This can be overridden by setting the system property.</li>
* <li>{@link org.owasp.dependencycheck.utils.Settings.KEYS#ANALYZER_NEXUS_URL} the URL to a Nexus service to search by * <li>{@link org.owasp.dependencycheck.utils.Settings.KEYS#ANALYZER_NEXUS_URL} the URL to a Nexus service to search by SHA-1.
* SHA-1. There is an expected <code>%s</code> in this where the SHA-1 will get entered.</li> * There is an expected <code>%s</code> in this where the SHA-1 will get entered.</li>
* </ul> * </ul>
* *
* @author colezlaw * @author colezlaw
@@ -89,10 +89,6 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
* Field indicating if the analyzer is enabled. * Field indicating if the analyzer is enabled.
*/ */
private final boolean enabled = checkEnabled(); private final boolean enabled = checkEnabled();
/**
* Field for doing POM work
*/
private final PomUtils pomUtil = new PomUtils();
/** /**
* Determines if this analyzer is enabled * Determines if this analyzer is enabled
@@ -233,7 +229,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
} }
LOGGER.fine(String.format("Downloading %s", ma.getPomUrl())); LOGGER.fine(String.format("Downloading %s", ma.getPomUrl()));
Downloader.fetchFile(new URL(ma.getPomUrl()), pomFile); Downloader.fetchFile(new URL(ma.getPomUrl()), pomFile);
pomUtil.analyzePOM(dependency, pomFile); PomUtils.analyzePOM(dependency, pomFile);
} catch (DownloadFailedException ex) { } catch (DownloadFailedException ex) {
final String msg = String.format("Unable to download pom.xml for %s from Nexus repository; " final String msg = String.format("Unable to download pom.xml for %s from Nexus repository; "
+ "this could result in undetected CPE/CVEs.", dependency.getFileName()); + "this could result in undetected CPE/CVEs.", dependency.getFileName());