github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-18 23:34:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

code cleanup, checkstyle, codacy, findbugs, etc.

Browse Source
This commit is contained in:
Jeremy Long
2017-12-02 08:06:16 -05:00
parent a7dddfa905
commit c6363fde7a
5 changed files with 23 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
View File

@@ -77,7 +77,7 @@ public abstract class AbstractNpmAnalyzer extends AbstractFileTypeAnalyzer {
accept = false; accept = false;
} }
} catch (IOException ex) { } catch (IOException ex) {
throw new RuntimeException(ex); throw new RuntimeException("Unable to process dependency", ex);
} }
} }
@@ -211,38 +211,6 @@ public abstract class AbstractNpmAnalyzer extends AbstractFileTypeAnalyzer {
if (DependencyBundlingAnalyzer.npmVersionsMatch(version, dependencyVersion)) { if (DependencyBundlingAnalyzer.npmVersionsMatch(version, dependencyVersion)) {
return d; return d;
} }
// if (dependencyVersion.startsWith("^") || dependencyVersion.startsWith("~")) {
// dependencyVersion = dependencyVersion.substring(1);
// }
//
// if (version.equals(dependencyVersion)) {
// return d;
// }
// if (version.startsWith("^") || version.startsWith("~") || version.contains("*")) {
// String type;
// String tmp;
// if (version.startsWith("^") || version.startsWith("~")) {
// type = version.substring(0, 1);
// tmp = version.substring(1);
// } else {
// type = "*";
// tmp = version;
// }
// final String[] v = tmp.split(" ")[0].split("\\.");
// final String[] depVersion = dependencyVersion.split("\\.");
//
// if ("^".equals(type) && v[0].equals(depVersion[0])) {
// return d;
// } else if ("~".equals(type) && v.length >= 2 && depVersion.length >= 2
// && v[0].equals(depVersion[0]) && v[1].equals(depVersion[1])) {
// return d;
// } else if (v[0].equals("*")
// || (v.length >= 2 && v[0].equals(depVersion[0]) && v[1].equals("*"))
// || (v.length >= 3 && depVersion.length >= 2 && v[0].equals(depVersion[0])
// && v[1].equals(depVersion[1]) && v[2].equals("*"))) {
// return d;
// }
// }
} }
} }
return null; return null;
@@ -295,6 +263,7 @@ public abstract class AbstractNpmAnalyzer extends AbstractFileTypeAnalyzer {
sb.append(array.getString(x)); sb.append(array.getString(x));
} }
} }
dependency.setLicense(sb.toString());
} else { } else {
dependency.setLicense(json.getJsonObject("license").getString("type")); dependency.setLicense(json.getJsonObject("license").getString("type"));
} }

20
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
View File

@@ -85,7 +85,8 @@ public class NodePackageAnalyzer extends AbstractNpmAnalyzer {
*/ */
public static final String SHRINKWRAP_JSON = "npm-shrinkwrap.json"; public static final String SHRINKWRAP_JSON = "npm-shrinkwrap.json";
/** /**
* Filter that detects files named "package-lock.json" or "npm-shrinkwrap.json". * Filter that detects files named "package-lock.json" or
* "npm-shrinkwrap.json".
*/ */
private static final FileFilter PACKAGE_JSON_FILTER = FileFilterBuilder.newInstance() private static final FileFilter PACKAGE_JSON_FILTER = FileFilterBuilder.newInstance()
.addFilenames(PACKAGE_LOCK_JSON, SHRINKWRAP_JSON).build(); .addFilenames(PACKAGE_LOCK_JSON, SHRINKWRAP_JSON).build();
@@ -176,7 +177,7 @@ public class NodePackageAnalyzer extends AbstractNpmAnalyzer {
return; return;
} }
} catch (IOException ex) { } catch (IOException ex) {
throw new RuntimeException(ex); throw new AnalysisException("Unable to process dependency", ex);
} }
final File baseDir = dependencyFile.getParentFile(); final File baseDir = dependencyFile.getParentFile();
if (PACKAGE_LOCK_JSON.equals(dependency.getFileName())) { if (PACKAGE_LOCK_JSON.equals(dependency.getFileName())) {
@@ -210,14 +211,15 @@ public class NodePackageAnalyzer extends AbstractNpmAnalyzer {
* dependencies and then finding the package.json for the module and adding * dependencies and then finding the package.json for the module and adding
* it as a dependency. * it as a dependency.
* *
* @param json * @param json the data to process
* @param baseDir * @param baseDir the base directory being scanned
* @param rootFile * @param rootFile the root package-lock/npm-shrinkwrap being analyzed
* @param parentPackage * @param parentPackage the parent package name of the current node
* @param engine * @param engine a reference to the dependency-check engine
* @throws AnalysisException * @throws AnalysisException thrown if there is an exception
*/ */
private void processDependencies(final JsonObject json, File baseDir, File rootFile, final String parentPackage, Engine engine) throws AnalysisException { private void processDependencies(JsonObject json, File baseDir, File rootFile,
String parentPackage, Engine engine) throws AnalysisException {
if (json.containsKey("dependencies")) { if (json.containsKey("dependencies")) {
final JsonObject deps = json.getJsonObject("dependencies"); final JsonObject deps = json.getJsonObject("dependencies");
for (Map.Entry<String, JsonValue> entry : deps.entrySet()) { for (Map.Entry<String, JsonValue> entry : deps.entrySet()) {

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
View File

@@ -169,7 +169,7 @@ public class NspAnalyzer extends AbstractNpmAnalyzer {
return; return;
} }
} catch (IOException ex) { } catch (IOException ex) {
throw new RuntimeException(ex); throw new AnalysisException("Unable to process dependency", ex);
} }
try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) { try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {

10
dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java
View File

@@ -126,7 +126,7 @@ public class EscapeTool {
return "\"\""; return "\"\"";
} }
final String str = text.trim().replace("\n", " "); final String str = text.trim().replace("\n", " ");
if (str.length()==0) { if (str.length() == 0) {
return "\"\""; return "\"\"";
} }
return StringEscapeUtils.escapeCsv(str); return StringEscapeUtils.escapeCsv(str);
@@ -155,7 +155,7 @@ public class EscapeTool {
sb.append(id.getValue()); sb.append(id.getValue());
} }
} }
if (sb.length()==0) { if (sb.length() == 0) {
return "\"\""; return "\"\"";
} }
return StringEscapeUtils.escapeCsv(sb.toString()); return StringEscapeUtils.escapeCsv(sb.toString());
@@ -184,7 +184,7 @@ public class EscapeTool {
sb.append(id.getValue()); sb.append(id.getValue());
} }
} }
if (sb.length()==0) { if (sb.length() == 0) {
return "\"\""; return "\"\"";
} }
return StringEscapeUtils.escapeCsv(sb.toString()); return StringEscapeUtils.escapeCsv(sb.toString());
@@ -213,7 +213,7 @@ public class EscapeTool {
sb.append(id.getConfidence()); sb.append(id.getConfidence());
} }
} }
if (sb.length()==0) { if (sb.length() == 0) {
return "\"\""; return "\"\"";
} }
return StringEscapeUtils.escapeCsv(sb.toString()); return StringEscapeUtils.escapeCsv(sb.toString());
@@ -242,7 +242,7 @@ public class EscapeTool {
sb.append(id.getValue()); sb.append(id.getValue());
} }
} }
if (sb.length()==0) { if (sb.length() == 0) {
return "\"\""; return "\"\"";
} }
return StringEscapeUtils.escapeCsv(sb.toString()); return StringEscapeUtils.escapeCsv(sb.toString());

3
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NspAnalyzerTest.java
View File

@@ -91,6 +91,9 @@ public class NspAnalyzerTest extends BaseTest {
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/minimal-invalid.json")); final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/minimal-invalid.json"));
analyzer.analyze(result, engine); analyzer.analyze(result, engine);
// Upon analysis, not throwing an exception in this case, is all that's required to pass this test // Upon analysis, not throwing an exception in this case, is all that's required to pass this test
} catch(Throwable ex) {
fail("This test should not throw an exception");
throw ex;
} }
} }
} }