github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated to allow turning off individual file type analyzers via configuration

Browse Source 
Former-commit-id: c492d41e1b5ad0c890cb750370dff326c3d0de05
This commit is contained in:
Jeremy Long
2014-03-23 00:33:00 -04:00
parent 270db7829d
commit c80fdee99b
7 changed files with 252 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

199
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
View File

@@ -17,14 +17,16 @@
*/
package org.owasp.dependencycheck.analyzer;
import com.hazelcast.logging.Logger;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
/**
* The base FileTypeAnalyzer that all analyzers that have specific file types they analyze should extend.
@@ -33,88 +35,30 @@ import org.owasp.dependencycheck.dependency.Dependency;
*/
public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implements FileTypeAnalyzer {
//<editor-fold defaultstate="collapsed" desc="Constructor">
/**
* <p>
* Returns a list of supported file extensions. An example would be an analyzer that inspected java jar files. The
* getSupportedExtensions function would return a set with a single element "jar".</p>
*
* <p>
* <b>Note:</b> when implementing this the extensions returned MUST be lowercase.</p>
*
* @return The file extensions supported by this analyzer.
*
* <p>
* If the analyzer returns null it will not cause additional files to be analyzed but will be executed against every
* file loaded</p>
* Base constructor that all children must call. This checks the configuration to determine if the analyzer is
* enabled.
*/
protected abstract Set<String> getSupportedExtensions();
/**
* Initializes the file type analyzer.
*
* @throws Exception thrown if there is an exception during initialization
*/
protected abstract void initializeFileTypeAnalyzer() throws Exception;
/**
* Initializes the analyzer.
*
* @throws Exception thrown if there is an exception during initialization
*/
public final void initialize() throws Exception {
if (filesMatched) {
initializeFileTypeAnalyzer();
} else {
enabled = false;
public AbstractFileTypeAnalyzer() {
String key = Settings.KEYS.getFileAnalyzerEnabledKey(getAnalyzerSettingKey());
try {
enabled = Settings.getBoolean(key, true);
} catch (InvalidSettingException ex) {
String msg = String.format("Invalid settting for property '%s'", key);
LOGGER.log(Level.WARNING, msg);
LOGGER.log(Level.FINE, "", ex);
msg = String.format("%s has been disabled", getName());
LOGGER.log(Level.WARNING, msg);
}
}
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="Field defentitions">
/**
* Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
* @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
* The logger.
*/
protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException;
/**
* Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
* @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
@Override
public final void analyze(Dependency dependency, Engine engine) throws AnalysisException {
if (enabled) {
analyzeFileType(dependency, engine);
}
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this analyzer.
*/
@Override
public boolean supportsExtension(String extension) {
Set<String> ext = getSupportedExtensions();
if (ext == null) {
String msg = String.format("The '%s%' analyzer is misconfigured and does not have any file extensions; it will be disabled", getName());
Logger.getLogger(AbstractFileTypeAnalyzer.class.getName()).log(Level.SEVERE, msg);
return false;
} else {
boolean match = ext.contains(extension);
if (match) {
filesMatched = match;
}
return match;
}
}
private static final Logger LOGGER = Logger.getLogger(AbstractFileTypeAnalyzer.class.getName());
/**
* Whether the file type analyzer detected any files it needs to analyze.
*/
@@ -157,7 +101,109 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="Abstract methods children must implement">
/**
* <p>
* Returns a list of supported file extensions. An example would be an analyzer that inspected java jar files. The
* getSupportedExtensions function would return a set with a single element "jar".</p>
*
* <p>
* <b>Note:</b> when implementing this the extensions returned MUST be lowercase.</p>
*
* @return The file extensions supported by this analyzer.
*
* <p>
* If the analyzer returns null it will not cause additional files to be analyzed but will be executed against every
* file loaded</p>
*/
protected abstract Set<String> getSupportedExtensions();
/**
* Initializes the file type analyzer.
*
* @throws Exception thrown if there is an exception during initialization
*/
protected abstract void initializeFileTypeAnalyzer() throws Exception;
/**
* Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
* @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException;
/**
* <p>
* Returns the key used in the properties file to reference the analyzer. An example would be the JarAnalyzer where
* the key is "jar". One of the associated properties would be 'analyzer.jar.enabled.
*
* @return a short string used to look up configuration properties
*/
protected abstract String getAnalyzerSettingKey();
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="Final implementations for the Analyzer interface">
/**
* Initializes the analyzer.
*
* @throws Exception thrown if there is an exception during initialization
*/
@Override
public final void initialize() throws Exception {
if (filesMatched) {
initializeFileTypeAnalyzer();
} else {
enabled = false;
}
}
/**
* Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
* @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
@Override
public final void analyze(Dependency dependency, Engine engine) throws AnalysisException {
if (enabled) {
analyzeFileType(dependency, engine);
}
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this analyzer.
*/
@Override
public final boolean supportsExtension(String extension) {
if (!enabled) {
return false;
}
Set<String> ext = getSupportedExtensions();
if (ext == null) {
String msg = String.format("The '%s%' analyzer is misconfigured and does not have any file extensions; it will be disabled", getName());
Logger.getLogger(AbstractFileTypeAnalyzer.class.getName()).log(Level.SEVERE, msg);
return false;
} else {
boolean match = ext.contains(extension);
if (match) {
filesMatched = match;
}
return match;
}
}
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="Static utility methods">
/**
* <p>
* Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a
@@ -176,4 +222,5 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
Collections.addAll(set, strings);
return set;
}
//</editor-fold>
}

40
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -55,6 +55,10 @@ import org.owasp.dependencycheck.utils.Settings;
*/
public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The logger.
*/
private static final Logger LOGGER = Logger.getLogger(ArchiveAnalyzer.class.getName());
/**
* The buffer size to use when extracting files from the archive.
*/
@@ -75,6 +79,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
* Tracks the current scan/extraction depth for nested archives.
*/
private int scanDepth = 0;
//<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
/**
* The name of the analyzer.
@@ -134,6 +139,16 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
}
//</editor-fold>
/**
* Returns the key used in the properties file to reference the analyzer.
*
* @return a short string used to look up configuration properties
*/
@Override
protected String getAnalyzerSettingKey() {
return "archive";
}
/**
* The initialize method does nothing for this Analyzer.
*
@@ -167,11 +182,10 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
@Override
public void close() throws Exception {
if (tempFileLocation != null && tempFileLocation.exists()) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, "Attempting to delete temporary files");
LOGGER.log(Level.FINE, "Attempting to delete temporary files");
final boolean success = FileUtils.delete(tempFileLocation);
if (!success) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING,
"Failed to delete some temporary files, see the log for more details");
LOGGER.log(Level.WARNING, "Failed to delete some temporary files, see the log for more details");
}
}
}
@@ -261,7 +275,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
try {
fis = new FileInputStream(archive);
} catch (FileNotFoundException ex) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex);
LOGGER.log(Level.FINE, null, ex);
throw new AnalysisException("Archive file was not found.", ex);
}
final String archiveExt = FileUtils.getFileExtension(archive.getName()).toLowerCase();
@@ -279,17 +293,17 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
}
} catch (ArchiveExtractionException ex) {
final String msg = String.format("Exception extracting archive '%s'.", archive.getName());
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex);
LOGGER.log(Level.WARNING, msg);
LOGGER.log(Level.FINE, null, ex);
} catch (IOException ex) {
final String msg = String.format("Exception reading archive '%s'.", archive.getName());
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex);
LOGGER.log(Level.WARNING, msg);
LOGGER.log(Level.FINE, null, ex);
} finally {
try {
fis.close();
} catch (IOException ex) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINEST, null, ex);
LOGGER.log(Level.FINEST, null, ex);
}
}
}
@@ -368,7 +382,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
try {
input.close();
} catch (IOException ex) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINEST, null, ex);
LOGGER.log(Level.FINEST, null, ex);
}
}
}
@@ -391,17 +405,17 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
out.write(buffer, 0, n);
}
} catch (FileNotFoundException ex) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex);
LOGGER.log(Level.FINE, null, ex);
throw new ArchiveExtractionException(ex);
} catch (IOException ex) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex);
LOGGER.log(Level.FINE, null, ex);
throw new ArchiveExtractionException(ex);
} finally {
if (out != null) {
try {
out.close();
} catch (IOException ex) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINEST, null, ex);
LOGGER.log(Level.FINEST, null, ex);
}
}
}

10
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
View File

@@ -256,4 +256,14 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
/**
* Returns the key used in the properties file to reference the analyzer.
*
* @return a short string used to look up configuration properties
*/
@Override
protected String getAnalyzerSettingKey() {
return "assembly";
}
}

67
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -82,6 +82,10 @@ import org.xml.sax.XMLReader;
public class JarAnalyzer extends AbstractFileTypeAnalyzer {
//<editor-fold defaultstate="collapsed" desc="Constants and Member Variables">
/**
* The logger.
*/
private static final Logger LOGGER = Logger.getLogger(JarAnalyzer.class.getName());
/**
* The buffer size to use when extracting files from the archive.
*/
@@ -169,10 +173,11 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
final JAXBContext jaxbContext = JAXBContext.newInstance("org.owasp.dependencycheck.jaxb.pom.generated");
pomUnmarshaller = jaxbContext.createUnmarshaller();
} catch (JAXBException ex) { //guess we will just have a null pointer exception later...
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, "Unable to load parser. See the log for more details.");
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
LOGGER.log(Level.SEVERE, "Unable to load parser. See the log for more details.");
LOGGER.log(Level.FINE, null, ex);
}
}
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/**
* The name of the analyzer.
@@ -217,6 +222,16 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
}
//</editor-fold>
/**
* Returns the key used in the properties file to reference the analyzer.
*
* @return a short string used to look up configuration properties
*/
@Override
protected String getAnalyzerSettingKey() {
return "jar";
}
/**
* Loads a specified JAR file and collects information from the manifest and checksums to identify the correct CPE
* information.
@@ -264,8 +279,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} catch (IOException ex) {
final String msg = String.format("Unable to read JarFile '%s'.", dependency.getActualFilePath());
//final AnalysisException ax = new AnalysisException(msg, ex);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
LOGGER.log(Level.WARNING, msg);
LOGGER.log(Level.FINE, "", ex);
return false;
}
List<String> pomEntries;
@@ -274,8 +289,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} catch (IOException ex) {
final String msg = String.format("Unable to read Jar file entries in '%s'.", dependency.getActualFilePath());
//final AnalysisException ax = new AnalysisException(msg, ex);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ex);
LOGGER.log(Level.WARNING, msg);
LOGGER.log(Level.FINE, msg, ex);
return false;
}
if (pomEntries.isEmpty()) {
@@ -286,7 +301,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
try {
pomProperties = retrievePomProperties(path, jar);
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, "ignore this, failed reading a non-existent pom.properties", ex);
LOGGER.log(Level.FINEST, "ignore this, failed reading a non-existent pom.properties", ex);
}
Model pom = null;
try {
@@ -315,8 +330,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
}
} catch (AnalysisException ex) {
final String msg = String.format("An error occured while analyzing '%s'.", dependency.getActualFilePath());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, "", ex);
LOGGER.log(Level.WARNING, msg);
LOGGER.log(Level.FINE, "", ex);
}
}
return foundSomething;
@@ -393,7 +408,9 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
bos.flush();
dependency.setActualFilePath(file.getAbsolutePath());
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
final String msg = String.format("An error occured reading '%s' from '%s'.", path, dependency.getFilePath());
LOGGER.warning(msg);
LOGGER.log(Level.SEVERE, "", ex);
} finally {
closeStream(bos);
closeStream(fos);
@@ -409,18 +426,18 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
model = readPom(source);
} catch (FileNotFoundException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s' (File Not Found)", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
LOGGER.log(Level.WARNING, msg);
LOGGER.log(Level.FINE, "", ex);
throw new AnalysisException(ex);
} catch (UnsupportedEncodingException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
LOGGER.log(Level.WARNING, msg);
LOGGER.log(Level.FINE, "", ex);
throw new AnalysisException(ex);
} catch (AnalysisException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s'", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
LOGGER.log(Level.WARNING, msg);
LOGGER.log(Level.FINE, "", ex);
throw ex;
} finally {
closeStream(fis);
@@ -438,7 +455,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
try {
stream.close();
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex);
LOGGER.log(Level.FINEST, null, ex);
}
}
}
@@ -453,7 +470,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
try {
stream.close();
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex);
LOGGER.log(Level.FINEST, null, ex);
}
}
}
@@ -487,13 +504,13 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
throw new AnalysisException(ex);
} catch (IOException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
LOGGER.log(Level.WARNING, msg);
LOGGER.log(Level.FINE, "", ex);
throw new AnalysisException(ex);
} catch (Throwable ex) {
final String msg = String.format("Unexpected error during parsing of the pom '%s' in jar '%s'", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
LOGGER.log(Level.WARNING, msg);
LOGGER.log(Level.FINE, "", ex);
throw new AnalysisException(ex);
}
}
@@ -930,10 +947,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
@Override
public void close() {
if (tempFileLocation != null && tempFileLocation.exists()) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, "Attempting to delete temporary files");
LOGGER.log(Level.FINE, "Attempting to delete temporary files");
final boolean success = FileUtils.delete(tempFileLocation);
if (!success) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING,
LOGGER.log(Level.WARNING,
"Failed to delete some temporary files, see the log for more details");
}
}
@@ -1043,7 +1060,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
try {
jar.close();
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex);
LOGGER.log(Level.FINEST, null, ex);
}
}
}

18
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
View File

@@ -38,6 +38,11 @@ import org.owasp.dependencycheck.dependency.Dependency;
*/
public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The logger.
*/
private static final Logger LOGGER = Logger.getLogger(JavaScriptAnalyzer.class.getName());
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/**
* The name of the analyzer.
@@ -82,6 +87,15 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYSIS_PHASE;
}
//</editor-fold>
/**
* Returns the key used in the properties file to reference the analyzer.
*
* @return a short string used to look up configuration properties
*/
@Override
protected String getAnalyzerSettingKey() {
return "javascript";
}
/**
* Loads a specified JavaScript file and collects information from the copyright information contained within.
@@ -107,13 +121,13 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer {
final String msg = String.format("Dependency file not found: '%s'", dependency.getActualFilePath());
throw new AnalysisException(msg, ex);
} catch (IOException ex) {
Logger.getLogger(JavaScriptAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
LOGGER.log(Level.SEVERE, null, ex);
} finally {
if (fin != null) {
try {
fin.close();
} catch (IOException ex) {
Logger.getLogger(JavaScriptAnalyzer.class.getName()).log(Level.FINEST, null, ex);
LOGGER.log(Level.FINEST, null, ex);
}
}
}

19
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
View File

@@ -49,17 +49,17 @@ import org.owasp.dependencycheck.utils.Settings;
public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The logger
* The logger.
*/
private static final Logger LOGGER = Logger.getLogger(NexusAnalyzer.class.getName());
/**
* The name of the analyzer
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Nexus Analyzer";
/**
* The phase in which the analyzer runs
* The phase in which the analyzer runs.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
@@ -80,7 +80,6 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
*/
@Override
public void initializeFileTypeAnalyzer() throws Exception {
setEnabled(Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED));
LOGGER.fine("Initializing Nexus Analyzer");
LOGGER.fine(String.format("Nexus Analyzer enabled: %s", isEnabled()));
if (isEnabled()) {
@@ -111,6 +110,16 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYZER_NAME;
}
/**
* Returns the key used in the properties file to reference the analyzer.
*
* @return a short string used to look up configuration properties
*/
@Override
protected String getAnalyzerSettingKey() {
return "nexus";
}
/**
* Returns the analysis phase under which the analyzer runs.
*
@@ -167,5 +176,3 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
}
}
}
// vim: cc=120:sw=4:ts=4:sts=4

27
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
View File

@@ -18,12 +18,15 @@
package org.owasp.dependencycheck.analyzer;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nuget.NugetPackage;
import org.owasp.dependencycheck.data.nuget.NuspecParseException;
import org.owasp.dependencycheck.data.nuget.NuspecParser;
import org.owasp.dependencycheck.data.nuget.XPathNuspecParser;
import org.owasp.dependencycheck.dependency.Confidence;
@@ -37,17 +40,17 @@ import org.owasp.dependencycheck.dependency.Dependency;
public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The logger
* The logger.
*/
private static final Logger LOGGER = Logger.getLogger(NuspecAnalyzer.class.getName());
/**
* The name of the analyzer
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Nuspec Analyzer";
/**
* The phase in which the analyzer runs
* The phase in which the analyzer runs.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
@@ -75,6 +78,16 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYZER_NAME;
}
/**
* Returns the key used in the properties file to reference the analyzer.
*
* @return a short string used to look up configuration properties
*/
@Override
protected String getAnalyzerSettingKey() {
return "nexus";
}
/**
* Returns the analysis phase under which the analyzer runs.
*
@@ -112,11 +125,15 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
try {
fis = new FileInputStream(dependency.getActualFilePath());
np = parser.parse(fis);
} catch (NuspecParseException ex) {
throw new AnalysisException(ex);
} catch (FileNotFoundException ex) {
throw new AnalysisException(ex);
} finally {
if (fis != null) {
try {
fis.close();
} catch (Throwable e) {
} catch (IOException e) {
LOGGER.fine("Error closing input stream");
}
}
@@ -136,5 +153,3 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
}
}
}
// vim: cc=120:sw=4:ts=4:sts=4