From c80fdee99bdc77a16ae95c6d8ba6ca3c54e25a07 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 23 Mar 2014 00:33:00 -0400 Subject: [PATCH] updated to allow turning off individual file type analyzers via configuration Former-commit-id: c492d41e1b5ad0c890cb750370dff326c3d0de05 --- .../analyzer/AbstractFileTypeAnalyzer.java | 199 +++++++++++------- .../analyzer/ArchiveAnalyzer.java | 40 ++-- .../analyzer/AssemblyAnalyzer.java | 10 + .../dependencycheck/analyzer/JarAnalyzer.java | 67 +++--- .../analyzer/JavaScriptAnalyzer.java | 18 +- .../analyzer/NexusAnalyzer.java | 19 +- .../analyzer/NuspecAnalyzer.java | 27 ++- 7 files changed, 252 insertions(+), 128 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java index c8399d1db..25a1105e3 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java @@ -17,14 +17,16 @@ */ package org.owasp.dependencycheck.analyzer; -import com.hazelcast.logging.Logger; import java.util.Collections; import java.util.HashSet; import java.util.Set; import java.util.logging.Level; +import java.util.logging.Logger; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Dependency; +import org.owasp.dependencycheck.utils.InvalidSettingException; +import org.owasp.dependencycheck.utils.Settings; /** * The base FileTypeAnalyzer that all analyzers that have specific file types they analyze should extend. @@ -33,88 +35,30 @@ import org.owasp.dependencycheck.dependency.Dependency; */ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implements FileTypeAnalyzer { + // /** - *

- * Returns a list of supported file extensions. An example would be an analyzer that inspected java jar files. The - * getSupportedExtensions function would return a set with a single element "jar".

- * - *

- * Note: when implementing this the extensions returned MUST be lowercase.

- * - * @return The file extensions supported by this analyzer. - * - *

- * If the analyzer returns null it will not cause additional files to be analyzed but will be executed against every - * file loaded

+ * Base constructor that all children must call. This checks the configuration to determine if the analyzer is + * enabled. */ - protected abstract Set getSupportedExtensions(); - - /** - * Initializes the file type analyzer. - * - * @throws Exception thrown if there is an exception during initialization - */ - protected abstract void initializeFileTypeAnalyzer() throws Exception; - - /** - * Initializes the analyzer. - * - * @throws Exception thrown if there is an exception during initialization - */ - public final void initialize() throws Exception { - if (filesMatched) { - initializeFileTypeAnalyzer(); - } else { - enabled = false; + public AbstractFileTypeAnalyzer() { + String key = Settings.KEYS.getFileAnalyzerEnabledKey(getAnalyzerSettingKey()); + try { + enabled = Settings.getBoolean(key, true); + } catch (InvalidSettingException ex) { + String msg = String.format("Invalid settting for property '%s'", key); + LOGGER.log(Level.WARNING, msg); + LOGGER.log(Level.FINE, "", ex); + msg = String.format("%s has been disabled", getName()); + LOGGER.log(Level.WARNING, msg); } } +// + // /** - * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, - * scanned, and added to the list of dependencies within the engine. - * - * @param dependency the dependency to analyze - * @param engine the engine scanning - * @throws AnalysisException thrown if there is an analysis exception + * The logger. */ - protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException; - - /** - * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, - * scanned, and added to the list of dependencies within the engine. - * - * @param dependency the dependency to analyze - * @param engine the engine scanning - * @throws AnalysisException thrown if there is an analysis exception - */ - @Override - public final void analyze(Dependency dependency, Engine engine) throws AnalysisException { - if (enabled) { - analyzeFileType(dependency, engine); - } - } - - /** - * Returns whether or not this analyzer can process the given extension. - * - * @param extension the file extension to test for support. - * @return whether or not the specified file extension is supported by this analyzer. - */ - @Override - public boolean supportsExtension(String extension) { - Set ext = getSupportedExtensions(); - if (ext == null) { - String msg = String.format("The '%s%' analyzer is misconfigured and does not have any file extensions; it will be disabled", getName()); - Logger.getLogger(AbstractFileTypeAnalyzer.class.getName()).log(Level.SEVERE, msg); - return false; - } else { - boolean match = ext.contains(extension); - if (match) { - filesMatched = match; - } - return match; - } - } + private static final Logger LOGGER = Logger.getLogger(AbstractFileTypeAnalyzer.class.getName()); /** * Whether the file type analyzer detected any files it needs to analyze. */ @@ -157,7 +101,109 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen public void setEnabled(boolean enabled) { this.enabled = enabled; } +// + // + /** + *

+ * Returns a list of supported file extensions. An example would be an analyzer that inspected java jar files. The + * getSupportedExtensions function would return a set with a single element "jar".

+ * + *

+ * Note: when implementing this the extensions returned MUST be lowercase.

+ * + * @return The file extensions supported by this analyzer. + * + *

+ * If the analyzer returns null it will not cause additional files to be analyzed but will be executed against every + * file loaded

+ */ + protected abstract Set getSupportedExtensions(); + + /** + * Initializes the file type analyzer. + * + * @throws Exception thrown if there is an exception during initialization + */ + protected abstract void initializeFileTypeAnalyzer() throws Exception; + + /** + * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, + * scanned, and added to the list of dependencies within the engine. + * + * @param dependency the dependency to analyze + * @param engine the engine scanning + * @throws AnalysisException thrown if there is an analysis exception + */ + protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException; + + /** + *

+ * Returns the key used in the properties file to reference the analyzer. An example would be the JarAnalyzer where + * the key is "jar". One of the associated properties would be 'analyzer.jar.enabled. + * + * @return a short string used to look up configuration properties + */ + protected abstract String getAnalyzerSettingKey(); +// + + // + /** + * Initializes the analyzer. + * + * @throws Exception thrown if there is an exception during initialization + */ + @Override + public final void initialize() throws Exception { + if (filesMatched) { + initializeFileTypeAnalyzer(); + } else { + enabled = false; + } + } + + /** + * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, + * scanned, and added to the list of dependencies within the engine. + * + * @param dependency the dependency to analyze + * @param engine the engine scanning + * @throws AnalysisException thrown if there is an analysis exception + */ + @Override + public final void analyze(Dependency dependency, Engine engine) throws AnalysisException { + if (enabled) { + analyzeFileType(dependency, engine); + } + } + + /** + * Returns whether or not this analyzer can process the given extension. + * + * @param extension the file extension to test for support. + * @return whether or not the specified file extension is supported by this analyzer. + */ + @Override + public final boolean supportsExtension(String extension) { + if (!enabled) { + return false; + } + Set ext = getSupportedExtensions(); + if (ext == null) { + String msg = String.format("The '%s%' analyzer is misconfigured and does not have any file extensions; it will be disabled", getName()); + Logger.getLogger(AbstractFileTypeAnalyzer.class.getName()).log(Level.SEVERE, msg); + return false; + } else { + boolean match = ext.contains(extension); + if (match) { + filesMatched = match; + } + return match; + } + } +// + + // /** *

* Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a @@ -176,4 +222,5 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen Collections.addAll(set, strings); return set; } +// } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index 888b908ef..ed8cddd0d 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -55,6 +55,10 @@ import org.owasp.dependencycheck.utils.Settings; */ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { + /** + * The logger. + */ + private static final Logger LOGGER = Logger.getLogger(ArchiveAnalyzer.class.getName()); /** * The buffer size to use when extracting files from the archive. */ @@ -75,6 +79,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { * Tracks the current scan/extraction depth for nested archives. */ private int scanDepth = 0; + // /** * The name of the analyzer. @@ -134,6 +139,16 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { } // + /** + * Returns the key used in the properties file to reference the analyzer. + * + * @return a short string used to look up configuration properties + */ + @Override + protected String getAnalyzerSettingKey() { + return "archive"; + } + /** * The initialize method does nothing for this Analyzer. * @@ -167,11 +182,10 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { @Override public void close() throws Exception { if (tempFileLocation != null && tempFileLocation.exists()) { - Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, "Attempting to delete temporary files"); + LOGGER.log(Level.FINE, "Attempting to delete temporary files"); final boolean success = FileUtils.delete(tempFileLocation); if (!success) { - Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING, - "Failed to delete some temporary files, see the log for more details"); + LOGGER.log(Level.WARNING, "Failed to delete some temporary files, see the log for more details"); } } } @@ -261,7 +275,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { try { fis = new FileInputStream(archive); } catch (FileNotFoundException ex) { - Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex); + LOGGER.log(Level.FINE, null, ex); throw new AnalysisException("Archive file was not found.", ex); } final String archiveExt = FileUtils.getFileExtension(archive.getName()).toLowerCase(); @@ -279,17 +293,17 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { } } catch (ArchiveExtractionException ex) { final String msg = String.format("Exception extracting archive '%s'.", archive.getName()); - Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING, msg); - Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex); + LOGGER.log(Level.WARNING, msg); + LOGGER.log(Level.FINE, null, ex); } catch (IOException ex) { final String msg = String.format("Exception reading archive '%s'.", archive.getName()); - Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING, msg); - Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex); + LOGGER.log(Level.WARNING, msg); + LOGGER.log(Level.FINE, null, ex); } finally { try { fis.close(); } catch (IOException ex) { - Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINEST, null, ex); + LOGGER.log(Level.FINEST, null, ex); } } } @@ -368,7 +382,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { try { input.close(); } catch (IOException ex) { - Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINEST, null, ex); + LOGGER.log(Level.FINEST, null, ex); } } } @@ -391,17 +405,17 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { out.write(buffer, 0, n); } } catch (FileNotFoundException ex) { - Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex); + LOGGER.log(Level.FINE, null, ex); throw new ArchiveExtractionException(ex); } catch (IOException ex) { - Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex); + LOGGER.log(Level.FINE, null, ex); throw new ArchiveExtractionException(ex); } finally { if (out != null) { try { out.close(); } catch (IOException ex) { - Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINEST, null, ex); + LOGGER.log(Level.FINEST, null, ex); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java index c2dcd276a..1a5611d92 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java @@ -256,4 +256,14 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { public AnalysisPhase getAnalysisPhase() { return ANALYSIS_PHASE; } + + /** + * Returns the key used in the properties file to reference the analyzer. + * + * @return a short string used to look up configuration properties + */ + @Override + protected String getAnalyzerSettingKey() { + return "assembly"; + } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index e95581067..e1f888eff 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -82,6 +82,10 @@ import org.xml.sax.XMLReader; public class JarAnalyzer extends AbstractFileTypeAnalyzer { // + /** + * The logger. + */ + private static final Logger LOGGER = Logger.getLogger(JarAnalyzer.class.getName()); /** * The buffer size to use when extracting files from the archive. */ @@ -169,10 +173,11 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { final JAXBContext jaxbContext = JAXBContext.newInstance("org.owasp.dependencycheck.jaxb.pom.generated"); pomUnmarshaller = jaxbContext.createUnmarshaller(); } catch (JAXBException ex) { //guess we will just have a null pointer exception later... - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, "Unable to load parser. See the log for more details."); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); + LOGGER.log(Level.SEVERE, "Unable to load parser. See the log for more details."); + LOGGER.log(Level.FINE, null, ex); } } + // /** * The name of the analyzer. @@ -217,6 +222,16 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { } // + /** + * Returns the key used in the properties file to reference the analyzer. + * + * @return a short string used to look up configuration properties + */ + @Override + protected String getAnalyzerSettingKey() { + return "jar"; + } + /** * Loads a specified JAR file and collects information from the manifest and checksums to identify the correct CPE * information. @@ -264,8 +279,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { } catch (IOException ex) { final String msg = String.format("Unable to read JarFile '%s'.", dependency.getActualFilePath()); //final AnalysisException ax = new AnalysisException(msg, ex); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); + LOGGER.log(Level.WARNING, msg); + LOGGER.log(Level.FINE, "", ex); return false; } List pomEntries; @@ -274,8 +289,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { } catch (IOException ex) { final String msg = String.format("Unable to read Jar file entries in '%s'.", dependency.getActualFilePath()); //final AnalysisException ax = new AnalysisException(msg, ex); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ex); + LOGGER.log(Level.WARNING, msg); + LOGGER.log(Level.FINE, msg, ex); return false; } if (pomEntries.isEmpty()) { @@ -286,7 +301,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { try { pomProperties = retrievePomProperties(path, jar); } catch (IOException ex) { - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, "ignore this, failed reading a non-existent pom.properties", ex); + LOGGER.log(Level.FINEST, "ignore this, failed reading a non-existent pom.properties", ex); } Model pom = null; try { @@ -315,8 +330,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { } } catch (AnalysisException ex) { final String msg = String.format("An error occured while analyzing '%s'.", dependency.getActualFilePath()); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, "", ex); + LOGGER.log(Level.WARNING, msg); + LOGGER.log(Level.FINE, "", ex); } } return foundSomething; @@ -393,7 +408,9 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { bos.flush(); dependency.setActualFilePath(file.getAbsolutePath()); } catch (IOException ex) { - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex); + final String msg = String.format("An error occured reading '%s' from '%s'.", path, dependency.getFilePath()); + LOGGER.warning(msg); + LOGGER.log(Level.SEVERE, "", ex); } finally { closeStream(bos); closeStream(fos); @@ -409,18 +426,18 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { model = readPom(source); } catch (FileNotFoundException ex) { final String msg = String.format("Unable to parse pom '%s' in jar '%s' (File Not Found)", path, jar.getName()); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); + LOGGER.log(Level.WARNING, msg); + LOGGER.log(Level.FINE, "", ex); throw new AnalysisException(ex); } catch (UnsupportedEncodingException ex) { final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName()); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); + LOGGER.log(Level.WARNING, msg); + LOGGER.log(Level.FINE, "", ex); throw new AnalysisException(ex); } catch (AnalysisException ex) { final String msg = String.format("Unable to parse pom '%s' in jar '%s'", path, jar.getName()); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); + LOGGER.log(Level.WARNING, msg); + LOGGER.log(Level.FINE, "", ex); throw ex; } finally { closeStream(fis); @@ -438,7 +455,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { try { stream.close(); } catch (IOException ex) { - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex); + LOGGER.log(Level.FINEST, null, ex); } } } @@ -453,7 +470,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { try { stream.close(); } catch (IOException ex) { - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex); + LOGGER.log(Level.FINEST, null, ex); } } } @@ -487,13 +504,13 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { throw new AnalysisException(ex); } catch (IOException ex) { final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName()); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); + LOGGER.log(Level.WARNING, msg); + LOGGER.log(Level.FINE, "", ex); throw new AnalysisException(ex); } catch (Throwable ex) { final String msg = String.format("Unexpected error during parsing of the pom '%s' in jar '%s'", path, jar.getName()); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); + LOGGER.log(Level.WARNING, msg); + LOGGER.log(Level.FINE, "", ex); throw new AnalysisException(ex); } } @@ -930,10 +947,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { @Override public void close() { if (tempFileLocation != null && tempFileLocation.exists()) { - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, "Attempting to delete temporary files"); + LOGGER.log(Level.FINE, "Attempting to delete temporary files"); final boolean success = FileUtils.delete(tempFileLocation); if (!success) { - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, + LOGGER.log(Level.WARNING, "Failed to delete some temporary files, see the log for more details"); } } @@ -1043,7 +1060,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { try { jar.close(); } catch (IOException ex) { - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex); + LOGGER.log(Level.FINEST, null, ex); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java index e6b2742f8..bf059f593 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java @@ -38,6 +38,11 @@ import org.owasp.dependencycheck.dependency.Dependency; */ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer { + /** + * The logger. + */ + private static final Logger LOGGER = Logger.getLogger(JavaScriptAnalyzer.class.getName()); + // /** * The name of the analyzer. @@ -82,6 +87,15 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer { return ANALYSIS_PHASE; } // + /** + * Returns the key used in the properties file to reference the analyzer. + * + * @return a short string used to look up configuration properties + */ + @Override + protected String getAnalyzerSettingKey() { + return "javascript"; + } /** * Loads a specified JavaScript file and collects information from the copyright information contained within. @@ -107,13 +121,13 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer { final String msg = String.format("Dependency file not found: '%s'", dependency.getActualFilePath()); throw new AnalysisException(msg, ex); } catch (IOException ex) { - Logger.getLogger(JavaScriptAnalyzer.class.getName()).log(Level.SEVERE, null, ex); + LOGGER.log(Level.SEVERE, null, ex); } finally { if (fin != null) { try { fin.close(); } catch (IOException ex) { - Logger.getLogger(JavaScriptAnalyzer.class.getName()).log(Level.FINEST, null, ex); + LOGGER.log(Level.FINEST, null, ex); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java index 81ae02265..8babfa92e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java @@ -49,17 +49,17 @@ import org.owasp.dependencycheck.utils.Settings; public class NexusAnalyzer extends AbstractFileTypeAnalyzer { /** - * The logger + * The logger. */ private static final Logger LOGGER = Logger.getLogger(NexusAnalyzer.class.getName()); /** - * The name of the analyzer + * The name of the analyzer. */ private static final String ANALYZER_NAME = "Nexus Analyzer"; /** - * The phase in which the analyzer runs + * The phase in which the analyzer runs. */ private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION; @@ -80,7 +80,6 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { */ @Override public void initializeFileTypeAnalyzer() throws Exception { - setEnabled(Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED)); LOGGER.fine("Initializing Nexus Analyzer"); LOGGER.fine(String.format("Nexus Analyzer enabled: %s", isEnabled())); if (isEnabled()) { @@ -111,6 +110,16 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { return ANALYZER_NAME; } + /** + * Returns the key used in the properties file to reference the analyzer. + * + * @return a short string used to look up configuration properties + */ + @Override + protected String getAnalyzerSettingKey() { + return "nexus"; + } + /** * Returns the analysis phase under which the analyzer runs. * @@ -167,5 +176,3 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { } } } - -// vim: cc=120:sw=4:ts=4:sts=4 diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java index 70b9c700d..529d25fac 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java @@ -18,12 +18,15 @@ package org.owasp.dependencycheck.analyzer; import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; import java.util.Set; import java.util.logging.Level; import java.util.logging.Logger; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.data.nuget.NugetPackage; +import org.owasp.dependencycheck.data.nuget.NuspecParseException; import org.owasp.dependencycheck.data.nuget.NuspecParser; import org.owasp.dependencycheck.data.nuget.XPathNuspecParser; import org.owasp.dependencycheck.dependency.Confidence; @@ -37,17 +40,17 @@ import org.owasp.dependencycheck.dependency.Dependency; public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { /** - * The logger + * The logger. */ private static final Logger LOGGER = Logger.getLogger(NuspecAnalyzer.class.getName()); /** - * The name of the analyzer + * The name of the analyzer. */ private static final String ANALYZER_NAME = "Nuspec Analyzer"; /** - * The phase in which the analyzer runs + * The phase in which the analyzer runs. */ private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION; @@ -75,6 +78,16 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { return ANALYZER_NAME; } + /** + * Returns the key used in the properties file to reference the analyzer. + * + * @return a short string used to look up configuration properties + */ + @Override + protected String getAnalyzerSettingKey() { + return "nexus"; + } + /** * Returns the analysis phase under which the analyzer runs. * @@ -112,11 +125,15 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { try { fis = new FileInputStream(dependency.getActualFilePath()); np = parser.parse(fis); + } catch (NuspecParseException ex) { + throw new AnalysisException(ex); + } catch (FileNotFoundException ex) { + throw new AnalysisException(ex); } finally { if (fis != null) { try { fis.close(); - } catch (Throwable e) { + } catch (IOException e) { LOGGER.fine("Error closing input stream"); } } @@ -136,5 +153,3 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { } } } - -// vim: cc=120:sw=4:ts=4:sts=4