github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-20 00:04:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated to allow turning off individual file type analyzers via configuration

Browse Source 
Former-commit-id: c492d41e1b5ad0c890cb750370dff326c3d0de05
This commit is contained in:
Jeremy Long
2014-03-23 00:33:00 -04:00
parent 270db7829d
commit c80fdee99b
7 changed files with 252 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

199
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
View File

@@ -17,14 +17,16 @@
*/ */
package org.owasp.dependencycheck.analyzer; package org.owasp.dependencycheck.analyzer;
import com.hazelcast.logging.Logger;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger;
import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
/** /**
* The base FileTypeAnalyzer that all analyzers that have specific file types they analyze should extend. * The base FileTypeAnalyzer that all analyzers that have specific file types they analyze should extend.
@@ -33,88 +35,30 @@ import org.owasp.dependencycheck.dependency.Dependency;
*/ */
public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implements FileTypeAnalyzer { public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implements FileTypeAnalyzer {
//<editor-fold defaultstate="collapsed" desc="Constructor">
/** /**
* <p> * Base constructor that all children must call. This checks the configuration to determine if the analyzer is
* Returns a list of supported file extensions. An example would be an analyzer that inspected java jar files. The * enabled.
* getSupportedExtensions function would return a set with a single element "jar".</p>
*
* <p>
* <b>Note:</b> when implementing this the extensions returned MUST be lowercase.</p>
*
* @return The file extensions supported by this analyzer.
*
* <p>
* If the analyzer returns null it will not cause additional files to be analyzed but will be executed against every
* file loaded</p>
*/ */
protected abstract Set<String> getSupportedExtensions(); public AbstractFileTypeAnalyzer() {
String key = Settings.KEYS.getFileAnalyzerEnabledKey(getAnalyzerSettingKey());
/** try {
* Initializes the file type analyzer. enabled = Settings.getBoolean(key, true);
* } catch (InvalidSettingException ex) {
* @throws Exception thrown if there is an exception during initialization String msg = String.format("Invalid settting for property '%s'", key);
*/ LOGGER.log(Level.WARNING, msg);
protected abstract void initializeFileTypeAnalyzer() throws Exception; LOGGER.log(Level.FINE, "", ex);
msg = String.format("%s has been disabled", getName());
/** LOGGER.log(Level.WARNING, msg);
* Initializes the analyzer.
*
* @throws Exception thrown if there is an exception during initialization
*/
public final void initialize() throws Exception {
if (filesMatched) {
initializeFileTypeAnalyzer();
} else {
enabled = false;
} }
} }
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="Field defentitions">
/** /**
* Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, * The logger.
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
* @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/ */
protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException; private static final Logger LOGGER = Logger.getLogger(AbstractFileTypeAnalyzer.class.getName());
/**
* Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
* @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
@Override
public final void analyze(Dependency dependency, Engine engine) throws AnalysisException {
if (enabled) {
analyzeFileType(dependency, engine);
}
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this analyzer.
*/
@Override
public boolean supportsExtension(String extension) {
Set<String> ext = getSupportedExtensions();
if (ext == null) {
String msg = String.format("The '%s%' analyzer is misconfigured and does not have any file extensions; it will be disabled", getName());
Logger.getLogger(AbstractFileTypeAnalyzer.class.getName()).log(Level.SEVERE, msg);
return false;
} else {
boolean match = ext.contains(extension);
if (match) {
filesMatched = match;
}
return match;
}
}
/** /**
* Whether the file type analyzer detected any files it needs to analyze. * Whether the file type analyzer detected any files it needs to analyze.
*/ */
@@ -157,7 +101,109 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
public void setEnabled(boolean enabled) { public void setEnabled(boolean enabled) {
this.enabled = enabled; this.enabled = enabled;
} }
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="Abstract methods children must implement">
/**
* <p>
* Returns a list of supported file extensions. An example would be an analyzer that inspected java jar files. The
* getSupportedExtensions function would return a set with a single element "jar".</p>
*
* <p>
* <b>Note:</b> when implementing this the extensions returned MUST be lowercase.</p>
*
* @return The file extensions supported by this analyzer.
*
* <p>
* If the analyzer returns null it will not cause additional files to be analyzed but will be executed against every
* file loaded</p>
*/
protected abstract Set<String> getSupportedExtensions();
/**
* Initializes the file type analyzer.
*
* @throws Exception thrown if there is an exception during initialization
*/
protected abstract void initializeFileTypeAnalyzer() throws Exception;
/**
* Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
* @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException;
/**
* <p>
* Returns the key used in the properties file to reference the analyzer. An example would be the JarAnalyzer where
* the key is "jar". One of the associated properties would be 'analyzer.jar.enabled.
*
* @return a short string used to look up configuration properties
*/
protected abstract String getAnalyzerSettingKey();
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="Final implementations for the Analyzer interface">
/**
* Initializes the analyzer.
*
* @throws Exception thrown if there is an exception during initialization
*/
@Override
public final void initialize() throws Exception {
if (filesMatched) {
initializeFileTypeAnalyzer();
} else {
enabled = false;
}
}
/**
* Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
* @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
@Override
public final void analyze(Dependency dependency, Engine engine) throws AnalysisException {
if (enabled) {
analyzeFileType(dependency, engine);
}
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this analyzer.
*/
@Override
public final boolean supportsExtension(String extension) {
if (!enabled) {
return false;
}
Set<String> ext = getSupportedExtensions();
if (ext == null) {
String msg = String.format("The '%s%' analyzer is misconfigured and does not have any file extensions; it will be disabled", getName());
Logger.getLogger(AbstractFileTypeAnalyzer.class.getName()).log(Level.SEVERE, msg);
return false;
} else {
boolean match = ext.contains(extension);
if (match) {
filesMatched = match;
}
return match;
}
}
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="Static utility methods">
/** /**
* <p> * <p>
* Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a * Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a
@@ -176,4 +222,5 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
Collections.addAll(set, strings); Collections.addAll(set, strings);
return set; return set;
} }
//</editor-fold>
} }

40
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -55,6 +55,10 @@ import org.owasp.dependencycheck.utils.Settings;
*/ */
public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The logger.
*/
private static final Logger LOGGER = Logger.getLogger(ArchiveAnalyzer.class.getName());
/** /**
* The buffer size to use when extracting files from the archive. * The buffer size to use when extracting files from the archive.
*/ */
@@ -75,6 +79,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
* Tracks the current scan/extraction depth for nested archives. * Tracks the current scan/extraction depth for nested archives.
*/ */
private int scanDepth = 0; private int scanDepth = 0;
//<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer"> //<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
/** /**
* The name of the analyzer. * The name of the analyzer.
@@ -134,6 +139,16 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
} }
//</editor-fold> //</editor-fold>
/**
* Returns the key used in the properties file to reference the analyzer.
*
* @return a short string used to look up configuration properties
*/
@Override
protected String getAnalyzerSettingKey() {
return "archive";
}
/** /**
* The initialize method does nothing for this Analyzer. * The initialize method does nothing for this Analyzer.
* *
@@ -167,11 +182,10 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
@Override @Override
public void close() throws Exception { public void close() throws Exception {
if (tempFileLocation != null && tempFileLocation.exists()) { if (tempFileLocation != null && tempFileLocation.exists()) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, "Attempting to delete temporary files"); LOGGER.log(Level.FINE, "Attempting to delete temporary files");
final boolean success = FileUtils.delete(tempFileLocation); final boolean success = FileUtils.delete(tempFileLocation);
if (!success) { if (!success) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING, LOGGER.log(Level.WARNING, "Failed to delete some temporary files, see the log for more details");
"Failed to delete some temporary files, see the log for more details");
} }
} }
} }
@@ -261,7 +275,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
try { try {
fis = new FileInputStream(archive); fis = new FileInputStream(archive);
} catch (FileNotFoundException ex) { } catch (FileNotFoundException ex) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex); LOGGER.log(Level.FINE, null, ex);
throw new AnalysisException("Archive file was not found.", ex); throw new AnalysisException("Archive file was not found.", ex);
} }
final String archiveExt = FileUtils.getFileExtension(archive.getName()).toLowerCase(); final String archiveExt = FileUtils.getFileExtension(archive.getName()).toLowerCase();
@@ -279,17 +293,17 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
} }
} catch (ArchiveExtractionException ex) { } catch (ArchiveExtractionException ex) {
final String msg = String.format("Exception extracting archive '%s'.", archive.getName()); final String msg = String.format("Exception extracting archive '%s'.", archive.getName());
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING, msg); LOGGER.log(Level.WARNING, msg);
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex); LOGGER.log(Level.FINE, null, ex);
} catch (IOException ex) { } catch (IOException ex) {
final String msg = String.format("Exception reading archive '%s'.", archive.getName()); final String msg = String.format("Exception reading archive '%s'.", archive.getName());
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.WARNING, msg); LOGGER.log(Level.WARNING, msg);
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex); LOGGER.log(Level.FINE, null, ex);
} finally { } finally {
try { try {
fis.close(); fis.close();
} catch (IOException ex) { } catch (IOException ex) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINEST, null, ex); LOGGER.log(Level.FINEST, null, ex);
} }
} }
} }
@@ -368,7 +382,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
try { try {
input.close(); input.close();
} catch (IOException ex) { } catch (IOException ex) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINEST, null, ex); LOGGER.log(Level.FINEST, null, ex);
} }
} }
} }
@@ -391,17 +405,17 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
out.write(buffer, 0, n); out.write(buffer, 0, n);
} }
} catch (FileNotFoundException ex) { } catch (FileNotFoundException ex) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex); LOGGER.log(Level.FINE, null, ex);
throw new ArchiveExtractionException(ex); throw new ArchiveExtractionException(ex);
} catch (IOException ex) { } catch (IOException ex) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINE, null, ex); LOGGER.log(Level.FINE, null, ex);
throw new ArchiveExtractionException(ex); throw new ArchiveExtractionException(ex);
} finally { } finally {
if (out != null) { if (out != null) {
try { try {
out.close(); out.close();
} catch (IOException ex) { } catch (IOException ex) {
Logger.getLogger(ArchiveAnalyzer.class.getName()).log(Level.FINEST, null, ex); LOGGER.log(Level.FINEST, null, ex);
} }
} }
} }

10
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
View File

@@ -256,4 +256,14 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
public AnalysisPhase getAnalysisPhase() { public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE; return ANALYSIS_PHASE;
} }
/**
* Returns the key used in the properties file to reference the analyzer.
*
* @return a short string used to look up configuration properties
*/
@Override
protected String getAnalyzerSettingKey() {
return "assembly";
}
} }

67
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -82,6 +82,10 @@ import org.xml.sax.XMLReader;
public class JarAnalyzer extends AbstractFileTypeAnalyzer { public class JarAnalyzer extends AbstractFileTypeAnalyzer {
//<editor-fold defaultstate="collapsed" desc="Constants and Member Variables"> //<editor-fold defaultstate="collapsed" desc="Constants and Member Variables">
/**
* The logger.
*/
private static final Logger LOGGER = Logger.getLogger(JarAnalyzer.class.getName());
/** /**
* The buffer size to use when extracting files from the archive. * The buffer size to use when extracting files from the archive.
*/ */
@@ -169,10 +173,11 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
final JAXBContext jaxbContext = JAXBContext.newInstance("org.owasp.dependencycheck.jaxb.pom.generated"); final JAXBContext jaxbContext = JAXBContext.newInstance("org.owasp.dependencycheck.jaxb.pom.generated");
pomUnmarshaller = jaxbContext.createUnmarshaller(); pomUnmarshaller = jaxbContext.createUnmarshaller();
} catch (JAXBException ex) { //guess we will just have a null pointer exception later... } catch (JAXBException ex) { //guess we will just have a null pointer exception later...
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, "Unable to load parser. See the log for more details."); LOGGER.log(Level.SEVERE, "Unable to load parser. See the log for more details.");
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); LOGGER.log(Level.FINE, null, ex);
} }
} }
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer"> //<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/** /**
* The name of the analyzer. * The name of the analyzer.
@@ -217,6 +222,16 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} }
//</editor-fold> //</editor-fold>
/**
* Returns the key used in the properties file to reference the analyzer.
*
* @return a short string used to look up configuration properties
*/
@Override
protected String getAnalyzerSettingKey() {
return "jar";
}
/** /**
* Loads a specified JAR file and collects information from the manifest and checksums to identify the correct CPE * Loads a specified JAR file and collects information from the manifest and checksums to identify the correct CPE
* information. * information.
@@ -264,8 +279,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} catch (IOException ex) { } catch (IOException ex) {
final String msg = String.format("Unable to read JarFile '%s'.", dependency.getActualFilePath()); final String msg = String.format("Unable to read JarFile '%s'.", dependency.getActualFilePath());
//final AnalysisException ax = new AnalysisException(msg, ex); //final AnalysisException ax = new AnalysisException(msg, ex);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); LOGGER.log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); LOGGER.log(Level.FINE, "", ex);
return false; return false;
} }
List<String> pomEntries; List<String> pomEntries;
@@ -274,8 +289,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} catch (IOException ex) { } catch (IOException ex) {
final String msg = String.format("Unable to read Jar file entries in '%s'.", dependency.getActualFilePath()); final String msg = String.format("Unable to read Jar file entries in '%s'.", dependency.getActualFilePath());
//final AnalysisException ax = new AnalysisException(msg, ex); //final AnalysisException ax = new AnalysisException(msg, ex);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); LOGGER.log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ex); LOGGER.log(Level.FINE, msg, ex);
return false; return false;
} }
if (pomEntries.isEmpty()) { if (pomEntries.isEmpty()) {
@@ -286,7 +301,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
try { try {
pomProperties = retrievePomProperties(path, jar); pomProperties = retrievePomProperties(path, jar);
} catch (IOException ex) { } catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, "ignore this, failed reading a non-existent pom.properties", ex); LOGGER.log(Level.FINEST, "ignore this, failed reading a non-existent pom.properties", ex);
} }
Model pom = null; Model pom = null;
try { try {
@@ -315,8 +330,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} }
} catch (AnalysisException ex) { } catch (AnalysisException ex) {
final String msg = String.format("An error occured while analyzing '%s'.", dependency.getActualFilePath()); final String msg = String.format("An error occured while analyzing '%s'.", dependency.getActualFilePath());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); LOGGER.log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, "", ex); LOGGER.log(Level.FINE, "", ex);
} }
} }
return foundSomething; return foundSomething;
@@ -393,7 +408,9 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
bos.flush(); bos.flush();
dependency.setActualFilePath(file.getAbsolutePath()); dependency.setActualFilePath(file.getAbsolutePath());
} catch (IOException ex) { } catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex); final String msg = String.format("An error occured reading '%s' from '%s'.", path, dependency.getFilePath());
LOGGER.warning(msg);
LOGGER.log(Level.SEVERE, "", ex);
} finally { } finally {
closeStream(bos); closeStream(bos);
closeStream(fos); closeStream(fos);
@@ -409,18 +426,18 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
model = readPom(source); model = readPom(source);
} catch (FileNotFoundException ex) { } catch (FileNotFoundException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s' (File Not Found)", path, jar.getName()); final String msg = String.format("Unable to parse pom '%s' in jar '%s' (File Not Found)", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); LOGGER.log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); LOGGER.log(Level.FINE, "", ex);
throw new AnalysisException(ex); throw new AnalysisException(ex);
} catch (UnsupportedEncodingException ex) { } catch (UnsupportedEncodingException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName()); final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); LOGGER.log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); LOGGER.log(Level.FINE, "", ex);
throw new AnalysisException(ex); throw new AnalysisException(ex);
} catch (AnalysisException ex) { } catch (AnalysisException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s'", path, jar.getName()); final String msg = String.format("Unable to parse pom '%s' in jar '%s'", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); LOGGER.log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); LOGGER.log(Level.FINE, "", ex);
throw ex; throw ex;
} finally { } finally {
closeStream(fis); closeStream(fis);
@@ -438,7 +455,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
try { try {
stream.close(); stream.close();
} catch (IOException ex) { } catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex); LOGGER.log(Level.FINEST, null, ex);
} }
} }
} }
@@ -453,7 +470,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
try { try {
stream.close(); stream.close();
} catch (IOException ex) { } catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex); LOGGER.log(Level.FINEST, null, ex);
} }
} }
} }
@@ -487,13 +504,13 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
throw new AnalysisException(ex); throw new AnalysisException(ex);
} catch (IOException ex) { } catch (IOException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName()); final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); LOGGER.log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); LOGGER.log(Level.FINE, "", ex);
throw new AnalysisException(ex); throw new AnalysisException(ex);
} catch (Throwable ex) { } catch (Throwable ex) {
final String msg = String.format("Unexpected error during parsing of the pom '%s' in jar '%s'", path, jar.getName()); final String msg = String.format("Unexpected error during parsing of the pom '%s' in jar '%s'", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg); LOGGER.log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); LOGGER.log(Level.FINE, "", ex);
throw new AnalysisException(ex); throw new AnalysisException(ex);
} }
} }
@@ -930,10 +947,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
@Override @Override
public void close() { public void close() {
if (tempFileLocation != null && tempFileLocation.exists()) { if (tempFileLocation != null && tempFileLocation.exists()) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, "Attempting to delete temporary files"); LOGGER.log(Level.FINE, "Attempting to delete temporary files");
final boolean success = FileUtils.delete(tempFileLocation); final boolean success = FileUtils.delete(tempFileLocation);
if (!success) { if (!success) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, LOGGER.log(Level.WARNING,
"Failed to delete some temporary files, see the log for more details"); "Failed to delete some temporary files, see the log for more details");
} }
} }
@@ -1043,7 +1060,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
try { try {
jar.close(); jar.close();
} catch (IOException ex) { } catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, null, ex); LOGGER.log(Level.FINEST, null, ex);
} }
} }
} }

18
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
View File

@@ -38,6 +38,11 @@ import org.owasp.dependencycheck.dependency.Dependency;
*/ */
public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer { public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The logger.
*/
private static final Logger LOGGER = Logger.getLogger(JavaScriptAnalyzer.class.getName());
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer"> //<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/** /**
* The name of the analyzer. * The name of the analyzer.
@@ -82,6 +87,15 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYSIS_PHASE; return ANALYSIS_PHASE;
} }
//</editor-fold> //</editor-fold>
/**
* Returns the key used in the properties file to reference the analyzer.
*
* @return a short string used to look up configuration properties
*/
@Override
protected String getAnalyzerSettingKey() {
return "javascript";
}
/** /**
* Loads a specified JavaScript file and collects information from the copyright information contained within. * Loads a specified JavaScript file and collects information from the copyright information contained within.
@@ -107,13 +121,13 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer {
final String msg = String.format("Dependency file not found: '%s'", dependency.getActualFilePath()); final String msg = String.format("Dependency file not found: '%s'", dependency.getActualFilePath());
throw new AnalysisException(msg, ex); throw new AnalysisException(msg, ex);
} catch (IOException ex) { } catch (IOException ex) {
Logger.getLogger(JavaScriptAnalyzer.class.getName()).log(Level.SEVERE, null, ex); LOGGER.log(Level.SEVERE, null, ex);
} finally { } finally {
if (fin != null) { if (fin != null) {
try { try {
fin.close(); fin.close();
} catch (IOException ex) { } catch (IOException ex) {
Logger.getLogger(JavaScriptAnalyzer.class.getName()).log(Level.FINEST, null, ex); LOGGER.log(Level.FINEST, null, ex);
} }
} }
} }

19
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
View File

@@ -49,17 +49,17 @@ import org.owasp.dependencycheck.utils.Settings;
public class NexusAnalyzer extends AbstractFileTypeAnalyzer { public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
/** /**
* The logger * The logger.
*/ */
private static final Logger LOGGER = Logger.getLogger(NexusAnalyzer.class.getName()); private static final Logger LOGGER = Logger.getLogger(NexusAnalyzer.class.getName());
/** /**
* The name of the analyzer * The name of the analyzer.
*/ */
private static final String ANALYZER_NAME = "Nexus Analyzer"; private static final String ANALYZER_NAME = "Nexus Analyzer";
/** /**
* The phase in which the analyzer runs * The phase in which the analyzer runs.
*/ */
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION; private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
@@ -80,7 +80,6 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
*/ */
@Override @Override
public void initializeFileTypeAnalyzer() throws Exception { public void initializeFileTypeAnalyzer() throws Exception {
setEnabled(Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED));
LOGGER.fine("Initializing Nexus Analyzer"); LOGGER.fine("Initializing Nexus Analyzer");
LOGGER.fine(String.format("Nexus Analyzer enabled: %s", isEnabled())); LOGGER.fine(String.format("Nexus Analyzer enabled: %s", isEnabled()));
if (isEnabled()) { if (isEnabled()) {
@@ -111,6 +110,16 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYZER_NAME; return ANALYZER_NAME;
} }
/**
* Returns the key used in the properties file to reference the analyzer.
*
* @return a short string used to look up configuration properties
*/
@Override
protected String getAnalyzerSettingKey() {
return "nexus";
}
/** /**
* Returns the analysis phase under which the analyzer runs. * Returns the analysis phase under which the analyzer runs.
* *
@@ -167,5 +176,3 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
} }
} }
} }
// vim: cc=120:sw=4:ts=4:sts=4

27
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
View File

@@ -18,12 +18,15 @@
package org.owasp.dependencycheck.analyzer; package org.owasp.dependencycheck.analyzer;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Set; import java.util.Set;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nuget.NugetPackage; import org.owasp.dependencycheck.data.nuget.NugetPackage;
import org.owasp.dependencycheck.data.nuget.NuspecParseException;
import org.owasp.dependencycheck.data.nuget.NuspecParser; import org.owasp.dependencycheck.data.nuget.NuspecParser;
import org.owasp.dependencycheck.data.nuget.XPathNuspecParser; import org.owasp.dependencycheck.data.nuget.XPathNuspecParser;
import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Confidence;
@@ -37,17 +40,17 @@ import org.owasp.dependencycheck.dependency.Dependency;
public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
/** /**
* The logger * The logger.
*/ */
private static final Logger LOGGER = Logger.getLogger(NuspecAnalyzer.class.getName()); private static final Logger LOGGER = Logger.getLogger(NuspecAnalyzer.class.getName());
/** /**
* The name of the analyzer * The name of the analyzer.
*/ */
private static final String ANALYZER_NAME = "Nuspec Analyzer"; private static final String ANALYZER_NAME = "Nuspec Analyzer";
/** /**
* The phase in which the analyzer runs * The phase in which the analyzer runs.
*/ */
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION; private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
@@ -75,6 +78,16 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
return ANALYZER_NAME; return ANALYZER_NAME;
} }
/**
* Returns the key used in the properties file to reference the analyzer.
*
* @return a short string used to look up configuration properties
*/
@Override
protected String getAnalyzerSettingKey() {
return "nexus";
}
/** /**
* Returns the analysis phase under which the analyzer runs. * Returns the analysis phase under which the analyzer runs.
* *
@@ -112,11 +125,15 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
try { try {
fis = new FileInputStream(dependency.getActualFilePath()); fis = new FileInputStream(dependency.getActualFilePath());
np = parser.parse(fis); np = parser.parse(fis);
} catch (NuspecParseException ex) {
throw new AnalysisException(ex);
} catch (FileNotFoundException ex) {
throw new AnalysisException(ex);
} finally { } finally {
if (fis != null) { if (fis != null) {
try { try {
fis.close(); fis.close();
} catch (Throwable e) { } catch (IOException e) {
LOGGER.fine("Error closing input stream"); LOGGER.fine("Error closing input stream");
} }
} }
@@ -136,5 +153,3 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
} }
} }
} }
// vim: cc=120:sw=4:ts=4:sts=4