improved the abstract base class to support enabling/disabling each FileTypeAnalyzer

Former-commit-id: 9dd07ede35cdf2b5b4babb7d577f30d338c0af3c
2026-01-14 15:53:36 +01:00 · 2014-03-17 00:08:04 -04:00
parent d6266c36bf
commit c85b547502
7 changed files with 111 additions and 61 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
@@ -22,8 +22,12 @@ import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.logging.Level;
+import org.owasp.dependencycheck.Engine;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
+import org.owasp.dependencycheck.dependency.Dependency;

 /**
+ * The base FileTypeAnalyzer that all analyzers that have specific file types they analyze should extend.
 *
 * @author Jeremy Long <jeremy.long@owasp.org>
 */
@@ -46,20 +50,48 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
    protected abstract Set<String> getSupportedExtensions();

    /**
-     * Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a
-     * final static declaration.<br/><br/>
+     * Initializes the file type analyzer.
     *
-     * This implementation was copied from
-     * http://stackoverflow.com/questions/2041778/initialize-java-hashset-values-by-construction
-     *
-     * @param strings a list of strings to add to the set.
-     * @return a Set of strings.
+     * @throws Exception thrown if there is an exception during initialization
     */
-    protected static Set<String> newHashSet(String... strings) {
-        final Set<String> set = new HashSet<String>();
+    protected abstract void initializeFileTypeAnalyzer() throws Exception;

-        Collections.addAll(set, strings);
-        return set;
+    /**
+     * Initializes the analyzer.
+     *
+     * @throws Exception thrown if there is an exception during initialization
+     */
+    public final void initialize() throws Exception {
+        if (filesMatched) {
+            initializeFileTypeAnalyzer();
+        } else {
+            enabled = false;
+        }
+    }
+
+    /**
+     * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
+     * scanned, and added to the list of dependencies within the engine.
+     *
+     * @param dependency the dependency to analyze
+     * @param engine the engine scanning
+     * @throws AnalysisException thrown if there is an analysis exception
+     */
+    protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException;
+
+    /**
+     * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
+     * scanned, and added to the list of dependencies within the engine.
+     *
+     * @param dependency the dependency to analyze
+     * @param engine the engine scanning
+     * @throws AnalysisException thrown if there is an analysis exception
+     */
+    @Override
+    public final void analyze(Dependency dependency, Engine engine) throws AnalysisException {
+        if (enabled) {
+            analyzeFileType(dependency, engine);
+        }
    }

    /**
@@ -89,21 +121,59 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
    private boolean filesMatched = false;

    /**
-     * Get the value of filesMatched
+     * Get the value of filesMatched. A flag indicating whether the scan included any file types this analyzer supports.
     *
     * @return the value of filesMatched
     */
-    public boolean isFilesMatched() {
+    protected boolean isFilesMatched() {
        return filesMatched;
    }

    /**
-     * Set the value of filesMatched
+     * Set the value of filesMatched. A flag indicating whether the scan included any file types this analyzer supports.
     *
     * @param filesMatched new value of filesMatched
     */
-    public void setFilesMatched(boolean filesMatched) {
+    protected void setFilesMatched(boolean filesMatched) {
        this.filesMatched = filesMatched;
    }

+    private boolean enabled = true;
+
+    /**
+     * Get the value of enabled
+     *
+     * @return the value of enabled
+     */
+    public boolean isEnabled() {
+        return enabled;
+    }
+
+    /**
+     * Set the value of enabled
+     *
+     * @param enabled new value of enabled
+     */
+    public void setEnabled(boolean enabled) {
+        this.enabled = enabled;
+    }
+
+    /**
+     * <p>
+     * Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a
+     * final static declaration.</p>
+     *
+     * <p>
+     * This implementation was copied from
+     * http://stackoverflow.com/questions/2041778/initialize-java-hashset-values-by-construction</p>
+     *
+     * @param strings a list of strings to add to the set.
+     * @return a Set of strings.
+     */
+    protected static Set<String> newHashSet(String... strings) {
+        final Set<String> set = new HashSet<String>();
+
+        Collections.addAll(set, strings);
+        return set;
+    }
 }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -53,7 +53,7 @@ import org.owasp.dependencycheck.utils.Settings;
 *
 * @author Jeremy Long <jeremy.long@owasp.org>
 */
-public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer {
+public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {

    /**
     * The buffer size to use when extracting files from the archive.
@@ -140,11 +140,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer implements Analyze
     * @throws Exception is thrown if there is an exception deleting or creating temporary files
     */
    @Override
-    public void initialize() throws Exception {
-        super.initialize();
-        if (!isFilesMatched()) {
-            return;
-        }
+    public void initializeFileTypeAnalyzer() throws Exception {
        final File baseDir = Settings.getTempDirectory();
        if (!baseDir.exists()) {
            if (!baseDir.mkdirs()) {
@@ -189,7 +185,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer implements Analyze
     * @throws AnalysisException thrown if there is an analysis exception
     */
    @Override
-    public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
+    public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
        final File f = new File(dependency.getActualFilePath());
        final File tmpDir = getNextTempDirectory();
        extractFiles(f, tmpDir, engine);
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
@@ -101,7 +101,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
     * @throws AnalysisException if anything goes sideways
     */
    @Override
-    public void analyze(Dependency dependency, Engine engine)
+    public void analyzeFileType(Dependency dependency, Engine engine)
            throws AnalysisException {
        if (grokAssemblyExe == null) {
            LOG.warning("GrokAssembly didn't get deployed");
@@ -156,11 +156,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
     * @throws Exception if anything goes wrong
     */
    @Override
-    public void initialize() throws Exception {
-        super.initialize();
-        if (!isFilesMatched()) {
-            return; //no work to do, so don't initialize
-        }
+    public void initializeFileTypeAnalyzer() throws Exception {
        final File tempFile = File.createTempFile("GKA", ".exe", Settings.getTempDirectory());
        FileOutputStream fos = null;
        InputStream is = null;
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -79,7 +79,7 @@ import org.xml.sax.XMLReader;
 *
 * @author Jeremy Long <jeremy.long@owasp.org>
 */
-public class JarAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer {
+public class JarAnalyzer extends AbstractFileTypeAnalyzer {

    //<editor-fold defaultstate="collapsed" desc="Constants and Member Variables">
    /**
@@ -226,7 +226,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, F
     * @throws AnalysisException is thrown if there is an error reading the JAR file.
     */
    @Override
-    public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
+    public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
        try {
            final ArrayList<ClassNameInformation> classNames = collectClassNames(dependency);
            final String fileName = dependency.getFileName().toLowerCase();
@@ -900,15 +900,12 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, F
    private File tempFileLocation = null;

    /**
-     * The initialize method does nothing for this Analyzer.
+     * Initializes the JarAnalyzer.
     *
     * @throws Exception is thrown if there is an exception creating a temporary directory
     */
    @Override
-    public void initialize() throws Exception {
-        if (!this.isFilesMatched()) {
-            return; //no files matched, no need to initialize
-        }
+    public void initializeFileTypeAnalyzer() throws Exception {
        final File baseDir = Settings.getTempDirectory();
        if (!baseDir.exists()) {
            if (!baseDir.mkdirs()) {
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
@@ -36,7 +36,7 @@ import org.owasp.dependencycheck.dependency.Dependency;
 *
 * @author Jeremy Long <jeremy.long@owasp.org>
 */
-public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer {
+public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer {

    //<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
    /**
@@ -91,7 +91,7 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer implements Anal
     * @throws AnalysisException is thrown if there is an error reading the JavaScript file.
     */
    @Override
-    public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
+    public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
        BufferedReader fin = null;;
        try {
            //  /\*([^\*][^/]|[\r\n\f])+?\*/
@@ -118,4 +118,9 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer implements Anal
            }
        }
    }
+
+    @Override
+    protected void initializeFileTypeAnalyzer() throws Exception {
+
+    }
 }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
@@ -46,7 +46,7 @@ import org.owasp.dependencycheck.utils.Settings;
 *
 * @author colezlaw
 */
-public class NexusAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer {
+public class NexusAnalyzer extends AbstractFileTypeAnalyzer {

    /**
     * The logger
@@ -68,11 +68,6 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer,
     */
    private static final Set<String> SUPPORTED_EXTENSIONS = newHashSet("jar");

-    /**
-     * Whether this is actually enabled. Will get set during initialization.
-     */
-    private boolean enabled = false;
-
    /**
     * The Nexus Search to be set up for this analyzer.
     */
@@ -84,28 +79,24 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer,
     * @throws Exception if there's an error during initialization
     */
    @Override
-    public void initialize() throws Exception {
-        if (!isFilesMatched()) {
-            enabled = false;
-            return; //no work to do so don't initialize
-        }
-        enabled = Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED);
+    public void initializeFileTypeAnalyzer() throws Exception {
+        setEnabled(Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED));
        LOGGER.fine("Initializing Nexus Analyzer");
-        LOGGER.fine(String.format("Nexus Analyzer enabled: %s", enabled));
-        if (enabled) {
+        LOGGER.fine(String.format("Nexus Analyzer enabled: %s", isEnabled()));
+        if (isEnabled()) {
            final String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL);
            LOGGER.fine(String.format("Nexus Analyzer URL: %s", searchUrl));
            try {
                searcher = new NexusSearch(new URL(searchUrl));
                if (!searcher.preflightRequest()) {
                    LOGGER.warning("There was an issue getting Nexus status. Disabling analyzer.");
-                    enabled = false;
+                    setEnabled(false);
                }
            } catch (MalformedURLException mue) {
                // I know that initialize can throw an exception, but we'll
                // just disable the analyzer if the URL isn't valid
                LOGGER.warning(String.format("Property %s not a valid URL. Nexus Analyzer disabled", searchUrl));
-                enabled = false;
+                setEnabled(false);
            }
        }
    }
@@ -148,12 +139,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer,
     * @throws AnalysisException when there's an exception during analysis
     */
    @Override
-    public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
-        // Make a quick exit if this analyzer is disabled
-        if (!enabled) {
-            return;
-        }
-
+    public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
        try {
            final MavenArtifact ma = searcher.searchSha1(dependency.getSha1sum());
            if (ma.getGroupId() != null && !"".equals(ma.getGroupId())) {
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
@@ -62,7 +62,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
     * @throws Exception if there's an error during initialization
     */
    @Override
-    public void initialize() throws Exception {
+    public void initializeFileTypeAnalyzer() throws Exception {
    }

    /**
@@ -103,7 +103,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
     * @throws AnalysisException when there's an exception during analysis
     */
    @Override
-    public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
+    public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
        LOGGER.log(Level.FINE, "Checking Nuspec file {0}", dependency.toString());
        try {
            final NuspecParser parser = new XPathNuspecParser();