github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-19 07:44:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

improved the abstract base class to support enabling/disabling each FileTypeAnalyzer

Browse Source 
Former-commit-id: 9dd07ede35cdf2b5b4babb7d577f30d338c0af3c
This commit is contained in:
Jeremy Long
2014-03-17 00:08:04 -04:00
parent d6266c36bf
commit c85b547502
7 changed files with 111 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
View File

@@ -22,8 +22,12 @@ import java.util.Collections;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
import java.util.logging.Level; import java.util.logging.Level;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
/** /**
* The base FileTypeAnalyzer that all analyzers that have specific file types they analyze should extend.
* *
* @author Jeremy Long <jeremy.long@owasp.org> * @author Jeremy Long <jeremy.long@owasp.org>
*/ */
@@ -46,20 +50,48 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
protected abstract Set<String> getSupportedExtensions(); protected abstract Set<String> getSupportedExtensions();
/** /**
* Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a * Initializes the file type analyzer.
* final static declaration.<br/><br/>
* *
* This implementation was copied from * @throws Exception thrown if there is an exception during initialization
* http://stackoverflow.com/questions/2041778/initialize-java-hashset-values-by-construction
*
* @param strings a list of strings to add to the set.
* @return a Set of strings.
*/ */
protected static Set<String> newHashSet(String... strings) { protected abstract void initializeFileTypeAnalyzer() throws Exception;
final Set<String> set = new HashSet<String>();
Collections.addAll(set, strings); /**
return set; * Initializes the analyzer.
*
* @throws Exception thrown if there is an exception during initialization
*/
public final void initialize() throws Exception {
if (filesMatched) {
initializeFileTypeAnalyzer();
} else {
enabled = false;
}
}
/**
* Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
* @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
protected abstract void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException;
/**
* Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
* scanned, and added to the list of dependencies within the engine.
*
* @param dependency the dependency to analyze
* @param engine the engine scanning
* @throws AnalysisException thrown if there is an analysis exception
*/
@Override
public final void analyze(Dependency dependency, Engine engine) throws AnalysisException {
if (enabled) {
analyzeFileType(dependency, engine);
}
} }
/** /**
@@ -89,21 +121,59 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
private boolean filesMatched = false; private boolean filesMatched = false;
/** /**
* Get the value of filesMatched * Get the value of filesMatched. A flag indicating whether the scan included any file types this analyzer supports.
* *
* @return the value of filesMatched * @return the value of filesMatched
*/ */
public boolean isFilesMatched() { protected boolean isFilesMatched() {
return filesMatched; return filesMatched;
} }
/** /**
* Set the value of filesMatched * Set the value of filesMatched. A flag indicating whether the scan included any file types this analyzer supports.
* *
* @param filesMatched new value of filesMatched * @param filesMatched new value of filesMatched
*/ */
public void setFilesMatched(boolean filesMatched) { protected void setFilesMatched(boolean filesMatched) {
this.filesMatched = filesMatched; this.filesMatched = filesMatched;
} }
private boolean enabled = true;
/**
* Get the value of enabled
*
* @return the value of enabled
*/
public boolean isEnabled() {
return enabled;
}
/**
* Set the value of enabled
*
* @param enabled new value of enabled
*/
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
/**
* <p>
* Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a
* final static declaration.</p>
*
* <p>
* This implementation was copied from
* http://stackoverflow.com/questions/2041778/initialize-java-hashset-values-by-construction</p>
*
* @param strings a list of strings to add to the set.
* @return a Set of strings.
*/
protected static Set<String> newHashSet(String... strings) {
final Set<String> set = new HashSet<String>();
Collections.addAll(set, strings);
return set;
}
} }

10
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -53,7 +53,7 @@ import org.owasp.dependencycheck.utils.Settings;
* *
* @author Jeremy Long <jeremy.long@owasp.org> * @author Jeremy Long <jeremy.long@owasp.org>
*/ */
public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer { public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
/** /**
* The buffer size to use when extracting files from the archive. * The buffer size to use when extracting files from the archive.
@@ -140,11 +140,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer implements Analyze
* @throws Exception is thrown if there is an exception deleting or creating temporary files * @throws Exception is thrown if there is an exception deleting or creating temporary files
*/ */
@Override @Override
public void initialize() throws Exception { public void initializeFileTypeAnalyzer() throws Exception {
super.initialize();
if (!isFilesMatched()) {
return;
}
final File baseDir = Settings.getTempDirectory(); final File baseDir = Settings.getTempDirectory();
if (!baseDir.exists()) { if (!baseDir.exists()) {
if (!baseDir.mkdirs()) { if (!baseDir.mkdirs()) {
@@ -189,7 +185,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer implements Analyze
* @throws AnalysisException thrown if there is an analysis exception * @throws AnalysisException thrown if there is an analysis exception
*/ */
@Override @Override
public void analyze(Dependency dependency, Engine engine) throws AnalysisException { public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
final File f = new File(dependency.getActualFilePath()); final File f = new File(dependency.getActualFilePath());
final File tmpDir = getNextTempDirectory(); final File tmpDir = getNextTempDirectory();
extractFiles(f, tmpDir, engine); extractFiles(f, tmpDir, engine);

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
View File

@@ -101,7 +101,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
* @throws AnalysisException if anything goes sideways * @throws AnalysisException if anything goes sideways
*/ */
@Override @Override
public void analyze(Dependency dependency, Engine engine) public void analyzeFileType(Dependency dependency, Engine engine)
throws AnalysisException { throws AnalysisException {
if (grokAssemblyExe == null) { if (grokAssemblyExe == null) {
LOG.warning("GrokAssembly didn't get deployed"); LOG.warning("GrokAssembly didn't get deployed");
@@ -156,11 +156,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
* @throws Exception if anything goes wrong * @throws Exception if anything goes wrong
*/ */
@Override @Override
public void initialize() throws Exception { public void initializeFileTypeAnalyzer() throws Exception {
super.initialize();
if (!isFilesMatched()) {
return; //no work to do, so don't initialize
}
final File tempFile = File.createTempFile("GKA", ".exe", Settings.getTempDirectory()); final File tempFile = File.createTempFile("GKA", ".exe", Settings.getTempDirectory());
FileOutputStream fos = null; FileOutputStream fos = null;
InputStream is = null; InputStream is = null;

11
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -79,7 +79,7 @@ import org.xml.sax.XMLReader;
* *
* @author Jeremy Long <jeremy.long@owasp.org> * @author Jeremy Long <jeremy.long@owasp.org>
*/ */
public class JarAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer { public class JarAnalyzer extends AbstractFileTypeAnalyzer {
//<editor-fold defaultstate="collapsed" desc="Constants and Member Variables"> //<editor-fold defaultstate="collapsed" desc="Constants and Member Variables">
/** /**
@@ -226,7 +226,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, F
* @throws AnalysisException is thrown if there is an error reading the JAR file. * @throws AnalysisException is thrown if there is an error reading the JAR file.
*/ */
@Override @Override
public void analyze(Dependency dependency, Engine engine) throws AnalysisException { public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
try { try {
final ArrayList<ClassNameInformation> classNames = collectClassNames(dependency); final ArrayList<ClassNameInformation> classNames = collectClassNames(dependency);
final String fileName = dependency.getFileName().toLowerCase(); final String fileName = dependency.getFileName().toLowerCase();
@@ -900,15 +900,12 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, F
private File tempFileLocation = null; private File tempFileLocation = null;
/** /**
* The initialize method does nothing for this Analyzer. * Initializes the JarAnalyzer.
* *
* @throws Exception is thrown if there is an exception creating a temporary directory * @throws Exception is thrown if there is an exception creating a temporary directory
*/ */
@Override @Override
public void initialize() throws Exception { public void initializeFileTypeAnalyzer() throws Exception {
if (!this.isFilesMatched()) {
return; //no files matched, no need to initialize
}
final File baseDir = Settings.getTempDirectory(); final File baseDir = Settings.getTempDirectory();
if (!baseDir.exists()) { if (!baseDir.exists()) {
if (!baseDir.mkdirs()) { if (!baseDir.mkdirs()) {

9
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
View File

@@ -36,7 +36,7 @@ import org.owasp.dependencycheck.dependency.Dependency;
* *
* @author Jeremy Long <jeremy.long@owasp.org> * @author Jeremy Long <jeremy.long@owasp.org>
*/ */
public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer { public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer {
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer"> //<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/** /**
@@ -91,7 +91,7 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer implements Anal
* @throws AnalysisException is thrown if there is an error reading the JavaScript file. * @throws AnalysisException is thrown if there is an error reading the JavaScript file.
*/ */
@Override @Override
public void analyze(Dependency dependency, Engine engine) throws AnalysisException { public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
BufferedReader fin = null;; BufferedReader fin = null;;
try { try {
// /\*([^\*][^/]|[\r\n\f])+?\*/ // /\*([^\*][^/]|[\r\n\f])+?\*/
@@ -118,4 +118,9 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer implements Anal
} }
} }
} }
@Override
protected void initializeFileTypeAnalyzer() throws Exception {
}
} }

30
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
View File

@@ -46,7 +46,7 @@ import org.owasp.dependencycheck.utils.Settings;
* *
* @author colezlaw * @author colezlaw
*/ */
public class NexusAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer { public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
/** /**
* The logger * The logger
@@ -68,11 +68,6 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer,
*/ */
private static final Set<String> SUPPORTED_EXTENSIONS = newHashSet("jar"); private static final Set<String> SUPPORTED_EXTENSIONS = newHashSet("jar");
/**
* Whether this is actually enabled. Will get set during initialization.
*/
private boolean enabled = false;
/** /**
* The Nexus Search to be set up for this analyzer. * The Nexus Search to be set up for this analyzer.
*/ */
@@ -84,28 +79,24 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer,
* @throws Exception if there's an error during initialization * @throws Exception if there's an error during initialization
*/ */
@Override @Override
public void initialize() throws Exception { public void initializeFileTypeAnalyzer() throws Exception {
if (!isFilesMatched()) { setEnabled(Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED));
enabled = false;
return; //no work to do so don't initialize
}
enabled = Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED);
LOGGER.fine("Initializing Nexus Analyzer"); LOGGER.fine("Initializing Nexus Analyzer");
LOGGER.fine(String.format("Nexus Analyzer enabled: %s", enabled)); LOGGER.fine(String.format("Nexus Analyzer enabled: %s", isEnabled()));
if (enabled) { if (isEnabled()) {
final String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL); final String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL);
LOGGER.fine(String.format("Nexus Analyzer URL: %s", searchUrl)); LOGGER.fine(String.format("Nexus Analyzer URL: %s", searchUrl));
try { try {
searcher = new NexusSearch(new URL(searchUrl)); searcher = new NexusSearch(new URL(searchUrl));
if (!searcher.preflightRequest()) { if (!searcher.preflightRequest()) {
LOGGER.warning("There was an issue getting Nexus status. Disabling analyzer."); LOGGER.warning("There was an issue getting Nexus status. Disabling analyzer.");
enabled = false; setEnabled(false);
} }
} catch (MalformedURLException mue) { } catch (MalformedURLException mue) {
// I know that initialize can throw an exception, but we'll // I know that initialize can throw an exception, but we'll
// just disable the analyzer if the URL isn't valid // just disable the analyzer if the URL isn't valid
LOGGER.warning(String.format("Property %s not a valid URL. Nexus Analyzer disabled", searchUrl)); LOGGER.warning(String.format("Property %s not a valid URL. Nexus Analyzer disabled", searchUrl));
enabled = false; setEnabled(false);
} }
} }
} }
@@ -148,12 +139,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer,
* @throws AnalysisException when there's an exception during analysis * @throws AnalysisException when there's an exception during analysis
*/ */
@Override @Override
public void analyze(Dependency dependency, Engine engine) throws AnalysisException { public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
// Make a quick exit if this analyzer is disabled
if (!enabled) {
return;
}
try { try {
final MavenArtifact ma = searcher.searchSha1(dependency.getSha1sum()); final MavenArtifact ma = searcher.searchSha1(dependency.getSha1sum());
if (ma.getGroupId() != null && !"".equals(ma.getGroupId())) { if (ma.getGroupId() != null && !"".equals(ma.getGroupId())) {

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
View File

@@ -62,7 +62,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
* @throws Exception if there's an error during initialization * @throws Exception if there's an error during initialization
*/ */
@Override @Override
public void initialize() throws Exception { public void initializeFileTypeAnalyzer() throws Exception {
} }
/** /**
@@ -103,7 +103,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
* @throws AnalysisException when there's an exception during analysis * @throws AnalysisException when there's an exception during analysis
*/ */
@Override @Override
public void analyze(Dependency dependency, Engine engine) throws AnalysisException { public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
LOGGER.log(Level.FINE, "Checking Nuspec file {0}", dependency.toString()); LOGGER.log(Level.FINE, "Checking Nuspec file {0}", dependency.toString());
try { try {
final NuspecParser parser = new XPathNuspecParser(); final NuspecParser parser = new XPathNuspecParser();