From ab2e5f31c893fbbb6021d9865806df471f16b126 Mon Sep 17 00:00:00 2001 From: Richard Mealing Date: Thu, 17 Aug 2017 19:54:13 +0100 Subject: [PATCH 1/4] catch IOExceptions when parsing jar manifest --- .../dependencycheck/analyzer/JarAnalyzer.java | 35 +++++++++---------- .../analyzer/JarAnalyzerTest.java | 19 ++++++---- 2 files changed, 28 insertions(+), 26 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 851ed70ba..5f99e0415 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -223,23 +223,19 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { */ @Override public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { - try { - final List classNames = collectClassNames(dependency); - final String fileName = dependency.getFileName().toLowerCase(); - if (classNames.isEmpty() - && (fileName.endsWith("-sources.jar") - || fileName.endsWith("-javadoc.jar") - || fileName.endsWith("-src.jar") - || fileName.endsWith("-doc.jar"))) { - engine.getDependencies().remove(dependency); - } - final boolean hasManifest = parseManifest(dependency, classNames); - final boolean hasPOM = analyzePOM(dependency, classNames, engine); - final boolean addPackagesAsEvidence = !(hasManifest && hasPOM); - analyzePackageNames(classNames, dependency, addPackagesAsEvidence); - } catch (IOException ex) { - throw new AnalysisException("Exception occurred reading the JAR file (" + dependency.getFileName() + ").", ex); + final List classNames = collectClassNames(dependency); + final String fileName = dependency.getFileName().toLowerCase(); + if (classNames.isEmpty() + && (fileName.endsWith("-sources.jar") + || fileName.endsWith("-javadoc.jar") + || fileName.endsWith("-src.jar") + || fileName.endsWith("-doc.jar"))) { + engine.getDependencies().remove(dependency); } + final boolean hasManifest = parseManifest(dependency, classNames); + final boolean hasPOM = analyzePOM(dependency, classNames, engine); + final boolean addPackagesAsEvidence = !(hasManifest && hasPOM); + analyzePackageNames(classNames, dependency, addPackagesAsEvidence); } /** @@ -587,10 +583,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @param dependency A reference to the dependency * @param classInformation a collection of class information * @return whether evidence was identified parsing the manifest - * @throws IOException if there is an issue reading the JAR file */ - protected boolean parseManifest(Dependency dependency, List classInformation) - throws IOException { + protected boolean parseManifest(Dependency dependency, List classInformation) { boolean foundSomething = false; try (JarFile jar = new JarFile(dependency.getActualFilePath())) { final Manifest manifest = jar.getManifest(); @@ -747,6 +741,9 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { foundSomething = true; versionEvidence.addEvidence(source, "specification-version", specificationVersion, Confidence.HIGH); } + } catch (IOException ex) { + LOGGER.warn("Unable to read JarFile '{}'.", dependency.getActualFilePath()); + LOGGER.trace("", ex); } return foundSomething; } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java index df9931548..948df73c4 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java @@ -17,24 +17,22 @@ */ package org.owasp.dependencycheck.analyzer; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - import java.io.File; import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; +import org.owasp.dependencycheck.analyzer.JarAnalyzer.ClassNameInformation; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; import org.owasp.dependencycheck.utils.Settings; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + /** * @author Jeremy Long */ @@ -176,4 +174,11 @@ public class JarAnalyzerTest extends BaseTest { List results = instance.getPackageStructure(); assertEquals(expected, results); } + + @Test + public void testParseManifest_CatchesIOException() { + Dependency dependency = new Dependency(); + dependency.setActualFilePath("doesNotExist"); + assertFalse(new JarAnalyzer().parseManifest(dependency, new ArrayList())); + } } From e7055c8a38973f913353ff97811ee57256fe24e0 Mon Sep 17 00:00:00 2001 From: Richard Mealing Date: Fri, 18 Aug 2017 09:55:19 +0100 Subject: [PATCH 2/4] increased test robustness --- .../java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java | 1 + 1 file changed, 1 insertion(+) diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java index 948df73c4..2a69b01d9 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java @@ -179,6 +179,7 @@ public class JarAnalyzerTest extends BaseTest { public void testParseManifest_CatchesIOException() { Dependency dependency = new Dependency(); dependency.setActualFilePath("doesNotExist"); + assertFalse(new File(dependency.getActualFilePath()).exists()); assertFalse(new JarAnalyzer().parseManifest(dependency, new ArrayList())); } } From 6d7f7d8e421408b4c743993efea77368c72b2063 Mon Sep 17 00:00:00 2001 From: Richard Mealing Date: Fri, 18 Aug 2017 13:44:53 +0100 Subject: [PATCH 3/4] updated error message to be more representative --- .../java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 5f99e0415..37c1e177a 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -742,7 +742,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { versionEvidence.addEvidence(source, "specification-version", specificationVersion, Confidence.HIGH); } } catch (IOException ex) { - LOGGER.warn("Unable to read JarFile '{}'.", dependency.getActualFilePath()); + LOGGER.warn("Unable to read dependency file '{}'", dependency.getActualFilePath()); LOGGER.trace("", ex); } return foundSomething; From 5d87dc2942c9319eca3533d8a7b54a84be411d2d Mon Sep 17 00:00:00 2001 From: Richard Mealing Date: Mon, 21 Aug 2017 13:51:45 +0100 Subject: [PATCH 4/4] change to skip and remove macOS metadata and non-zip files --- .../dependencycheck/analyzer/JarAnalyzer.java | 118 +++++++++++++++--- .../analyzer/JarAnalyzerTest.java | 34 +++-- .../src/test/resources/._avro-ipc-1.5.0.jar | Bin 0 -> 226 bytes .../src/test/resources/avro-ipc-1.5.0.jar | Bin 0 -> 7736 bytes .../resources/textFileWithJarExtension.jar | 1 + 5 files changed, 127 insertions(+), 26 deletions(-) create mode 100644 dependency-check-core/src/test/resources/._avro-ipc-1.5.0.jar create mode 100644 dependency-check-core/src/test/resources/avro-ipc-1.5.0.jar create mode 100644 dependency-check-core/src/test/resources/textFileWithJarExtension.jar diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 37c1e177a..db54d1ab6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -19,12 +19,14 @@ package org.owasp.dependencycheck.analyzer; import java.io.File; import java.io.FileFilter; +import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.Reader; import java.io.UnsupportedEncodingException; +import java.nio.file.Paths; import java.util.ArrayList; import java.util.Arrays; import java.util.Enumeration; @@ -42,6 +44,7 @@ import java.util.jar.JarFile; import java.util.jar.Manifest; import java.util.regex.Pattern; import java.util.zip.ZipEntry; + import org.apache.commons.compress.utils.IOUtils; import org.apache.commons.io.FilenameUtils; import org.apache.commons.lang3.StringUtils; @@ -53,11 +56,11 @@ import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.EvidenceCollection; import org.owasp.dependencycheck.exception.InitializationException; import org.owasp.dependencycheck.utils.FileFilterBuilder; -import org.owasp.dependencycheck.xml.pom.License; -import org.owasp.dependencycheck.xml.pom.PomUtils; -import org.owasp.dependencycheck.xml.pom.Model; import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.Settings; +import org.owasp.dependencycheck.xml.pom.License; +import org.owasp.dependencycheck.xml.pom.Model; +import org.owasp.dependencycheck.xml.pom.PomUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -168,6 +171,21 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { */ private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build(); + /** + * The expected first bytes when reading a zip file. + */ + private static final byte[] ZIP_FIRST_BYTES = new byte[]{0x50, 0x4B, 0x03, 0x04}; + + /** + * The expected first bytes when reading an empty zip file. + */ + private static final byte[] ZIP_EMPTY_FIRST_BYTES = new byte[]{0x50, 0x4B, 0x05, 0x06}; + + /** + * The expected first bytes when reading a spanned zip file. + */ + private static final byte[] ZIP_SPANNED_FIRST_BYTES = new byte[]{0x50, 0x4B, 0x07, 0x08}; + // // /** @@ -223,19 +241,82 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { */ @Override public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { - final List classNames = collectClassNames(dependency); - final String fileName = dependency.getFileName().toLowerCase(); - if (classNames.isEmpty() - && (fileName.endsWith("-sources.jar") - || fileName.endsWith("-javadoc.jar") - || fileName.endsWith("-src.jar") - || fileName.endsWith("-doc.jar"))) { - engine.getDependencies().remove(dependency); + try { + final List classNames = collectClassNames(dependency); + final String fileName = dependency.getFileName().toLowerCase(); + if (classNames.isEmpty() + && (fileName.endsWith("-sources.jar") + || fileName.endsWith("-javadoc.jar") + || fileName.endsWith("-src.jar") + || fileName.endsWith("-doc.jar") + || isMacOSMetaDataFile(dependency, engine)) + || !isZipFile(dependency)) { + engine.getDependencies().remove(dependency); + return; + } + final boolean hasManifest = parseManifest(dependency, classNames); + final boolean hasPOM = analyzePOM(dependency, classNames, engine); + final boolean addPackagesAsEvidence = !(hasManifest && hasPOM); + analyzePackageNames(classNames, dependency, addPackagesAsEvidence); + } catch (IOException ex) { + throw new AnalysisException("Exception occurred reading the JAR file (" + dependency.getFileName() + ").", ex); } - final boolean hasManifest = parseManifest(dependency, classNames); - final boolean hasPOM = analyzePOM(dependency, classNames, engine); - final boolean addPackagesAsEvidence = !(hasManifest && hasPOM); - analyzePackageNames(classNames, dependency, addPackagesAsEvidence); + } + + /** + * Checks if the given dependency appears to be a macOS metadata file, returning true if its filename starts with a + * ._ prefix and if there is another dependency with the same filename minus the ._ prefix, otherwise it returns + * false. + * + * @param dependency the dependency to check if it's a macOS metadata file + * @param engine the engine that is scanning the dependencies + * @return whether or not the given dependency appears to be a macOS metadata file + */ + private boolean isMacOSMetaDataFile(final Dependency dependency, final Engine engine) { + final String fileName = Paths.get(dependency.getActualFilePath()).getFileName().toString(); + return fileName.startsWith("._") && hasDependencyWithFilename(engine.getDependencies(), fileName.substring(2)); + } + + /** + * Iterates through the given list of dependencies and returns true when it finds a dependency with a filename + * matching the given filename, otherwise returns false. + * + * @param dependencies the dependencies to search within + * @param fileName the filename to search for + * @return whether or not the given dependencies contain a dependency with the given filename + */ + private boolean hasDependencyWithFilename(final List dependencies, final String fileName) { + for (final Dependency dependency : dependencies) { + if (Paths.get(dependency.getActualFilePath()).getFileName().toString().toLowerCase() + .equals(fileName.toLowerCase())) { + return true; + } + } + return false; + } + + /** + * Attempts to read the first bytes of the given dependency (using its actual file path) and returns true if they + * match the expected first bytes of a zip file, which may be empty or spanned. If they don't match, or if the file + * could not be read, then it returns false. + * + * @param dependency the dependency to check if it's a zip file + * @return whether or not the given dependency appears to be a zip file from its first bytes + */ + private boolean isZipFile(final Dependency dependency) { + final byte[] buffer = new byte[4]; + try (final FileInputStream fileInputStream = new FileInputStream(dependency.getActualFilePath())) { + fileInputStream.read(buffer); + if (Arrays.equals(buffer, ZIP_FIRST_BYTES) || Arrays.equals(buffer, ZIP_EMPTY_FIRST_BYTES) || + Arrays.equals(buffer, ZIP_SPANNED_FIRST_BYTES)) { + return true; + } + } + catch (Exception e) { + LOGGER.warn("Unable to check if '{}' is a zip file", dependency.getActualFilePath()); + LOGGER.trace("", e); + } + return false; } /** @@ -583,8 +664,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @param dependency A reference to the dependency * @param classInformation a collection of class information * @return whether evidence was identified parsing the manifest + * @throws IOException if there is an issue reading the JAR file */ - protected boolean parseManifest(Dependency dependency, List classInformation) { + protected boolean parseManifest(Dependency dependency, List classInformation) + throws IOException { boolean foundSomething = false; try (JarFile jar = new JarFile(dependency.getActualFilePath())) { final Manifest manifest = jar.getManifest(); @@ -741,9 +824,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { foundSomething = true; versionEvidence.addEvidence(source, "specification-version", specificationVersion, Confidence.HIGH); } - } catch (IOException ex) { - LOGGER.warn("Unable to read dependency file '{}'", dependency.getActualFilePath()); - LOGGER.trace("", ex); } return foundSomething; } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java index 2a69b01d9..4d9684f3d 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java @@ -20,17 +20,18 @@ package org.owasp.dependencycheck.analyzer; import java.io.File; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.List; +import org.apache.commons.io.FileUtils; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; -import org.owasp.dependencycheck.analyzer.JarAnalyzer.ClassNameInformation; +import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; import org.owasp.dependencycheck.utils.Settings; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; /** @@ -176,10 +177,29 @@ public class JarAnalyzerTest extends BaseTest { } @Test - public void testParseManifest_CatchesIOException() { - Dependency dependency = new Dependency(); - dependency.setActualFilePath("doesNotExist"); - assertFalse(new File(dependency.getActualFilePath()).exists()); - assertFalse(new JarAnalyzer().parseManifest(dependency, new ArrayList())); + public void testAnalyzeDependency_SkipsMacOSMetaDataFile() throws Exception { + JarAnalyzer instance = new JarAnalyzer(); + Dependency macOSMetaDataFile = new Dependency(); + macOSMetaDataFile + .setActualFilePath(FileUtils.getFile("src", "test", "resources", "._avro-ipc-1.5.0.jar").getAbsolutePath()); + macOSMetaDataFile.setFileName("._avro-ipc-1.5.0.jar"); + Dependency actualJarFile = new Dependency(); + actualJarFile.setActualFilePath(BaseTest.getResourceAsFile(this, "avro-ipc-1.5.0.jar").getAbsolutePath()); + actualJarFile.setFileName("avro-ipc-1.5.0.jar"); + Engine engine = new Engine(); + engine.setDependencies(Arrays.asList(macOSMetaDataFile, actualJarFile)); + instance.analyzeDependency(macOSMetaDataFile, engine); + } + + @Test + public void testAnalyseDependency_SkipsNonZipFile() throws Exception { + JarAnalyzer instance = new JarAnalyzer(); + Dependency textFileWithJarExtension = new Dependency(); + textFileWithJarExtension + .setActualFilePath(BaseTest.getResourceAsFile(this, "textFileWithJarExtension.jar").getAbsolutePath()); + textFileWithJarExtension.setFileName("textFileWithJarExtension.jar"); + Engine engine = new Engine(); + engine.setDependencies(Collections.singletonList(textFileWithJarExtension)); + instance.analyzeDependency(textFileWithJarExtension, engine); } } diff --git a/dependency-check-core/src/test/resources/._avro-ipc-1.5.0.jar b/dependency-check-core/src/test/resources/._avro-ipc-1.5.0.jar new file mode 100644 index 0000000000000000000000000000000000000000..1765527a05af6b4daa019b3d4001b74e065be9a3 GIT binary patch literal 226 zcmZQz6=P>$Vqox1Ojhs@R)|o50+1L3ClDI}@dh9U@gD&(5x_AdBnYYuq+J^qI7A5ADWagzZ6zUro7#Lccnk5-oq^25KyXWVp=cL9|7#TQc x6y@ipf^=A07`Zt*nphg^8acZ->zbIl8R$A$Iy>pQx|tgp7?>HlIhh+W007rvB+dW; literal 0 HcmV?d00001 diff --git a/dependency-check-core/src/test/resources/avro-ipc-1.5.0.jar b/dependency-check-core/src/test/resources/avro-ipc-1.5.0.jar new file mode 100644 index 0000000000000000000000000000000000000000..72fd9df608ff05014bd2acff562fa110ac716aca GIT binary patch literal 7736 zcmb7p1yo#1)^+31xVvl6;2PYeacwj>!QF$qI|K*`1PdCVaSiSg2m}f4?gabE%)FP( zd-MIXrh46byH}sRZ`ED5YM)bEMF9pD2>97RnpVR9`0}q4($iH*N<)lA4kXQ{@~<#N zfYMXg4f}d__tW2bPyhhV?_o+}AUSC%bq!V}>CiX>0vMGb^e|}XFgtVrz>paL!1#UCigFTCAa$ulJ+RAsFRuSp z<*aj|x;1=Z4wp6YR%G>hSh<9?WTQP@ayV@jMLm2~KPyGl{l$y)*1!TYj~`k}h1_!c zb2VG1IY-$&$R~~MQfxyxSVwLp0!4;GXX_#YP8}- zxqqWwd3k%UKgr`_T3<=DG}!7LhDq?1LZe*pMS!#YL)R}E=Z&YZeJ?mQC9G#r8EAT@zj4oNS7a9NkFw*$sdtenIF6`r)r z8c10VBqvg9>X=%tH`VU^G+A4|(?au@H@j!j=j{2p(bJN7XCfZLi@`onI{r4*75V%DdIATgDn&TOtUENo-WcAKuZtKAB%3kQ z;z!W|_lt{x*;b*^^2p5RKaW;n5 z;{Xe5EvR=ptuzoZ6<=ynfy#W1GDq|n{|K^P#)YVb(8j9oJI?8WP<*cfhya<^)4_Dw zFL8pceRC1v@OXH9p)r?6ym-7!bT(3gWhwU*W{0^_aHn)v5K}X|&ejJhQ?Vkp5U^gO-4>NYAkV{~m6wAi2B=1@sjl2}z^H zjimaRI8jV5|IRI?B>C%is+3!z*E4H<{21yy^K3-p^!mjgRMByGPLO&WH!@`t%w~CN zf&Q=MZ>SWapj5wi%qRue@!A6fg*;)G#3rP&lD&m-t*EG!TA!YpPa6)eW?C5HeZ55-s*>eS2$%s7;BSY<+A_pl;(c|K6z&}b8yVxR zOKT6PSQT}CFr&O}UY%3Jsb=~P^PnIAMYRi$&nx;&Oi$|*6|OS^Z}H3q1{$}AhK{&= zY2pKtyNH&s1ykay4QVzGf=o#<3%gok#|39sjScI*wByOC{`e5j60VXy6?A7(D-XNA@}}{ zF}2)MV)pEFqfOou_3$)BJl4kw^l1< zKRV9WpIis(Mqc#yO!w{1Sj$R!fWQiKGIcCSX@1NcMKp+E0U1JaOI5XQf1 z_{8exb1o{Jwgh9Z^`&=s@8c2EyCjS_dg_AV-g03yBdAj)ywz~|{q8H7{6nm7##7IXFrgj-5+${ihvM)#(KwW5 ze}5TYfmmnHn#TP@W`#Dc&huS`l_|a^=}=WN?#XeeOU~xt-@=H)y_>*NhhtalDNH0_ zP`8ryD-4mQ-pF9{3e%fsZ3e`zu#ee|YP&)C;kteH^%LssNnbCr&%3+(eZcOM% zb8)JOjw%TDoSpfWI%JKo*3`B<(EX|;l=*>=ywz07^A@Zt$`rbZdXyZpz;dl;m(F%X z+mQ`z2>agHyZfOn>&bB#*5EJr(`)`P3#BU&hkTwrmK%93@DhjfL`i}iAcZ+$`5Zuh~p_nw_Q+5uG2G!^DPs^ z1~tPFSu_ZR=(3VIN6|_gPvk%f7hkNVX@j)R+a2!4r)#E1?oSUcP?ClrBE>@$FbNpVo&-kH@3@C zm*s(cCp-rcEh$9(CS{3DZVuRu$m56oB}J^yY|reSoJOOi+qE#lnOwq#*9%fnBm?^F z&ZI^q++&Tl>YkER^JVY3l%Xql%Q6jeb08+-HegPdVqA;uBq4nJ4ceB=_;c!N6|AiB zTT%~`2%{p4(L1H}K=2OVdN3IkcV)jy;qLVURkwhm#aXp&e`(ii@V>`s#Bc%ZbZclE z4K@(c1|zd>`Q9JcN38jw$;KAOE=N)kfOq&9BpA;gi$W4cU>sI6AUVajotc3!d&2iH z`&@YuoXxGe%NPNftja~|m{?|Vfdigw^=tMfW=qcqm^4}v_!1rDG;+LTpEF1-8M9I^ zs4Xec6%v|=TAymnkf%YfA1(Bf3rwCbmBWoIBeoon{J^-RaKR z>!~cSEGZicsLxaxOg1%IPlP`70y12t^o$T=lQ9-RKejS-@kB9;{1e@U!{3b4BCB zB;)O6rWRJ;NbOm34pm>J^ZTOF^++AnEo_Iej-~5(!HvJQr+A?Q z?>jwSh3y&w5+tq*dBcpDM@dfTYBO(TZ1katdDYH?op7UfV9avuJ}44;^qjbrQe0-x z&WQ~3h@~qHrY&%J+x^bh|G7745CP3RXoyIO_%;&Is0DEr%vo96J(d^s=I^)w9?jIu zTgoy}KzvgJV8bk%JSn$A;X`^eiMM0dY=%5Gb$U$8d%IeZ~lf2%^UB1tj2d#o|{S- zEpQ#nBL|(tObCI&P7$#8o)}x^-6l%2OBDpN{ADARXdEIqX7kALO>yKjm0dbj;gGc|xnm5Divn_(tUR z<&oW^;dqoD98V{4VVKtNhj#Lga-aj11wawo>(uW!eDM_KVm6v)-du%nMJfe)Plr?6?4 zOIxztuGJg)>G6tVpmFbX=0syH3#BT>*NLcSIWn)N>@weyz|cu($Bi(et42>Xo@_1; zNDGWZu_V|M4crMw_r~x@8}J2GYHRCgkF~kBB1(e~n8)yz?`~;Kct856@ zx0-k2-od#t^=0joYr?XnWtLfC%8Bh5jI76j*P|O7R}56=)QGV9ZFko~p)fgma;yX%dK6W3A3V$Qo{K{O++d3TchH#^0`zJ>+oWB*%UMeRu3q z2)+v}BDj8(ZHGCbt0_;-D#i%PwnFVjAt|4a!*CQu%42rzbGW>*mRsFBJl8+Ne}ww? z(!3eb!o>5bBrke8o+|WT`xYQ&ji=(=Z@3!R^&BH$++5l^BTMHQUX1uK`sVT4WOyBVtpUGt-Y-b*w5FSzAy@fxz)-W_05kf520`Uy5`AnEAPs|Q zld6rsCu3noNV`mA*K13O!-ppHkxdA8+P4~VWxxG7CS{ro70?3s_fGDpNC0)5I9-9IrV$%m)^}T`TCByn|&cggV3ZWO`;dMf}(x~<9iQebSpXsU6A>50V0e+3f@XChFzho{6b(bxWGw2PnVz5L}2Ze z9%0a{t4&j50ebiHkMnhlJEx-wGwFv%Jhh54>-@q<#*75oVMUH@o-oI@0*wtVhWc2y z(_}t0L{80=ZjV)tvW7?2F(qQLB4dRzEQ6`Mej~K+hb7XO1`lJj?E2}3eYoOs(0mj~ zlV-j~yu-lco(z`l{}_JlkUc22A8I&9Dz#{{h2*>XLCguNQv&&A{XFKbwkNJRB9BwK z*m?#;pygd!R}3E9;edR4d?&-z+yiEj#bd>29Xq`!B{q2F%mmY~Bgj+X07(&tTBddV z4Q;QFvmsviaTeGI{j6yd4Zd%%r&}z+_#%xfW=P&Vsc38_;blsAd<84#PS>4fW^z@*j5e60z;r*V`q z(y@gTaYE?xn@R8P?;AE4E6yXG6uZ*^#`FqZhQWC;9 z8TcIE=p@w2qAT3V%M)g6tCb(ad^>eaqR4HwS|5u74rk@;O;jD}w1RH5;j%~QZy(lh ztTdf=6m_sC#7UCM)+%m)L|bu@w1K3bUiMv|kX4^Yd$HLjBL|~eG4P1HfN<;SzD1jr zcc63yi1+qzx2S|1%!t$pGrslw%|b1#_YRl8Fo8kpKGd=PY;mqDq!R`l(ITp{C2l^; zo>-X8zt%KxIds&;Ho`L%>m#V))&dH-?T`wB9(`XQjvOH{ zbDl6Fx2)%PTEKQ3_ASNzavwk+`G7{qtK^fc!d#>bY`evsqsimjF+-%U$Q3l&4R>5J zOjv2}xQ$d8frUKK4M2EYIi1|1jkcWzXp2})u(2CC2zy=_#O=BPVOEo>k45}DTurx~5NYsd)+PuVa=R zMtPa&@%i}2i%wbwDmaW1Svp*u6j@;Yb=h+(1t!TZEVzWg=ijJlU>R2Wl6SUOqlUeJ zG@DHVArsmQ%*+Y8j!If;_Y#|kJ*ye>qZIcH`3hcM{qEHx1>v6wB)w*D9z(3U`k9?Kp7f_ z##Kh$kE$kRsGI9dN40GRi4DB)EEZcIetvFgPA56qY#)+I?KAnn95XP+U{J0_#&qMY zMq4Wvzhtc1x03pbf1dh^3a-3b#RynY)l!3M!p{*ki{e#iYyL)?r`T4AL+4pptt=>_ zLeRmaiPQ#pX8dz)Gnx(uT?8k}0E27)(Pu}TT%Clm{2lV-+h;dIEzQJnMfo2S6c77* z%zXK?p6V2RgXER#z&m~-qg;#*XA=^gtwDMvH2$ZHuZjmXS)0oBnVj;J~ zFZcbkSd#VB^~uWTmJZ9P{Vrs$NVTQw&(9nWW+`+T&mTM77{@qi>MkIqI`|qDT;f&eM2V(^x!wgD!NowVJ zPSuDX%j0jf_Dw`^jukBi%iyY^G4NnIjk^tkr|60uen65$9>7fFA6b-JUmm6#x3lFW z)qB=$lo-AKW_gyg(+CmZqo1xnku-{(!h(h&`k-_Fh)bwbvU+Q7VY~Jsi2V&dcJYhL zkjKr0c+QeKdP7u(Hti0*FAB2e-9|{?1X}UxYgjjIm1=^DPA)lK=@u8OdiPBdFuV9> zQ{7q2!s}^l11_Aqb^z^vlFwd_>!)XDdX}t*`AEr5$u6 zG*ZS?UhQW!Yt^3d6)#a{vkD#BZ6X&^$^t}!Gob2OQ9#3!ZF_HI({>HOcI7a}-21C} z2y_-^G*jump4m-oH<}PKIP!L?Eum*P^JA@L@+o-i`zQAGL2ITsnErg-Ujpu9^7{IO z?RaiI&-q2$OBXk^Ue6An&YfiCj#d>gjL}C`e!0|U8;_hp?dtm&KN(MjoQ!WlFAw8z zlvqFgh;7$I#B28<-ZoNcSK?e^7KzYbg5%PcK3~EyTpZL!$LUj*zC>A;8eDb}q1UU$c)cN!bDToama>)|)Q1v}DG_?6UGdF!WD&i3ix`5#w1M`s5|b7xm; za~E}Y^F0(&1 z`JW8~@c4N2WHtVI|34J^kB9en@K25Y1txjQxc>tFyJG*}WIr|g7n$yVC;Lso|6u*k z8vX}wLEzi}f%RXC{_Ei(0{+vK`9&T}^k2vSXP1AH|C&H53UKg0d4Nx!S!e)2p7`gl F{|C~mdFTKD literal 0 HcmV?d00001 diff --git a/dependency-check-core/src/test/resources/textFileWithJarExtension.jar b/dependency-check-core/src/test/resources/textFileWithJarExtension.jar new file mode 100644 index 000000000..9e15767b1 --- /dev/null +++ b/dependency-check-core/src/test/resources/textFileWithJarExtension.jar @@ -0,0 +1 @@ +text file with jar extension \ No newline at end of file