github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-22 09:09:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated to skip custom scripts in executable scripts

Browse Source
This commit is contained in:
Jeremy Long
2016-06-27 19:39:17 -04:00
parent c20892ee3e
commit cc751aa224
1 changed files with 15 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -392,9 +392,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
/** /**
* Checks if the file being scanned is a JAR that begins with '#!/bin' which * Checks if the file being scanned is a JAR that begins with '#!/bin' which
* indicates it is a fully executable jar. If a fully executable JAR is identified * indicates it is a fully executable jar. If a fully executable JAR is
* the input stream will be advanced to the start of the actual JAR file ( * identified the input stream will be advanced to the start of the actual
* skipping the script). * JAR file ( skipping the script).
* *
* @see * @see
* <a href="http://docs.spring.io/spring-boot/docs/1.3.0.BUILD-SNAPSHOT/reference/htmlsingle/#deployment-install">Installing * <a href="http://docs.spring.io/spring-boot/docs/1.3.0.BUILD-SNAPSHOT/reference/htmlsingle/#deployment-install">Installing
@@ -416,27 +416,24 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
&& b[5] == 'n' && b[5] == 'n'
&& b[6] == '/') { && b[6] == '/') {
boolean stillLooking = true; boolean stillLooking = true;
int chr; int chr, nxtChr;
CircularFifoBuffer buf = new CircularFifoBuffer(6);
while (stillLooking && (chr = in.read()) != -1) { while (stillLooking && (chr = in.read()) != -1) {
if (chr == '\n' || chr == '\r') { if (chr == '\n' || chr == '\r') {
if ('e' == (Integer) buf.remove() in.mark(4);
&& 'x' == (Integer) buf.remove() if ((chr = in.read()) != -1) {
&& 'i' == (Integer) buf.remove() if (chr == 'P' && (chr = in.read()) != -1) {
&& 't' == (Integer) buf.remove() if (chr == 'K' && (chr = in.read()) != -1) {
&& ' ' == (Integer) buf.remove() if ((chr == 3 || chr == 5 || chr == 7) && (nxtChr = in.read()) != -1) {
&& '0' == (Integer) buf.remove()) { if (nxtChr == chr + 1) {
in.mark(2); stillLooking = false;
if (in.read() == 'P' && in.read() == 'K') { in.reset();
stillLooking = false; }
in.reset(); }
}
} }
} }
} }
buf.add(chr);
} }
} else {
in.reset();
} }
} }
} }