Replaced code with IOUtils.copy.

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java

@@ -28,6 +28,7 @@ import org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream;
 import org.apache.commons.compress.compressors.bzip2.BZip2Utils;
 import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
 import org.apache.commons.compress.compressors.gzip.GzipUtils;
+import org.apache.commons.compress.utils.IOUtils;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException;
@@ -54,10 +55,6 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
      * The logger.
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(ArchiveAnalyzer.class);
-    /**
-     * The buffer size to use when extracting files from the archive.
-     */
-    private static final int BUFFER_SIZE = 4096;
     /**
      * The count of directories created during analysis. This is used for creating temporary directories.
      */
@@ -385,7 +382,6 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
 
     private static void extractAcceptedFile(ArchiveInputStream input, File file) throws AnalysisException {
         LOGGER.debug("Extracting '{}'", file.getPath());
-        BufferedOutputStream bos = null;
         FileOutputStream fos = null;
         try {
             final File parent = file.getParentFile();
@@ -396,13 +392,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
                 }
             }
             fos = new FileOutputStream(file);
-            bos = new BufferedOutputStream(fos, BUFFER_SIZE);
+            IOUtils.copy(input, fos);
-            int count;
-            final byte[] data = new byte[BUFFER_SIZE];
-            while ((count = input.read(data, 0, BUFFER_SIZE)) != -1) {
-                bos.write(data, 0, count);
-            }
-            bos.flush();
         } catch (FileNotFoundException ex) {
             LOGGER.debug("", ex);
             final String msg = String.format("Unable to find file '%s'.", file.getName());
@@ -412,7 +402,6 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
             final String msg = String.format("IO Exception while parsing file '%s'.", file.getName());
             throw new AnalysisException(msg, ex);
         } finally {
-            close(bos);
             close(fos);
         }
     }
@@ -429,11 +418,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
         FileOutputStream out = null;
         try {
             out = new FileOutputStream(outputFile);
-            final byte[] buffer = new byte[BUFFER_SIZE];
+            IOUtils.copy(inputStream, out);
-            int n; // = 0
-            while (-1 != (n = inputStream.read(buffer))) {
-                out.write(buffer, 0, n);
-            }
         } catch (FileNotFoundException ex) {
             LOGGER.debug("", ex);
             throw new ArchiveExtractionException(ex);

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java

@@ -42,6 +42,7 @@ import java.util.jar.JarFile;
 import java.util.jar.Manifest;
 import java.util.regex.Pattern;
 import java.util.zip.ZipEntry;
+import org.apache.commons.compress.utils.IOUtils;
 import org.jsoup.Jsoup;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
@@ -69,10 +70,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
      * The logger.
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(JarAnalyzer.class);
-    /**
-     * The buffer size to use when extracting files from the archive.
-     */
-    private static final int BUFFER_SIZE = 4096;
     /**
      * The count of directories created during analysis. This is used for creating temporary directories.
      */
@@ -396,26 +393,18 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
     private Model extractPom(String path, JarFile jar, Dependency dependency) throws AnalysisException {
         InputStream input = null;
         FileOutputStream fos = null;
-        BufferedOutputStream bos = null;
         final File tmpDir = getNextTempDirectory();
         final File file = new File(tmpDir, "pom.xml");
         try {
             final ZipEntry entry = jar.getEntry(path);
             input = jar.getInputStream(entry);
             fos = new FileOutputStream(file);
-            bos = new BufferedOutputStream(fos, BUFFER_SIZE);
+            IOUtils.copy(input, fos);
-            int count;
-            final byte[] data = new byte[BUFFER_SIZE];
-            while ((count = input.read(data, 0, BUFFER_SIZE)) != -1) {
-                bos.write(data, 0, count);
-            }
-            bos.flush();
             dependency.setActualFilePath(file.getAbsolutePath());
         } catch (IOException ex) {
             LOGGER.warn("An error occurred reading '{}' from '{}'.", path, dependency.getFilePath());
             LOGGER.error("", ex);
         } finally {
-            closeStream(bos);
             closeStream(fos);
             closeStream(input);
         }

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java

@@ -33,6 +33,7 @@ import java.util.zip.ZipInputStream;
 import org.apache.commons.compress.archivers.ArchiveEntry;
 import org.apache.commons.compress.archivers.ArchiveInputStream;
 import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream;
+import org.apache.commons.compress.utils.IOUtils;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException;
@@ -50,10 +51,6 @@ public final class ExtractionUtil {
      * The logger.
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(ExtractionUtil.class);
-    /**
-     * The buffer size to use when extracting files from the archive.
-     */
-    private static final int BUFFER_SIZE = 4096;
 
     /**
      * Private constructor for a utility class.
@@ -108,12 +105,10 @@ public final class ExtractionUtil {
                 } else {
                     final File file = new File(extractTo, entry.getName());
                     if (engine == null || engine.accept(file)) {
-                        BufferedOutputStream bos = null;
+                        FileOutputStream fos = null;
-                        FileOutputStream fos;
                         try {
                             fos = new FileOutputStream(file);
-                            bos = new BufferedOutputStream(fos, BUFFER_SIZE);
+                            IOUtils.copy(zis, fos);
-                            transferUsingBuffer(zis, bos);
                         } catch (FileNotFoundException ex) {
                             LOGGER.debug("", ex);
                             final String msg = String.format("Unable to find file '%s'.", file.getName());
@@ -123,7 +118,7 @@ public final class ExtractionUtil {
                             final String msg = String.format("IO Exception while parsing file '%s'.", file.getName());
                             throw new ExtractionException(msg, ex);
                         } finally {
-                            closeStream(bos);
+                            closeStream(fos);
                         }
                     }
                 }
@@ -225,13 +220,11 @@ public final class ExtractionUtil {
         if (filter.accept(file.getParentFile(), file.getName())) {
             LOGGER.debug("Extracting '{}'",
                     file.getPath());
-            BufferedOutputStream bos = null;
             FileOutputStream fos = null;
             try {
                 createParentFile(file);
                 fos = new FileOutputStream(file);
-                bos = new BufferedOutputStream(fos, BUFFER_SIZE);
+                IOUtils.copy(input, fos);
-                transferUsingBuffer(input, bos);
             } catch (FileNotFoundException ex) {
                 LOGGER.debug("", ex);
                 final String msg = String.format("Unable to find file '%s'.",
@@ -244,29 +237,11 @@ public final class ExtractionUtil {
                                 file.getName());
                 throw new ExtractionException(msg, ex);
             } finally {
-                closeStream(bos);
                 closeStream(fos);
             }
         }
     }
 
-    /**
-     * Transfers data from one stream to another using a buffer.
-     *
-     * @param input the input stream
-     * @param bos the output stream
-     * @throws IOException thrown if there is an error reading/writing to the streams
-     */
-    private static void transferUsingBuffer(InputStream input,
-            BufferedOutputStream bos) throws IOException {
-        int count;
-        final byte[] data = new byte[BUFFER_SIZE];
-        while ((count = input.read(data, 0, BUFFER_SIZE)) != -1) {
-            bos.write(data, 0, count);
-        }
-        bos.flush();
-    }
-
     /**
      * Closes the stream.
      *