github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-24 18:11:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

patches and test case update for issue #522

Browse Source
This commit is contained in:
Jeremy Long
2016-07-05 09:09:58 -04:00
parent 8272da615e
commit d264d804c8
4 changed files with 39 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
dependency-check-core/pom.xml
View File

@@ -459,6 +459,13 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
<scope>test</scope> <scope>test</scope>
<optional>true</optional> <optional>true</optional>
</dependency> </dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.8</version>
<scope>test</scope>
<optional>true</optional>
</dependency>
</dependencies> </dependencies>
<profiles> <profiles>
<profile> <profile>
@@ -587,13 +594,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
<scope>test</scope> <scope>test</scope>
<optional>true</optional> <optional>true</optional>
</dependency> </dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.2</version>
<scope>test</scope>
<optional>true</optional>
</dependency>
<dependency> <dependency>
<groupId>org.apache.ws.security</groupId> <groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId> <artifactId>wss4j</artifactId>

33
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java
View File

@@ -101,11 +101,11 @@ public final class CpeMemoryIndex {
/** /**
* The search field analyzer for the product field. * The search field analyzer for the product field.
*/ */
private SearchFieldAnalyzer productSearchFieldAnalyzer; private SearchFieldAnalyzer productFieldAnalyzer;
/** /**
* The search field analyzer for the vendor field. * The search field analyzer for the vendor field.
*/ */
private SearchFieldAnalyzer vendorSearchFieldAnalyzer; private SearchFieldAnalyzer vendorFieldAnalyzer;
/** /**
* Creates and loads data into an in memory index. * Creates and loads data into an in memory index.
@@ -148,7 +148,9 @@ public final class CpeMemoryIndex {
* Creates the indexing analyzer for the CPE Index. * Creates the indexing analyzer for the CPE Index.
* *
* @return the CPE Analyzer. * @return the CPE Analyzer.
* @deprecated the search field analyzer must be used to include the token concatenating filter.
*/ */
@Deprecated
private Analyzer createIndexingAnalyzer() { private Analyzer createIndexingAnalyzer() {
final Map<String, Analyzer> fieldAnalyzers = new HashMap<String, Analyzer>(); final Map<String, Analyzer> fieldAnalyzers = new HashMap<String, Analyzer>();
fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer()); fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer());
@@ -163,12 +165,12 @@ public final class CpeMemoryIndex {
private Analyzer createSearchingAnalyzer() { private Analyzer createSearchingAnalyzer() {
final Map<String, Analyzer> fieldAnalyzers = new HashMap<String, Analyzer>(); final Map<String, Analyzer> fieldAnalyzers = new HashMap<String, Analyzer>();
fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer()); fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer());
productSearchFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION); productFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
vendorSearchFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION); vendorFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
fieldAnalyzers.put(Fields.PRODUCT, productSearchFieldAnalyzer); fieldAnalyzers.put(Fields.PRODUCT, productFieldAnalyzer);
fieldAnalyzers.put(Fields.VENDOR, vendorSearchFieldAnalyzer); fieldAnalyzers.put(Fields.VENDOR, vendorFieldAnalyzer);
return new PerFieldAnalyzerWrapper(new FieldAnalyzer(LuceneUtils.CURRENT_VERSION), fieldAnalyzers); return new PerFieldAnalyzerWrapper(new KeywordAnalyzer(), fieldAnalyzers);
} }
/** /**
@@ -206,7 +208,7 @@ public final class CpeMemoryIndex {
Analyzer analyzer = null; Analyzer analyzer = null;
IndexWriter indexWriter = null; IndexWriter indexWriter = null;
try { try {
analyzer = createIndexingAnalyzer(); analyzer = createSearchingAnalyzer();
final IndexWriterConfig conf = new IndexWriterConfig(LuceneUtils.CURRENT_VERSION, analyzer); final IndexWriterConfig conf = new IndexWriterConfig(LuceneUtils.CURRENT_VERSION, analyzer);
indexWriter = new IndexWriter(index, conf); indexWriter = new IndexWriter(index, conf);
try { try {
@@ -224,6 +226,7 @@ public final class CpeMemoryIndex {
v.setStringValue(pair.getLeft()); v.setStringValue(pair.getLeft());
p.setStringValue(pair.getRight()); p.setStringValue(pair.getRight());
indexWriter.addDocument(doc); indexWriter.addDocument(doc);
resetFieldAnalyzer();
} }
} catch (DatabaseException ex) { } catch (DatabaseException ex) {
LOGGER.debug("", ex); LOGGER.debug("", ex);
@@ -254,14 +257,14 @@ public final class CpeMemoryIndex {
} }
/** /**
* Resets the searching analyzers * Resets the product and vendor field analyzers.
*/ */
private void resetSearchingAnalyzer() { private void resetFieldAnalyzer() {
if (productSearchFieldAnalyzer != null) { if (productFieldAnalyzer != null) {
productSearchFieldAnalyzer.clear(); productFieldAnalyzer.clear();
} }
if (vendorSearchFieldAnalyzer != null) { if (vendorFieldAnalyzer != null) {
vendorSearchFieldAnalyzer.clear(); vendorFieldAnalyzer.clear();
} }
} }
@@ -293,7 +296,7 @@ public final class CpeMemoryIndex {
* @throws IOException thrown if there is an IOException * @throws IOException thrown if there is an IOException
*/ */
public TopDocs search(Query query, int maxQueryResults) throws CorruptIndexException, IOException { public TopDocs search(Query query, int maxQueryResults) throws CorruptIndexException, IOException {
resetSearchingAnalyzer(); resetFieldAnalyzer();
return indexSearcher.search(query, maxQueryResults); return indexSearcher.search(query, maxQueryResults);
} }

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzer.java
View File

@@ -29,11 +29,15 @@ import org.apache.lucene.util.Version;
/** /**
* <p> * <p>
* A Lucene Analyzer that utilizes the WhitespaceTokenizer, WordDelimiterFilter, LowerCaseFilter, and StopFilter. The intended * A Lucene Analyzer that utilizes the WhitespaceTokenizer, WordDelimiterFilter,
* purpose of this Analyzer is to index the CPE fields vendor and product.</p> * LowerCaseFilter, and StopFilter. The intended purpose of this Analyzer is to
* index the CPE fields vendor and product.</p>
* *
* @author Jeremy Long * @author Jeremy Long
* @Deprecated the field analyzer should not be used, instead use the
* SearchFieldAnalyzer so that the token analyzing filter is used.
*/ */
@Deprecated
public class FieldAnalyzer extends Analyzer { public class FieldAnalyzer extends Analyzer {
/** /**

8
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java
View File

@@ -29,6 +29,7 @@ import static org.junit.Assert.assertTrue;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.BaseDBTestCase; import org.owasp.dependencycheck.BaseDBTestCase;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.cpe.IndexEntry; import org.owasp.dependencycheck.data.cpe.IndexEntry;
import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Dependency;
@@ -82,6 +83,10 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
*/ */
@Test @Test
public void testDetermineCPE_full() throws Exception { public void testDetermineCPE_full() throws Exception {
//update needs to be performed so that xtream can be tested
Engine e = new Engine();
e.doUpdates();
CPEAnalyzer cpeAnalyzer = new CPEAnalyzer(); CPEAnalyzer cpeAnalyzer = new CPEAnalyzer();
try { try {
cpeAnalyzer.initialize(); cpeAnalyzer.initialize();
@@ -95,13 +100,14 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
FalsePositiveAnalyzer fp = new FalsePositiveAnalyzer(); FalsePositiveAnalyzer fp = new FalsePositiveAnalyzer();
fp.initialize(); fp.initialize();
//callDetermineCPE_full("struts2-core-2.3.16.3.jar", "cpe:/a:apache:struts:2.3.16.3", instance, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("hazelcast-2.5.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp); callDetermineCPE_full("hazelcast-2.5.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("spring-context-support-2.5.5.jar", "cpe:/a:springsource:spring_framework:2.5.5", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp); callDetermineCPE_full("spring-context-support-2.5.5.jar", "cpe:/a:springsource:spring_framework:2.5.5", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("spring-core-3.0.0.RELEASE.jar", "cpe:/a:vmware:springsource_spring_framework:3.0.0", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp); callDetermineCPE_full("spring-core-3.0.0.RELEASE.jar", "cpe:/a:vmware:springsource_spring_framework:3.0.0", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("org.mortbay.jetty.jar", "cpe:/a:mortbay_jetty:jetty:4.2.27", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp); callDetermineCPE_full("org.mortbay.jetty.jar", "cpe:/a:mortbay_jetty:jetty:4.2.27", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("jaxb-xercesImpl-1.5.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp); callDetermineCPE_full("jaxb-xercesImpl-1.5.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("ehcache-core-2.2.0.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp); callDetermineCPE_full("ehcache-core-2.2.0.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("xstream-1.4.8.jar", "cpe:/a:x-stream:xstream:1.4.8", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
} finally { } finally {
cpeAnalyzer.close(); cpeAnalyzer.close();
} }