github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-17 23:04:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

minor updates

Browse Source 
Former-commit-id: a3746443592105c7fb84d707a09c03dd83e378e1
This commit is contained in:
Jeremy Long
2013-04-20 13:36:44 -04:00
parent b3f0fb5392
commit d6ba01f5f5
2 changed files with 27 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
View File

@@ -89,7 +89,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
public AnalysisPhase getAnalysisPhase() { public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE; return ANALYSIS_PHASE;
} }
/** /**
* a flag indicating if this analyzer has run. This analyzer only runs once. * a flag indicating if this analyzer has run. This analyzer only runs once.
*/ */
@@ -113,13 +112,13 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
//for (Dependency dependencyToCheck : engine.getDependencies()) { //for (Dependency dependencyToCheck : engine.getDependencies()) {
while (mainIterator.hasNext()) { while (mainIterator.hasNext()) {
final Dependency dependency = mainIterator.next(); final Dependency dependency = mainIterator.next();
System.out.println("START " + dependency.getFileName() + "----------------------");
if (mainIterator.hasNext()) { if (mainIterator.hasNext()) {
ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex()); ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
while (subIterator.hasNext()) { while (subIterator.hasNext()) {
final Dependency dependencyToCheck = subIterator.next(); final Dependency dependencyToCheck = subIterator.next();
if (identifiersMatch(dependency, dependencyToCheck) if (identifiersMatch(dependency, dependencyToCheck)
&& hasSameBasePath(dependency, dependencyToCheck)) { && hasSameBasePath(dependency, dependencyToCheck)) {
if (isCore(dependency, dependencyToCheck)) { if (isCore(dependency, dependencyToCheck)) {
dependency.addRelatedDependency(dependencyToCheck); dependency.addRelatedDependency(dependencyToCheck);
@@ -145,7 +144,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
} }
} }
} }
System.out.println("END " + dependency.getFileName() + "----------------------");
} }
//removing dependencies here as ensuring correctness and avoiding ConcurrentUpdateExceptions //removing dependencies here as ensuring correctness and avoiding ConcurrentUpdateExceptions
// was difficult because of the inner iterator. // was difficult because of the inner iterator.
@@ -162,13 +160,10 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
* @return true if the identifiers in the two supplied dependencies are equal * @return true if the identifiers in the two supplied dependencies are equal
*/ */
private boolean identifiersMatch(Dependency dependency1, Dependency dependency2) { private boolean identifiersMatch(Dependency dependency1, Dependency dependency2) {
System.out.println("Checking Identifiers: " + dependency1.getFileName() + " and " + dependency2.getFileName());
if (dependency1 == null || dependency1.getIdentifiers() == null if (dependency1 == null || dependency1.getIdentifiers() == null
|| dependency2 == null || dependency2.getIdentifiers() == null) { || dependency2 == null || dependency2.getIdentifiers() == null) {
return false; return false;
} }
System.out.println("Result = " + (dependency1.getIdentifiers().size() > 0
&& dependency2.getIdentifiers().equals(dependency1.getIdentifiers())));
return dependency1.getIdentifiers().size() > 0 return dependency1.getIdentifiers().size() > 0
&& dependency2.getIdentifiers().equals(dependency1.getIdentifiers()); && dependency2.getIdentifiers().equals(dependency1.getIdentifiers());
} }
@@ -200,30 +195,28 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
* This is likely a very broken attempt at determining if the 'left' * This is likely a very broken attempt at determining if the 'left'
* dependency is the 'core' library in comparison to the 'right' library. * dependency is the 'core' library in comparison to the 'right' library.
* *
* TODO - consider spliting on /\._-\s/ and checking if all of one side is fully contained in the other
* With the exception of the word "core". This might work even on groups when we don't have a CVE.
*
* @param left the dependency to test * @param left the dependency to test
* @param right the dependency to test against * @param right the dependency to test against
* @return a boolean indicating whether or not the left dependency should be * @return a boolean indicating whether or not the left dependency should be
* considered the "core" version. * considered the "core" version.
*/ */
private boolean isCore(Dependency left, Dependency right) { private boolean isCore(Dependency left, Dependency right) {
System.out.println("Checking iscore: " + left.getFileName() + " and " + right.getFileName());
final String leftName = left.getFileName().toLowerCase(); final String leftName = left.getFileName().toLowerCase();
final String rightName = right.getFileName().toLowerCase(); final String rightName = right.getFileName().toLowerCase();
if (rightName.contains("core") && !leftName.contains("core")) { if (rightName.contains("core") && !leftName.contains("core")) {
System.out.println("core False 1");
return false; return false;
} else if (!rightName.contains("core") && leftName.contains("core")) { } else if (!rightName.contains("core") && leftName.contains("core")) {
System.out.println("core true 1");
return true; return true;
} else { } else {
//TODO should we be splitting the name on [-_(.\d)+] and seeing if the //TODO should we be splitting the name on [-_(.\d)+] and seeing if the
// parts are contained in the other side? // parts are contained in the other side?
if (leftName.length() > rightName.length()) { if (leftName.length() > rightName.length()) {
System.out.println("core false 2");
return false; return false;
} }
System.out.println("core true 2");
return true; return true;
} }
} }

23
src/main/resources/templates/HtmlReport.vsl
View File

@@ -283,7 +283,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
]]# ]]#
<h2 class="sectionheader white">Project:&nbsp;$esc.html($applicationName)</h2> <h2 class="sectionheader white">Project:&nbsp;$esc.html($applicationName)</h2>
<div class="sectioncontent">Report Generated On: $date<br/><br/> <div class="sectioncontent">Report Generated On: $date<br/><br/>
Dependencies Scanned:&nbsp;$dependencies.size()<br/><br/> #set($depCount=$dependencies.size())
#foreach($dependency in $dependencies)
#set($depCount=$depCount+$dependency.getRelatedDependencies().size())
#end
Dependencies Scanned:&nbsp;$depCount<br/><br/>
<div class="indent"> <div class="indent">
#set($lnkcnt=0) #set($lnkcnt=0)
#foreach($dependency in $dependencies) #foreach($dependency in $dependencies)
@@ -356,6 +360,23 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
#end #end
</table> </table>
</div> </div>
#if($dependency.getRelatedDependencies().size()>0)
#set($cnt=$cnt+1)
<h4 id="header$cnt" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4>
<div id="content$cnt" class="subsectioncontent standardsubsection hidden">
<ul>
#foreach($related in $dependency.getRelatedDependencies())
<li>$esc.html($related.FileName)
<ul>
<li>File Path:&nbsp;$esc.html($dependency.FilePath)</li>
<li>SHA1:&nbsp;$esc.html($related.Sha1sum)</li>
<li>MD5:&nbsp;$esc.html($related.Md5sum)</li>
</ul>
</li>
#end
</ul>
</div>
#end
#set($cnt=$cnt+1) #set($cnt=$cnt+1)
#set($cpeCount=0) #set($cpeCount=0)
#foreach($id in $dependency.getIdentifiers()) #foreach($id in $dependency.getIdentifiers())