remove code duplication

2026-01-16 08:36:55 +01:00 · 2017-12-03 05:57:20 -05:00
parent c6363fde7a
commit d713e5d7d7
3 changed files with 28 additions and 28 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
@@ -32,6 +32,7 @@ import javax.json.JsonObject;
 import javax.json.JsonObjectBuilder;
 import javax.json.JsonString;
 import javax.json.JsonValue;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.EvidenceType;
 import org.owasp.dependencycheck.utils.Checksum;

@@ -71,19 +72,37 @@ public abstract class AbstractNpmAnalyzer extends AbstractFileTypeAnalyzer {
        boolean accept = super.accept(pathname);
        if (accept) {
            try {
-                // Do not scan the node_modules directory
-                if (pathname.getCanonicalPath().contains(File.separator + "node_modules" + File.separator)) {
-                    LOGGER.debug("Skipping analysis of node module: " + pathname.getCanonicalPath());
-                    accept = false;
-                }
-            } catch (IOException ex) {
-                throw new RuntimeException("Unable to process dependency", ex);
+                accept |= shouldProcess(pathname);
+            } catch (AnalysisException ex) {
+                throw new RuntimeException(ex.getMessage(), ex.getCause());
            }
        }

        return accept;
    }

+    /**
+     * Determines if the path contains "/node_modules/" (i.e. it is a child
+     * module. This analyzer does not scan child modules.
+     *
+     * @param pathname the path to test
+     * @return <code>true</code> if the path does not contain "/node_modules/"
+     * @throws AnalysisException thrown if the canonical path cannot be obtained
+     * from the given file
+     */
+    protected boolean shouldProcess(File pathname) throws AnalysisException {
+        try {
+            // Do not scan the node_modules directory
+            if (pathname.getCanonicalPath().contains(File.separator + "node_modules" + File.separator)) {
+                LOGGER.debug("Skipping analysis of node module: " + pathname.getCanonicalPath());
+                return false;
+            }
+        } catch (IOException ex) {
+            throw new AnalysisException("Unable to process dependency", ex);
+        }
+        return true;
+    }
+
    /**
     * Construct a dependency object.
     *
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
@@ -167,18 +167,9 @@ public class NodePackageAnalyzer extends AbstractNpmAnalyzer {
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        engine.removeDependency(dependency);
        final File dependencyFile = dependency.getActualFile();
-        if (!dependencyFile.isFile() || dependencyFile.length() == 0) {
+        if (!dependencyFile.isFile() || dependencyFile.length() == 0 || !shouldProcess(dependencyFile)) {
            return;
        }
-        try {
-            // Do not scan the node_modules directory
-            if (dependencyFile.getCanonicalPath().contains(File.separator + "node_modules" + File.separator)) {
-                LOGGER.debug("Skipping analysis of node module: " + dependencyFile.getCanonicalPath());
-                return;
-            }
-        } catch (IOException ex) {
-            throw new AnalysisException("Unable to process dependency", ex);
-        }
        final File baseDir = dependencyFile.getParentFile();
        if (PACKAGE_LOCK_JSON.equals(dependency.getFileName())) {
            final File shrinkwrap = new File(baseDir, SHRINKWRAP_JSON);
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
@@ -158,20 +158,10 @@ public class NspAnalyzer extends AbstractNpmAnalyzer {
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        engine.removeDependency(dependency);
        final File file = dependency.getActualFile();
-        if (!file.isFile() || file.length() == 0) {
+        if (!file.isFile() || file.length() == 0 || !shouldProcess(file)) {
            return;
        }

-        try {
-            // Do not scan the node_modules directory
-            if (file.getCanonicalPath().contains(File.separator + "node_modules" + File.separator)) {
-                LOGGER.debug("Skipping analysis of node module: " + file.getCanonicalPath());
-                return;
-            }
-        } catch (IOException ex) {
-            throw new AnalysisException("Unable to process dependency", ex);
-        }
-
        try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {

            // Retrieves the contents of package.json from the Dependency