Autoconf analyzer: added configure.in and unquoted values processing.

Former-commit-id: 4cedd800c60250f19deaebf8cdff9db4e310e7ab
2026-01-14 07:43:40 +01:00 · 2015-05-27 13:35:48 -04:00
parent 154a576388
commit d87fa374ec
2 changed files with 46 additions and 31 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
@@ -19,6 +19,8 @@ package org.owasp.dependencycheck.analyzer;

 import java.io.File;
 import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -54,7 +56,7 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
 	/**
 	 * The set of file extensions supported by this analyzer.
 	 */
-	private static final Set<String> EXTENSIONS = newHashSet("ac");
+	private static final Set<String> EXTENSIONS = newHashSet("ac", "in");

 	/**
 	 * Matches AC_INIT statement in configure.ac file.
@@ -62,7 +64,7 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
 	private static final Pattern AC_INIT_PATTERN;
 	static {
 		// each instance of param or sep_param has a capture group
-		final String param = "\\[{1,2}(.+?)\\]{1,2}";
+		final String param = "\\[{0,2}(.+?)\\]{0,2}";
 		final String sep_param = "\\s*,\\s*" + param;
 		// Group 1: Package
 		// Group 2: Version
@@ -73,7 +75,7 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
 		// Group 7: optional
 		// Group 8: URL (if it exists)
 		AC_INIT_PATTERN = Pattern.compile(String.format(
-				"AC_INIT\\(%s%s(%s)?(%s)?(%s)?", param, sep_param, sep_param,
+				"AC_INIT\\(%s%s(%s)?(%s)?(%s)?\\s*\\)", param, sep_param, sep_param,
 				sep_param, sep_param), Pattern.DOTALL
 				| Pattern.CASE_INSENSITIVE);
 	}
@@ -123,7 +125,7 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
 			throws AnalysisException {
 		final File actualFile = dependency.getActualFile();
 		final String name = actualFile.getName();
-		if ("configure.ac".equals(name)) {
+		if ("configure.ac".equals(name) || "configure.in".equals(name)) {
 			final File parent = actualFile.getParentFile();
 			final String parentName = parent.getName();
 			dependency.setDisplayFileName(parentName + "/" + name);
@@ -135,32 +137,43 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
 						"Problem occured while reading dependency file.", e);
 			}
 			if (!contents.isEmpty()) {
-				final Matcher matcher = AC_INIT_PATTERN.matcher(contents);
-				if (matcher.find()) {
-					final EvidenceCollection productEvidence = dependency
-							.getProductEvidence();
-					productEvidence.addEvidence(name, "Package",
-							matcher.group(1), Confidence.HIGHEST);
-					dependency.getVersionEvidence().addEvidence(name,
-							"Package Version", matcher.group(2),
-							Confidence.HIGHEST);
-					final EvidenceCollection vendorEvidence = dependency
-							.getVendorEvidence();
-					if (null != matcher.group(3)) {
-						vendorEvidence.addEvidence(name, "Bug report address",
-								matcher.group(4), Confidence.HIGH);
-					}
-					if (null != matcher.group(5)) {
-						productEvidence.addEvidence(name, "Tarname",
-								matcher.group(6), Confidence.HIGH);
-					}
-					if (null != matcher.group(7)) {
-						final String url = matcher.group(8);
-						if (UrlStringUtils.isUrl(url)) {
-							vendorEvidence.addEvidence(name, "URL", url,
-									Confidence.HIGH);
-						}
-					}
+				gatherEvidence(dependency, name, contents);
+			}
+		} else {
+			// copy, alter and set in case some other thread is iterating over
+            final List<Dependency> deps = new ArrayList<Dependency>(
+                    engine.getDependencies());
+            deps.remove(dependency);
+            engine.setDependencies(deps);
+		}
+	}
+
+	private void gatherEvidence(Dependency dependency, final String name,
+			String contents) {
+		final Matcher matcher = AC_INIT_PATTERN.matcher(contents);
+		if (matcher.find()) {
+			final EvidenceCollection productEvidence = dependency
+					.getProductEvidence();
+			productEvidence.addEvidence(name, "Package",
+					matcher.group(1), Confidence.HIGHEST);
+			dependency.getVersionEvidence().addEvidence(name,
+					"Package Version", matcher.group(2),
+					Confidence.HIGHEST);
+			final EvidenceCollection vendorEvidence = dependency
+					.getVendorEvidence();
+			if (null != matcher.group(3)) {
+				vendorEvidence.addEvidence(name, "Bug report address",
+						matcher.group(4), Confidence.HIGH);
+			}
+			if (null != matcher.group(5)) {
+				productEvidence.addEvidence(name, "Tarname",
+						matcher.group(6), Confidence.HIGH);
+			}
+			if (null != matcher.group(7)) {
+				final String url = matcher.group(8);
+				if (UrlStringUtils.isUrl(url)) {
+					vendorEvidence.addEvidence(name, "URL", url,
+							Confidence.HIGH);
 				}
 			}
 		}
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java
@@ -124,7 +124,7 @@ public class AutoconfAnalyzerTest extends BaseTest {
 	 */
 	@Test
 	public void testGetSupportedExtensions() {
-		final String[] expected = { "ac" };
+		final String[] expected = { "ac", "in" };
 		assertEquals("Supported extensions should just have the following: "
 				+ StringUtils.join(expected, ", "),
 				new HashSet<String>(Arrays.asList(expected)),
@@ -138,6 +138,8 @@ public class AutoconfAnalyzerTest extends BaseTest {
 	public void testSupportsExtension() {
 		assertTrue("Should support \"ac\" extension.",
 				analyzer.supportsExtension("ac"));
+		assertTrue("Should support \"in\" extension.",
+				analyzer.supportsExtension("in"));
 	}

 }