github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-19 07:44:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

rework the enabled / disabled logic

Browse Source 
If an analyzer is disabled from the configuration, it should not be
initialized (because some of the may actually fail during that process
nor should the engine log in any way that those exist.

With these changes, it is possible for me to turn off unwanted
analyzers (e.g. Ruby analyzers for a java project) from the maven
plugin and not confuse my users with spurious misleading messages.
This commit is contained in:
Henning Schmiedehausen
2016-12-28 16:39:25 -08:00
parent 63ad13ff7a
commit def78a3cfd
11 changed files with 49 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -522,12 +522,17 @@ public class Engine implements FileFilter {
continue; continue;
} }
if (analyzer.isEnabled()) {
executeAnalysisTasks(analyzer, exceptions); executeAnalysisTasks(analyzer, exceptions);
final long analyzerDurationMillis = System.currentTimeMillis() - analyzerStart; final long analyzerDurationMillis = System.currentTimeMillis() - analyzerStart;
final long analyzerDurationSeconds = TimeUnit.MILLISECONDS.toSeconds(analyzerDurationMillis); final long analyzerDurationSeconds = TimeUnit.MILLISECONDS.toSeconds(analyzerDurationMillis);
LOGGER.info("Finished {} ({} seconds)", analyzer.getName(), analyzerDurationSeconds); LOGGER.info("Finished {} ({} seconds)", analyzer.getName(), analyzerDurationSeconds);
} }
else {
LOGGER.debug("Skipping {} (not enabled)", analyzer.getName());
}
}
} }
for (AnalysisPhase phase : AnalysisPhase.values()) { for (AnalysisPhase phase : AnalysisPhase.values()) {
final List<Analyzer> analyzerList = analyzers.get(phase); final List<Analyzer> analyzerList = analyzers.get(phase);

33
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java
View File

@@ -81,6 +81,23 @@ public abstract class AbstractAnalyzer implements Analyzer {
*/ */
protected abstract void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException; protected abstract void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException;
/**
* Initializes a given Analyzer. This will be skipped if the analyzer is disabled.
*
* @throws InitializationException thrown if there is an exception
*/
protected void initializeAnalyzer() throws InitializationException {
}
/**
* Closes a given Analyzer. This will be skipped if the analyzer is disabled.
*
* @throws Exception thrown if there is an exception
*/
protected void closeAnalyzer() throws Exception {
}
/** /**
* Analyzes a given dependency. If the dependency is an archive, such as a * Analyzes a given dependency. If the dependency is an archive, such as a
* WAR or EAR, the contents are extracted, scanned, and added to the list of * WAR or EAR, the contents are extracted, scanned, and added to the list of
@@ -103,14 +120,19 @@ public abstract class AbstractAnalyzer implements Analyzer {
* @throws InitializationException thrown if there is an exception * @throws InitializationException thrown if there is an exception
*/ */
@Override @Override
public void initialize() throws InitializationException { public final void initialize() throws InitializationException {
final String key = getAnalyzerEnabledSettingKey(); final String key = getAnalyzerEnabledSettingKey();
try { try {
this.setEnabled(Settings.getBoolean(key, true)); this.setEnabled(Settings.getBoolean(key, true));
} catch (InvalidSettingException ex) { } catch (InvalidSettingException ex) {
LOGGER.warn("Invalid setting for property '{}'", key); LOGGER.warn("Invalid setting for property '{}'", key);
LOGGER.debug("", ex); LOGGER.debug("", ex);
LOGGER.warn("{} has been disabled", getName()); }
if (isEnabled()) {
initializeAnalyzer();
} else {
LOGGER.debug("{} has been disabled", getName());
} }
} }
@@ -120,9 +142,12 @@ public abstract class AbstractAnalyzer implements Analyzer {
* @throws Exception thrown if there is an exception * @throws Exception thrown if there is an exception
*/ */
@Override @Override
public void close() throws Exception { public final void close() throws Exception {
//do nothing if (isEnabled()) {
closeAnalyzer();
} }
}
/** /**
* The default is to support parallel processing. * The default is to support parallel processing.

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
View File

@@ -74,8 +74,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
* initialization * initialization
*/ */
@Override @Override
public final void initialize() throws InitializationException { protected final void initializeAnalyzer() throws InitializationException {
super.initialize();
if (filesMatched) { if (filesMatched) {
initializeFileTypeAnalyzer(); initializeFileTypeAnalyzer();
} else { } else {

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java
View File

@@ -67,8 +67,7 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
* @throws InitializationException thrown if there is an exception * @throws InitializationException thrown if there is an exception
*/ */
@Override @Override
public void initialize() throws InitializationException { public void initializeAnalyzer() throws InitializationException {
super.initialize();
try { try {
loadSuppressionData(); loadSuppressionData();
} catch (SuppressionParseException ex) { } catch (SuppressionParseException ex) {

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -204,7 +204,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
* files * files
*/ */
@Override @Override
public void close() throws Exception { public void closeAnalyzer() throws Exception {
if (tempFileLocation != null && tempFileLocation.exists()) { if (tempFileLocation != null && tempFileLocation.exists()) {
LOGGER.debug("Attempting to delete temporary files"); LOGGER.debug("Attempting to delete temporary files");
final boolean success = FileUtils.delete(tempFileLocation); final boolean success = FileUtils.delete(tempFileLocation);

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
View File

@@ -288,8 +288,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
* @throws Exception thrown if there is a problem closing the analyzer * @throws Exception thrown if there is a problem closing the analyzer
*/ */
@Override @Override
public void close() throws Exception { public void closeAnalyzer() throws Exception {
super.close();
try { try {
if (grokAssemblyExe != null && !grokAssemblyExe.delete()) { if (grokAssemblyExe != null && !grokAssemblyExe.delete()) {
LOGGER.debug("Unable to delete temporary GrokAssembly.exe; attempting delete on exit"); LOGGER.debug("Unable to delete temporary GrokAssembly.exe; attempting delete on exit");

5
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
View File

@@ -138,8 +138,7 @@ public class CPEAnalyzer extends AbstractAnalyzer {
* the index. * the index.
*/ */
@Override @Override
public void initialize() throws InitializationException { public void initializeAnalyzer() throws InitializationException {
super.initialize();
try { try {
this.open(); this.open();
} catch (IOException ex) { } catch (IOException ex) {
@@ -180,7 +179,7 @@ public class CPEAnalyzer extends AbstractAnalyzer {
* Closes the data sources. * Closes the data sources.
*/ */
@Override @Override
public void close() { public void closeAnalyzer() {
if (cpe != null) { if (cpe != null) {
cpe.close(); cpe.close();
cpe = null; cpe = null;

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
View File

@@ -99,8 +99,7 @@ public class HintAnalyzer extends AbstractAnalyzer {
* @throws InitializationException thrown if there is an exception * @throws InitializationException thrown if there is an exception
*/ */
@Override @Override
public void initialize() throws InitializationException { public void initializeAnalyzer() throws InitializationException {
super.initialize();
try { try {
loadHintRules(); loadHintRules();
} catch (HintParseException ex) { } catch (HintParseException ex) {

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -912,7 +912,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* Deletes any files extracted from the JAR during analysis. * Deletes any files extracted from the JAR during analysis.
*/ */
@Override @Override
public void close() { public void closeAnalyzer() {
if (tempFileLocation != null && tempFileLocation.exists()) { if (tempFileLocation != null && tempFileLocation.exists()) {
LOGGER.debug("Attempting to delete temporary files"); LOGGER.debug("Attempting to delete temporary files");
final boolean success = FileUtils.delete(tempFileLocation); final boolean success = FileUtils.delete(tempFileLocation);

5
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java
View File

@@ -71,7 +71,7 @@ public class NvdCveAnalyzer extends AbstractAnalyzer {
* Closes the data source. * Closes the data source.
*/ */
@Override @Override
public void close() { public void closeAnalyzer() {
cveDB.close(); cveDB.close();
cveDB = null; cveDB = null;
} }
@@ -171,8 +171,7 @@ public class NvdCveAnalyzer extends AbstractAnalyzer {
* the index. * the index.
*/ */
@Override @Override
public void initialize() throws InitializationException { public void initializeAnalyzer() throws InitializationException {
super.initialize();
try { try {
this.open(); this.open();
} catch (SQLException ex) { } catch (SQLException ex) {

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
View File

@@ -273,7 +273,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
* Deletes any files extracted from the Wheel during analysis. * Deletes any files extracted from the Wheel during analysis.
*/ */
@Override @Override
public void close() { public void closeAnalyzer() {
if (tempFileLocation != null && tempFileLocation.exists()) { if (tempFileLocation != null && tempFileLocation.exists()) {
LOGGER.debug("Attempting to delete temporary files"); LOGGER.debug("Attempting to delete temporary files");
final boolean success = FileUtils.delete(tempFileLocation); final boolean success = FileUtils.delete(tempFileLocation);