github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
brianf
2017-09-22 13:47:08 -04:00
parent 1564f11b89
commit e0af41e439
20 changed files with 81 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
View File

@@ -58,9 +58,9 @@ import org.owasp.dependencycheck.exception.InitializationException;
public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The dependency Ecosystem
* A descriptor for the type of dependencies processed or added by this analyzer
*/
static final String DEPENDENCY_ECOSYSTEM = "CMAKE";
public static final String DEPENDENCY_ECOSYSTEM = "CMAKE";
/**
* The logger.
@@ -154,9 +154,8 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
@Override
protected void analyzeDependency(Dependency dependency, Engine engine)
throws AnalysisException {
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
final File file = dependency.getActualFile();
final String parentName = file.getParentFile().getName();
final String name = file.getName();
String contents;
try {
@@ -217,7 +216,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
if (count > 1) {
//TODO - refactor so we do not assign to the parameter (checkstyle)
currentDep = new Dependency(dependency.getActualFile());
currentDep.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
currentDep.setEcosystem(DEPENDENCY_ECOSYSTEM);
final String filePath = String.format("%s:%s", dependency.getFilePath(), product);
currentDep.setFilePath(filePath);

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java
View File

@@ -43,6 +43,11 @@ import org.owasp.dependencycheck.utils.Settings;
@Experimental
public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
/**
* A descriptor for the type of dependencies processed or added by this analyzer
*/
public static final String DEPENDENCY_ECOSYSTEM = "CocoaPod";
/**
* The logger.
*/
@@ -51,11 +56,6 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "CocoaPods Package Analyzer";
/**
* The dependency Ecosystem
*/
static final String DEPENDENCY_ECOSYSTEM = "CocoaPod";
/**
* The phase that this analyzer is intended to run in.
@@ -127,7 +127,7 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
protected void analyzeDependency(Dependency dependency, Engine engine)
throws AnalysisException {
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
String contents;
try {
contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java
View File

@@ -46,6 +46,11 @@ import java.security.NoSuchAlgorithmException;
@Experimental
public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
/**
* A descriptor for the type of dependencies processed or added by this analyzer
*/
public static final String DEPENDENCY_ECOSYSTEM = "Composer";
/**
* The logger.
*/
@@ -55,11 +60,6 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
* The analyzer name.
*/
private static final String ANALYZER_NAME = "Composer.lock analyzer";
/**
* The dependency Ecosystem
*/
static final String DEPENDENCY_ECOSYSTEM = "Composer";
/**
* composer.json.
@@ -119,7 +119,7 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
d.setName(dep.getProject());
d.setVersion(dep.getVersion());
d.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
d.setEcosystem(DEPENDENCY_ECOSYSTEM);
final MessageDigest sha1 = getSha1MessageDigest();
d.setFilePath(filePath);

10
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -73,6 +73,10 @@ import org.slf4j.LoggerFactory;
public class JarAnalyzer extends AbstractFileTypeAnalyzer {
//<editor-fold defaultstate="collapsed" desc="Constants and Member Variables">
/**
* A descriptor for the type of dependencies processed or added by this analyzer
*/
public static final String DEPENDENCY_ECOSYSTEM = "Java";
/**
* The logger.
*/
@@ -157,10 +161,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Jar Analyzer";
/**
* The dependency ecosystem.
*/
static final String DEPENDENCY_ECOSYSTEM = "Java";
/**
* The phase that this analyzer is intended to run in.
*/
@@ -262,7 +262,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
final boolean hasPOM = analyzePOM(dependency, classNames, engine);
final boolean addPackagesAsEvidence = !(hasManifest && hasPOM);
analyzePackageNames(classNames, dependency, addPackagesAsEvidence);
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
} catch (IOException ex) {
throw new AnalysisException("Exception occurred reading the JAR file (" + dependency.getFileName() + ").", ex);
}

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
View File

@@ -50,6 +50,11 @@ import org.owasp.dependencycheck.exception.InitializationException;
public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
/**
* A descriptor for the type of dependencies processed or added by this analyzer
*/
public static final String DEPENDENCY_ECOSYSTEM = "npm";
/**
* The logger.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(NodePackageAnalyzer.class);
@@ -58,11 +63,6 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Node.js Package Analyzer";
/**
* The dependency ecosystem.
*/
static final String DEPENDENCY_ECOSYSTEM = "npm";
/**
* The phase that this analyzer is intended to run in.
@@ -127,7 +127,7 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
@Override
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
final File file = dependency.getActualFile();
if (!file.isFile() || file.length()==0) {
return;

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
View File

@@ -57,15 +57,15 @@ import java.util.concurrent.atomic.AtomicInteger;
@Experimental
public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
/**
* A descriptor for the type of dependencies processed or added by this analyzer
*/
public static final String DEPENDENCY_ECOSYSTEM = "Python.Dist";
/**
* Name of egg metadata files to analyze.
*/
private static final String PKG_INFO = "PKG-INFO";
/**
* The dependency Ecosystem
*/
static final String DEPENDENCY_ECOSYSTEM = "Python.Dist";
/**
* Name of wheel metadata files to analyze.
@@ -189,7 +189,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
protected void analyzeDependency(Dependency dependency, Engine engine)
throws AnalysisException {
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
final File actualFile = dependency.getActualFile();
if (WHL_FILTER.accept(actualFile)) {
collectMetadataFromArchiveFormat(dependency, DIST_INFO_FILTER,

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
View File

@@ -46,6 +46,11 @@ import org.owasp.dependencycheck.exception.InitializationException;
@Experimental
public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
/**
* A descriptor for the type of dependencies processed or added by this analyzer
*/
public static final String DEPENDENCY_ECOSYSTEM = "Python.Pkg";
/**
* Used when compiling file scanning regex patterns.
*/
@@ -110,11 +115,6 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
*/
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
/**
* The dependency Ecosystem
*/
static final String DEPENDENCY_ECOSYSTEM = "Python.Pkg";
/**
* Returns the name of the Python Package Analyzer.
*
@@ -178,7 +178,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
@Override
protected void analyzeDependency(Dependency dependency, Engine engine)
throws AnalysisException {
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
final File file = dependency.getActualFile();
final File parent = file.getParentFile();
final String parentName = parent.getName();

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzer.java
View File

@@ -49,14 +49,16 @@ import org.owasp.dependencycheck.dependency.Dependency;
@Experimental
public class RubyBundlerAnalyzer extends RubyGemspecAnalyzer {
/**
* A descriptor for the type of dependencies processed or added by this analyzer
*/
public static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Ruby Bundler Analyzer";
/**
* The types of files on which this will work.
*/
static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
/**
* Folder name that contains .gemspec files created by "bundle install"
*/
@@ -100,7 +102,7 @@ public class RubyBundlerAnalyzer extends RubyGemspecAnalyzer {
protected void analyzeDependency(Dependency dependency, Engine engine)
throws AnalysisException {
super.analyzeDependency(dependency, engine);
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
//find the corresponding gem folder for this .gemspec stub by "bundle install --deployment"
final File gemspecFile = dependency.getActualFile();
final String gemFileName = gemspecFile.getName();

14
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java
View File

@@ -48,7 +48,12 @@ import org.slf4j.LoggerFactory;
@Experimental
public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
/**
/**
* A descriptor for the type of dependencies processed or added by this analyzer
*/
public static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
/**
* The logger.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(RubyGemspecAnalyzer.class);
@@ -56,10 +61,7 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Ruby Gemspec Analyzer";
/**
* The Dependency's ecosystem.
*/
static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
/**
* The phase that this analyzer is intended to run in.
*/
@@ -135,7 +137,7 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
@Override
protected void analyzeDependency(Dependency dependency, Engine engine)
throws AnalysisException {
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
String contents;
try {
contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java
View File

@@ -43,15 +43,15 @@ import org.owasp.dependencycheck.utils.Settings;
@Experimental
public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
/**
* A descriptor for the type of dependencies processed or added by this analyzer
*/
public static final String DEPENDENCY_ECOSYSTEM = "Swift.PM";
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "SWIFT Package Manager Analyzer";
/**
* The dependency Ecosystem
*/
static final String DEPENDENCY_ECOSYSTEM = "Swift.PM";
/**
* The phase that this analyzer is intended to run in.
@@ -124,7 +124,7 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
protected void analyzeDependency(Dependency dependency, Engine engine)
throws AnalysisException {
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
String contents;
try {

17
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View File

@@ -154,9 +154,10 @@ public class Dependency implements Serializable, Comparable<Dependency> {
private String version;
/**
* Defines the ecosystem identifier for this dependency
* A descriptor for the type of dependency based on which analyzer added it
* or collected evidence about it
*/
private String dependencyEcosystem;
private String ecosystem;
/**
* Returns the package path.
@@ -886,16 +887,16 @@ public class Dependency implements Serializable, Comparable<Dependency> {
}
/**
* @return the dependencyEcosystem
* @return the ecosystem
*/
public String getDependencyEcosystem() {
return dependencyEcosystem;
public String getEcosystem() {
return ecosystem;
}
/**
* @param dependencyEcosystem the dependencyEcosystem to set
* @param ecosystem the ecosystem to set
*/
public void setDependencyEcosystem(String dependencyEcosystem) {
this.dependencyEcosystem = dependencyEcosystem;
public void setEcosystem(String ecosystem) {
this.ecosystem = ecosystem;
}
}

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java
View File

@@ -148,7 +148,7 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
assertEquals(product,result.getName());
assertTrue("Expected product evidence to contain \"" + product + "\".",
result.getProductEvidence().toString().contains(product));
assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
}
/**

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java
View File

@@ -130,7 +130,7 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {
assertEquals("classpreloader",d.getName());
assertEquals("2.0.0",d.getVersion());
assertThat(d.getDisplayFileName(),equalTo("classpreloader:2.0.0"));
assertEquals(ComposerLockAnalyzer.DEPENDENCY_ECOSYSTEM,d.getDependencyEcosystem());
assertEquals(ComposerLockAnalyzer.DEPENDENCY_ECOSYSTEM,d.getEcosystem());
}

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java
View File

@@ -58,7 +58,7 @@ public class JarAnalyzerTest extends BaseTest {
file = BaseTest.getResourceAsFile(this, "dwr.jar");
result = new Dependency(file);
instance.analyze(result, null);
assertEquals(JarAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
assertEquals(JarAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
boolean found = false;
for (Evidence e : result.getVendorEvidence()) {
if (e.getName().equals("url")) {

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java
View File

@@ -96,7 +96,7 @@ public class NodePackageAnalyzerTest extends BaseTest {
assertThat(vendorString, containsString("dns-sync_project"));
assertThat(result.getProductEvidence().toString(), containsString("dns-sync"));
assertThat(result.getVersionEvidence().toString(), containsString("0.1.0"));
assertEquals(NodePackageAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
assertEquals(NodePackageAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
assertEquals("dns-sync",result.getName());
assertEquals("0.1.0",result.getVersion());
}

4
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java
View File

@@ -133,7 +133,7 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
assertEquals("1.7.2",result.getVersion());
assertEquals("Django",result.getName());
assertEquals("Django:1.7.2",result.getDisplayFileName());
assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
}
@Test
@@ -189,6 +189,6 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
assertEquals("0.0.1",result.getVersion());
assertEquals("EggTest",result.getName());
assertEquals("EggTest:0.0.1",result.getDisplayFileName());
assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
}
}

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java
View File

@@ -101,7 +101,7 @@ public class PythonPackageAnalyzerTest extends BaseTest {
assertEquals("0.0.1",result.getVersion());
assertEquals("eggtest",result.getName());
assertEquals("eggtest:0.0.1",result.getDisplayFileName());
assertEquals(PythonPackageAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
assertEquals(PythonPackageAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
}
}

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzerTest.java
View File

@@ -105,7 +105,7 @@ public class RubyBundlerAnalyzerTest extends BaseTest {
assertThat(result.getProductEvidence().toString(), containsString("High performance memcached client for Ruby"));
assertThat(result.getVersionEvidence().toString(), containsString("2.7.5"));
assertEquals("2.7.5",result.getVersion());
assertEquals(RubyBundlerAnalyzer.DEPENDENCY_ECOSYSTEM, result.getDependencyEcosystem());
assertEquals(RubyBundlerAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem());
assertEquals("dalli:2.7.5",result.getDisplayFileName());
}

4
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java
View File

@@ -94,7 +94,7 @@ public class RubyGemspecAnalyzerTest extends BaseTest {
"ruby/vulnerable/gems/specifications/rest-client-1.7.2.gemspec"));
analyzer.analyze(result, null);
final String vendorString = result.getVendorEvidence().toString();
assertEquals(RubyGemspecAnalyzer.DEPENDENCY_ECOSYSTEM, result.getDependencyEcosystem());
assertEquals(RubyGemspecAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem());
assertThat(vendorString, containsString("REST Client Team"));
assertThat(vendorString, containsString("rest-client_project"));
assertThat(vendorString, containsString("rest.client@librelist.com"));
@@ -118,7 +118,7 @@ public class RubyGemspecAnalyzerTest extends BaseTest {
"ruby/vulnerable/gems/rails-4.1.15/vendor/bundle/ruby/2.2.0/gems/pg-0.18.4/Rakefile"));
analyzer.analyze(result, null);
assertTrue(result.getEvidence().size()>0);
assertEquals(RubyGemspecAnalyzer.DEPENDENCY_ECOSYSTEM, result.getDependencyEcosystem());
assertEquals(RubyGemspecAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem());
assertEquals("pg",result.getName());
assertEquals("0.18.4",result.getVersion());
assertEquals("pg:0.18.4",result.getDisplayFileName());

4
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/SwiftAnalyzersTest.java
View File

@@ -109,7 +109,7 @@ public class SwiftAnalyzersTest extends BaseTest {
assertThat(result.getName(),equalTo("EasyPeasy"));
assertThat(result.getVersion(),equalTo("0.2.3"));
assertThat(result.getDisplayFileName(),equalTo("EasyPeasy:0.2.3"));
assertThat(result.getDependencyEcosystem(),equalTo(CocoaPodsAnalyzer.DEPENDENCY_ECOSYSTEM));
assertThat(result.getEcosystem(),equalTo(CocoaPodsAnalyzer.DEPENDENCY_ECOSYSTEM));
}
/**
@@ -128,6 +128,6 @@ public class SwiftAnalyzersTest extends BaseTest {
//TODO: when version processing is added, update the expected name.
assertThat(result.getDisplayFileName(),equalTo("Gloss"));
assertThat(result.getDependencyEcosystem(),equalTo(SwiftPackageManagerAnalyzer.DEPENDENCY_ECOSYSTEM));
assertThat(result.getEcosystem(),equalTo(SwiftPackageManagerAnalyzer.DEPENDENCY_ECOSYSTEM));
}
}