cleanup

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java

@@ -58,9 +58,9 @@ import org.owasp.dependencycheck.exception.InitializationException;
 public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
 
     /**
-     * The dependency Ecosystem
+     * A descriptor for the type of dependencies processed or added by this analyzer
      */
-     static final String DEPENDENCY_ECOSYSTEM = "CMAKE";
+     public static final String DEPENDENCY_ECOSYSTEM = "CMAKE";
      
     /**
      * The logger.
@@ -154,9 +154,8 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
     @Override
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
-    	    dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
+    	    dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
         final File file = dependency.getActualFile();
-        final String parentName = file.getParentFile().getName();
         final String name = file.getName();
         String contents;
         try {
@@ -217,7 +216,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
             if (count > 1) {
                 //TODO - refactor so we do not assign to the parameter (checkstyle)
                 currentDep = new Dependency(dependency.getActualFile());
-                currentDep.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
+                currentDep.setEcosystem(DEPENDENCY_ECOSYSTEM);
                 final String filePath = String.format("%s:%s", dependency.getFilePath(), product);
                 currentDep.setFilePath(filePath);
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java

@@ -43,6 +43,11 @@ import org.owasp.dependencycheck.utils.Settings;
 @Experimental
 public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
 
+    /**
+     * A descriptor for the type of dependencies processed or added by this analyzer
+     */
+     public static final String DEPENDENCY_ECOSYSTEM = "CocoaPod";
+     
     /**
      * The logger.
      */
@@ -52,11 +57,6 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
      */
     private static final String ANALYZER_NAME = "CocoaPods Package Analyzer";
     
-    /**
-     * The dependency Ecosystem
-     */
-     static final String DEPENDENCY_ECOSYSTEM = "CocoaPod";
-    
     /**
      * The phase that this analyzer is intended to run in.
      */
@@ -127,7 +127,7 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
 
-    		dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
+    		dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
         String contents;
         try {
             contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java

@@ -46,6 +46,11 @@ import java.security.NoSuchAlgorithmException;
 @Experimental
 public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
 
+    /**
+     * A descriptor for the type of dependencies processed or added by this analyzer
+     */
+     public static final String DEPENDENCY_ECOSYSTEM = "Composer";
+	
     /**
      * The logger.
      */
@@ -56,11 +61,6 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
      */
     private static final String ANALYZER_NAME = "Composer.lock analyzer";
     
-    /**
-     * The dependency Ecosystem
-     */
-     static final String DEPENDENCY_ECOSYSTEM = "Composer";
-    
     /**
      * composer.json.
      */
@@ -119,7 +119,7 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
                 d.setName(dep.getProject());
                 d.setVersion(dep.getVersion());
                 
-                d.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
+                d.setEcosystem(DEPENDENCY_ECOSYSTEM);
                 
                 final MessageDigest sha1 = getSha1MessageDigest();
                 d.setFilePath(filePath);

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java

@@ -73,6 +73,10 @@ import org.slf4j.LoggerFactory;
 public class JarAnalyzer extends AbstractFileTypeAnalyzer {
 
     //<editor-fold defaultstate="collapsed" desc="Constants and Member Variables">
+    /**
+     * A descriptor for the type of dependencies processed or added by this analyzer
+     */
+    public static final String DEPENDENCY_ECOSYSTEM = "Java";
     /**
      * The logger.
      */
@@ -157,10 +161,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
      * The name of the analyzer.
      */
     private static final String ANALYZER_NAME = "Jar Analyzer";
-    /**
-     * The dependency ecosystem.
-     */
-    static final String DEPENDENCY_ECOSYSTEM = "Java";
     /**
      * The phase that this analyzer is intended to run in.
      */
@@ -262,7 +262,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
             final boolean hasPOM = analyzePOM(dependency, classNames, engine);
             final boolean addPackagesAsEvidence = !(hasManifest && hasPOM);
             analyzePackageNames(classNames, dependency, addPackagesAsEvidence);
-            dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
+            dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
         } catch (IOException ex) {
             throw new AnalysisException("Exception occurred reading the JAR file (" + dependency.getFileName() + ").", ex);
         }

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java

@@ -50,6 +50,11 @@ import org.owasp.dependencycheck.exception.InitializationException;
 public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
 
     /**
+     * A descriptor for the type of dependencies processed or added by this analyzer
+     */
+    public static final String DEPENDENCY_ECOSYSTEM = "npm";
+    
+	/**
      * The logger.
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(NodePackageAnalyzer.class);
@@ -59,11 +64,6 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
      */
     private static final String ANALYZER_NAME = "Node.js Package Analyzer";
     
-    /**
-     * The dependency ecosystem.
-     */
-    static final String DEPENDENCY_ECOSYSTEM = "npm";
-    
     /**
      * The phase that this analyzer is intended to run in.
      */
@@ -127,7 +127,7 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
 
     @Override
     protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
-        dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
+        dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
     		final File file = dependency.getActualFile();
         if (!file.isFile() || file.length()==0) {
             return;

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java

@@ -57,16 +57,16 @@ import java.util.concurrent.atomic.AtomicInteger;
 @Experimental
 public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
 
+    /**
+     * A descriptor for the type of dependencies processed or added by this analyzer
+     */
+    public static final String DEPENDENCY_ECOSYSTEM = "Python.Dist";
+    
     /**
      * Name of egg metadata files to analyze.
      */
     private static final String PKG_INFO = "PKG-INFO";
 
-    /**
-     * The dependency Ecosystem
-     */
-     static final String DEPENDENCY_ECOSYSTEM = "Python.Dist";
-
     /**
      * Name of wheel metadata files to analyze.
      */
@@ -189,7 +189,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
     	
-    	    dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
+    	    dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
         final File actualFile = dependency.getActualFile();
         if (WHL_FILTER.accept(actualFile)) {
             collectMetadataFromArchiveFormat(dependency, DIST_INFO_FILTER,

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java

@@ -46,6 +46,11 @@ import org.owasp.dependencycheck.exception.InitializationException;
 @Experimental
 public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
 
+	/**
+     * A descriptor for the type of dependencies processed or added by this analyzer
+     */
+    public static final String DEPENDENCY_ECOSYSTEM = "Python.Pkg";
+    
     /**
      * Used when compiling file scanning regex patterns.
      */
@@ -110,11 +115,6 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
      */
     private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
     
-    /**
-     * The dependency Ecosystem
-     */
-     static final String DEPENDENCY_ECOSYSTEM = "Python.Pkg";
-    
     /**
      * Returns the name of the Python Package Analyzer.
      *
@@ -178,7 +178,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
     @Override
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
-        dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
+        dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
     	    final File file = dependency.getActualFile();
         final File parent = file.getParentFile();
         final String parentName = parent.getName();

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzer.java

@@ -49,14 +49,16 @@ import org.owasp.dependencycheck.dependency.Dependency;
 @Experimental
 public class RubyBundlerAnalyzer extends RubyGemspecAnalyzer {
 
+    /**
+     * A descriptor for the type of dependencies processed or added by this analyzer
+     */
+    public static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
+    
     /**
      * The name of the analyzer.
      */
     private static final String ANALYZER_NAME = "Ruby Bundler Analyzer";
-    /**
+
-     * The types of files on which this will work.
-     */
-    static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
     /**
      * Folder name that contains .gemspec files created by "bundle install"
      */
@@ -100,7 +102,7 @@ public class RubyBundlerAnalyzer extends RubyGemspecAnalyzer {
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
         super.analyzeDependency(dependency, engine);
-        dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
+        dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
         //find the corresponding gem folder for this .gemspec stub by "bundle install --deployment"
         final File gemspecFile = dependency.getActualFile();
         final String gemFileName = gemspecFile.getName();

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java

@@ -48,7 +48,12 @@ import org.slf4j.LoggerFactory;
 @Experimental
 public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
 
-    /**
+	/**
+     * A descriptor for the type of dependencies processed or added by this analyzer
+     */
+    public static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
+    
+	/**
      * The logger.
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(RubyGemspecAnalyzer.class);
@@ -56,10 +61,7 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
      * The name of the analyzer.
      */
     private static final String ANALYZER_NAME = "Ruby Gemspec Analyzer";
-    /**
+    
-     * The Dependency's ecosystem.
-     */
-    static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
     /**
      * The phase that this analyzer is intended to run in.
      */
@@ -135,7 +137,7 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
     @Override
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
-    	    dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
+    	    dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
         String contents;
         try {
             contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java

@@ -43,16 +43,16 @@ import org.owasp.dependencycheck.utils.Settings;
 @Experimental
 public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
 
+    /**
+     * A descriptor for the type of dependencies processed or added by this analyzer
+     */
+    public static final String DEPENDENCY_ECOSYSTEM = "Swift.PM";
+    
     /**
      * The name of the analyzer.
      */
     private static final String ANALYZER_NAME = "SWIFT Package Manager Analyzer";
 
-    /**
-     * The dependency Ecosystem
-     */
-    static final String DEPENDENCY_ECOSYSTEM = "Swift.PM";
-
     /**
      * The phase that this analyzer is intended to run in.
      */
@@ -124,7 +124,7 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
 
-    	    dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);   
+    	    dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);   
     	
         String contents;
         try {

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java

@@ -154,9 +154,10 @@ public class Dependency implements Serializable, Comparable<Dependency> {
     private String version;
     
     /**
-     * Defines the ecosystem identifier for this dependency
+     * A descriptor for the type of dependency based on which analyzer added it
+     * or collected evidence about it
      */
-    private String dependencyEcosystem;
+    private String ecosystem;
 
     /**
      * Returns the package path.
@@ -886,16 +887,16 @@ public class Dependency implements Serializable, Comparable<Dependency> {
 	}
 
 	/**
-	 * @return the dependencyEcosystem
+	 * @return the ecosystem
 	 */
-	public String getDependencyEcosystem() {
+	public String getEcosystem() {
-		return dependencyEcosystem;
+		return ecosystem;
 	}
 
 	/**
-	 * @param dependencyEcosystem the dependencyEcosystem to set
+	 * @param ecosystem the ecosystem to set
 	 */
-	public void setDependencyEcosystem(String dependencyEcosystem) {
+	public void setEcosystem(String ecosystem) {
-		this.dependencyEcosystem = dependencyEcosystem;
+		this.ecosystem = ecosystem;
 	}
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java

@@ -148,7 +148,7 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
     		assertEquals(product,result.getName());
     	    assertTrue("Expected product evidence to contain \"" + product + "\".",
                 result.getProductEvidence().toString().contains(product));
-        assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
+        assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
     }
 
     /**

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java

@@ -130,7 +130,7 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {
         assertEquals("classpreloader",d.getName());
         assertEquals("2.0.0",d.getVersion());
         assertThat(d.getDisplayFileName(),equalTo("classpreloader:2.0.0"));
-        assertEquals(ComposerLockAnalyzer.DEPENDENCY_ECOSYSTEM,d.getDependencyEcosystem());
+        assertEquals(ComposerLockAnalyzer.DEPENDENCY_ECOSYSTEM,d.getEcosystem());
     }
     
 

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java

@@ -58,7 +58,7 @@ public class JarAnalyzerTest extends BaseTest {
         file = BaseTest.getResourceAsFile(this, "dwr.jar");
         result = new Dependency(file);
         instance.analyze(result, null);
-        assertEquals(JarAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
+        assertEquals(JarAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
         boolean found = false;
         for (Evidence e : result.getVendorEvidence()) {
             if (e.getName().equals("url")) {

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java

@@ -96,7 +96,7 @@ public class NodePackageAnalyzerTest extends BaseTest {
         assertThat(vendorString, containsString("dns-sync_project"));
         assertThat(result.getProductEvidence().toString(), containsString("dns-sync"));
         assertThat(result.getVersionEvidence().toString(), containsString("0.1.0"));
-        assertEquals(NodePackageAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
+        assertEquals(NodePackageAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
         assertEquals("dns-sync",result.getName());
         assertEquals("0.1.0",result.getVersion());
     }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java

@@ -133,7 +133,7 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
         assertEquals("1.7.2",result.getVersion());
         assertEquals("Django",result.getName());
         assertEquals("Django:1.7.2",result.getDisplayFileName());
-        assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
+        assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
     }
 
     @Test
@@ -189,6 +189,6 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
         assertEquals("0.0.1",result.getVersion());
         assertEquals("EggTest",result.getName());
         assertEquals("EggTest:0.0.1",result.getDisplayFileName());
-        assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
+        assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
     }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java

@@ -101,7 +101,7 @@ public class PythonPackageAnalyzerTest extends BaseTest {
         assertEquals("0.0.1",result.getVersion());
         assertEquals("eggtest",result.getName());
         assertEquals("eggtest:0.0.1",result.getDisplayFileName());
-        assertEquals(PythonPackageAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
+        assertEquals(PythonPackageAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
     }
 
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzerTest.java

@@ -105,7 +105,7 @@ public class RubyBundlerAnalyzerTest extends BaseTest {
         assertThat(result.getProductEvidence().toString(), containsString("High performance memcached client for Ruby"));
         assertThat(result.getVersionEvidence().toString(), containsString("2.7.5"));
         assertEquals("2.7.5",result.getVersion());
-        assertEquals(RubyBundlerAnalyzer.DEPENDENCY_ECOSYSTEM, result.getDependencyEcosystem());
+        assertEquals(RubyBundlerAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem());
         assertEquals("dalli:2.7.5",result.getDisplayFileName());
         
     }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java

@@ -94,7 +94,7 @@ public class RubyGemspecAnalyzerTest extends BaseTest {
                 "ruby/vulnerable/gems/specifications/rest-client-1.7.2.gemspec"));
         analyzer.analyze(result, null);
         final String vendorString = result.getVendorEvidence().toString();
-        assertEquals(RubyGemspecAnalyzer.DEPENDENCY_ECOSYSTEM, result.getDependencyEcosystem());
+        assertEquals(RubyGemspecAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem());
         assertThat(vendorString, containsString("REST Client Team"));
         assertThat(vendorString, containsString("rest-client_project"));
         assertThat(vendorString, containsString("rest.client@librelist.com"));
@@ -118,7 +118,7 @@ public class RubyGemspecAnalyzerTest extends BaseTest {
                 "ruby/vulnerable/gems/rails-4.1.15/vendor/bundle/ruby/2.2.0/gems/pg-0.18.4/Rakefile"));
         analyzer.analyze(result, null);
         assertTrue(result.getEvidence().size()>0);
-        assertEquals(RubyGemspecAnalyzer.DEPENDENCY_ECOSYSTEM, result.getDependencyEcosystem());
+        assertEquals(RubyGemspecAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem());
         assertEquals("pg",result.getName());
         assertEquals("0.18.4",result.getVersion());
         assertEquals("pg:0.18.4",result.getDisplayFileName());

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/SwiftAnalyzersTest.java

@@ -109,7 +109,7 @@ public class SwiftAnalyzersTest extends BaseTest {
         assertThat(result.getName(),equalTo("EasyPeasy"));
         assertThat(result.getVersion(),equalTo("0.2.3"));
         assertThat(result.getDisplayFileName(),equalTo("EasyPeasy:0.2.3"));
-        assertThat(result.getDependencyEcosystem(),equalTo(CocoaPodsAnalyzer.DEPENDENCY_ECOSYSTEM));
+        assertThat(result.getEcosystem(),equalTo(CocoaPodsAnalyzer.DEPENDENCY_ECOSYSTEM));
     }
 
     /**
@@ -128,6 +128,6 @@ public class SwiftAnalyzersTest extends BaseTest {
         //TODO: when version processing is added, update the expected name.
         assertThat(result.getDisplayFileName(),equalTo("Gloss"));
         
-        assertThat(result.getDependencyEcosystem(),equalTo(SwiftPackageManagerAnalyzer.DEPENDENCY_ECOSYSTEM));
+        assertThat(result.getEcosystem(),equalTo(SwiftPackageManagerAnalyzer.DEPENDENCY_ECOSYSTEM));
     }
 }