github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-04-29 19:58:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

version 1.4.3 documentation

Browse Source
This commit is contained in:
Jeremy Long
2016-09-06 08:48:40 -04:00
parent 44917ad0d3
commit e1a447f722
1225 changed files with 44138 additions and 39411 deletions
Download Patch File Download Diff File Expand all files Collapse all files

456
xref/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.html
View File

@@ -365,230 +365,238 @@
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractFiles(File archive, File destination, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="L359" href="#L359">359</a> <strong class="jxr_keyword">if</strong> (archive != <strong class="jxr_keyword">null</strong> &amp;&amp; destination != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L360" href="#L360">360</a> FileInputStream fis;
<a class="jxr_linenumber" name="L361" href="#L361">361</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L362" href="#L362">362</a> fis = <strong class="jxr_keyword">new</strong> FileInputStream(archive);
<a class="jxr_linenumber" name="L363" href="#L363">363</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
<a class="jxr_linenumber" name="L364" href="#L364">364</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L365" href="#L365">365</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Archive file was not found."</span>, ex);
<a class="jxr_linenumber" name="L366" href="#L366">366</a> }
<a class="jxr_linenumber" name="L367" href="#L367">367</a> <strong class="jxr_keyword">final</strong> String archiveExt = FileUtils.getFileExtension(archive.getName()).toLowerCase();
<a class="jxr_linenumber" name="L368" href="#L368">368</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L369" href="#L369">369</a> <strong class="jxr_keyword">if</strong> (ZIPPABLES.contains(archiveExt)) {
<a class="jxr_linenumber" name="L370" href="#L370">370</a> <strong class="jxr_keyword">final</strong> BufferedInputStream in = <strong class="jxr_keyword">new</strong> BufferedInputStream(fis);
<a class="jxr_linenumber" name="L371" href="#L371">371</a> ensureReadableJar(archiveExt, in);
<a class="jxr_linenumber" name="L372" href="#L372">372</a> extractArchive(<strong class="jxr_keyword">new</strong> ZipArchiveInputStream(in), destination, engine);
<a class="jxr_linenumber" name="L373" href="#L373">373</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"tar"</span>.equals(archiveExt)) {
<a class="jxr_linenumber" name="L374" href="#L374">374</a> extractArchive(<strong class="jxr_keyword">new</strong> TarArchiveInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), destination, engine);
<a class="jxr_linenumber" name="L375" href="#L375">375</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"gz"</span>.equals(archiveExt) || <span class="jxr_string">"tgz"</span>.equals(archiveExt)) {
<a class="jxr_linenumber" name="L376" href="#L376">376</a> <strong class="jxr_keyword">final</strong> String uncompressedName = GzipUtils.getUncompressedFilename(archive.getName());
<a class="jxr_linenumber" name="L377" href="#L377">377</a> <strong class="jxr_keyword">final</strong> File f = <strong class="jxr_keyword">new</strong> File(destination, uncompressedName);
<a class="jxr_linenumber" name="L378" href="#L378">378</a> <strong class="jxr_keyword">if</strong> (engine.accept(f)) {
<a class="jxr_linenumber" name="L379" href="#L379">379</a> decompressFile(<strong class="jxr_keyword">new</strong> GzipCompressorInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), f);
<a class="jxr_linenumber" name="L380" href="#L380">380</a> }
<a class="jxr_linenumber" name="L381" href="#L381">381</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"bz2"</span>.equals(archiveExt) || <span class="jxr_string">"tbz2"</span>.equals(archiveExt)) {
<a class="jxr_linenumber" name="L382" href="#L382">382</a> <strong class="jxr_keyword">final</strong> String uncompressedName = BZip2Utils.getUncompressedFilename(archive.getName());
<a class="jxr_linenumber" name="L383" href="#L383">383</a> <strong class="jxr_keyword">final</strong> File f = <strong class="jxr_keyword">new</strong> File(destination, uncompressedName);
<a class="jxr_linenumber" name="L384" href="#L384">384</a> <strong class="jxr_keyword">if</strong> (engine.accept(f)) {
<a class="jxr_linenumber" name="L385" href="#L385">385</a> decompressFile(<strong class="jxr_keyword">new</strong> BZip2CompressorInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), f);
<a class="jxr_linenumber" name="L386" href="#L386">386</a> }
<a class="jxr_linenumber" name="L387" href="#L387">387</a> }
<a class="jxr_linenumber" name="L388" href="#L388">388</a> } <strong class="jxr_keyword">catch</strong> (ArchiveExtractionException ex) {
<a class="jxr_linenumber" name="L389" href="#L389">389</a> LOGGER.warn(<span class="jxr_string">"Exception extracting archive '{}'."</span>, archive.getName());
<a class="jxr_linenumber" name="L390" href="#L390">390</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L391" href="#L391">391</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L392" href="#L392">392</a> LOGGER.warn(<span class="jxr_string">"Exception reading archive '{}'."</span>, archive.getName());
<a class="jxr_linenumber" name="L393" href="#L393">393</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L394" href="#L394">394</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L395" href="#L395">395</a> close(fis);
<a class="jxr_linenumber" name="L396" href="#L396">396</a> }
<a class="jxr_linenumber" name="L397" href="#L397">397</a> }
<a class="jxr_linenumber" name="L398" href="#L398">398</a> }
<a class="jxr_linenumber" name="L399" href="#L399">399</a>
<a class="jxr_linenumber" name="L400" href="#L400">400</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L401" href="#L401">401</a> <em class="jxr_javadoccomment"> * Checks if the file being scanned is a JAR that begins with '#!/bin' which</em>
<a class="jxr_linenumber" name="L402" href="#L402">402</a> <em class="jxr_javadoccomment"> * indicates it is a fully executable jar. If a fully executable JAR is</em>
<a class="jxr_linenumber" name="L403" href="#L403">403</a> <em class="jxr_javadoccomment"> * identified the input stream will be advanced to the start of the actual</em>
<a class="jxr_linenumber" name="L404" href="#L404">404</a> <em class="jxr_javadoccomment"> * JAR file ( skipping the script).</em>
<a class="jxr_linenumber" name="L405" href="#L405">405</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L406" href="#L406">406</a> <em class="jxr_javadoccomment"> * @see</em>
<a class="jxr_linenumber" name="L407" href="#L407">407</a> <em class="jxr_javadoccomment"> * &lt;a href="<a href="http://docs.spring.io/spring-boot/docs/1.3.0.BUILD-SNAPSHOT/reference/htmlsingle/" target="alexandria_uri">http://docs.spring.io/spring-boot/docs/1.3.0.BUILD-SNAPSHOT/reference/htmlsingle/</a>#deployment-install"&gt;Installing</em>
<a class="jxr_linenumber" name="L408" href="#L408">408</a> <em class="jxr_javadoccomment"> * Spring Boot Applications&lt;/a&gt;</em>
<a class="jxr_linenumber" name="L409" href="#L409">409</a> <em class="jxr_javadoccomment"> * @param archiveExt the file extension</em>
<a class="jxr_linenumber" name="L410" href="#L410">410</a> <em class="jxr_javadoccomment"> * @param in the input stream</em>
<a class="jxr_linenumber" name="L411" href="#L411">411</a> <em class="jxr_javadoccomment"> * @throws IOException thrown if there is an error reading the stream</em>
<a class="jxr_linenumber" name="L412" href="#L412">412</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L413" href="#L413">413</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> ensureReadableJar(<strong class="jxr_keyword">final</strong> String archiveExt, BufferedInputStream in) <strong class="jxr_keyword">throws</strong> IOException {
<a class="jxr_linenumber" name="L414" href="#L414">414</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"jar"</span>.equals(archiveExt) &amp;&amp; in.markSupported()) {
<a class="jxr_linenumber" name="L415" href="#L415">415</a> in.mark(7);
<a class="jxr_linenumber" name="L416" href="#L416">416</a> <strong class="jxr_keyword">final</strong> byte[] b = <strong class="jxr_keyword">new</strong> byte[7];
<a class="jxr_linenumber" name="L417" href="#L417">417</a> in.read(b);
<a class="jxr_linenumber" name="L418" href="#L418">418</a> <strong class="jxr_keyword">if</strong> (b[0] == '#'
<a class="jxr_linenumber" name="L419" href="#L419">419</a> &amp;&amp; b[1] == '!'
<a class="jxr_linenumber" name="L420" href="#L420">420</a> &amp;&amp; b[2] == '/'
<a class="jxr_linenumber" name="L421" href="#L421">421</a> &amp;&amp; b[3] == 'b'
<a class="jxr_linenumber" name="L422" href="#L422">422</a> &amp;&amp; b[4] == 'i'
<a class="jxr_linenumber" name="L423" href="#L423">423</a> &amp;&amp; b[5] == 'n'
<a class="jxr_linenumber" name="L424" href="#L424">424</a> &amp;&amp; b[6] == '/') {
<a class="jxr_linenumber" name="L425" href="#L425">425</a> <strong class="jxr_keyword">boolean</strong> stillLooking = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L426" href="#L426">426</a> <strong class="jxr_keyword">int</strong> chr, nxtChr;
<a class="jxr_linenumber" name="L427" href="#L427">427</a> <strong class="jxr_keyword">while</strong> (stillLooking &amp;&amp; (chr = in.read()) != -1) {
<a class="jxr_linenumber" name="L428" href="#L428">428</a> <strong class="jxr_keyword">if</strong> (chr == '\n' || chr == '\r') {
<a class="jxr_linenumber" name="L429" href="#L429">429</a> in.mark(4);
<a class="jxr_linenumber" name="L430" href="#L430">430</a> <strong class="jxr_keyword">if</strong> ((chr = in.read()) != -1) {
<a class="jxr_linenumber" name="L431" href="#L431">431</a> <strong class="jxr_keyword">if</strong> (chr == 'P' &amp;&amp; (chr = in.read()) != -1) {
<a class="jxr_linenumber" name="L432" href="#L432">432</a> <strong class="jxr_keyword">if</strong> (chr == 'K' &amp;&amp; (chr = in.read()) != -1) {
<a class="jxr_linenumber" name="L433" href="#L433">433</a> <strong class="jxr_keyword">if</strong> ((chr == 3 || chr == 5 || chr == 7) &amp;&amp; (nxtChr = in.read()) != -1) {
<a class="jxr_linenumber" name="L434" href="#L434">434</a> <strong class="jxr_keyword">if</strong> (nxtChr == chr + 1) {
<a class="jxr_linenumber" name="L435" href="#L435">435</a> stillLooking = false;
<a class="jxr_linenumber" name="L436" href="#L436">436</a> in.reset();
<a class="jxr_linenumber" name="L437" href="#L437">437</a> }
<a class="jxr_linenumber" name="L438" href="#L438">438</a> }
<a class="jxr_linenumber" name="L439" href="#L439">439</a> }
<a class="jxr_linenumber" name="L440" href="#L440">440</a> }
<a class="jxr_linenumber" name="L441" href="#L441">441</a> }
<a class="jxr_linenumber" name="L442" href="#L442">442</a> }
<a class="jxr_linenumber" name="L443" href="#L443">443</a> }
<a class="jxr_linenumber" name="L444" href="#L444">444</a> }
<a class="jxr_linenumber" name="L445" href="#L445">445</a> }
<a class="jxr_linenumber" name="L446" href="#L446">446</a> }
<a class="jxr_linenumber" name="L447" href="#L447">447</a>
<a class="jxr_linenumber" name="L448" href="#L448">448</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L449" href="#L449">449</a> <em class="jxr_javadoccomment"> * Extracts files from an archive.</em>
<a class="jxr_linenumber" name="L450" href="#L450">450</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L451" href="#L451">451</a> <em class="jxr_javadoccomment"> * @param input the archive to extract files from</em>
<a class="jxr_linenumber" name="L452" href="#L452">452</a> <em class="jxr_javadoccomment"> * @param destination the location to write the files too</em>
<a class="jxr_linenumber" name="L453" href="#L453">453</a> <em class="jxr_javadoccomment"> * @param engine the dependency-check engine</em>
<a class="jxr_linenumber" name="L454" href="#L454">454</a> <em class="jxr_javadoccomment"> * @throws ArchiveExtractionException thrown if there is an exception</em>
<a class="jxr_linenumber" name="L455" href="#L455">455</a> <em class="jxr_javadoccomment"> * extracting files from the archive</em>
<a class="jxr_linenumber" name="L456" href="#L456">456</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L457" href="#L457">457</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractArchive(ArchiveInputStream input, File destination, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> ArchiveExtractionException {
<a class="jxr_linenumber" name="L458" href="#L458">458</a> ArchiveEntry entry;
<a class="jxr_linenumber" name="L459" href="#L459">459</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L460" href="#L460">460</a> <strong class="jxr_keyword">while</strong> ((entry = input.getNextEntry()) != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L461" href="#L461">461</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(destination, entry.getName());
<a class="jxr_linenumber" name="L462" href="#L462">462</a> <strong class="jxr_keyword">if</strong> (entry.isDirectory()) {
<a class="jxr_linenumber" name="L463" href="#L463">463</a> <strong class="jxr_keyword">if</strong> (!file.exists() &amp;&amp; !file.mkdirs()) {
<a class="jxr_linenumber" name="L464" href="#L464">464</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to create directory '%s'."</span>, file.getAbsolutePath());
<a class="jxr_linenumber" name="L465" href="#L465">465</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
<a class="jxr_linenumber" name="L466" href="#L466">466</a> }
<a class="jxr_linenumber" name="L467" href="#L467">467</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (engine.accept(file)) {
<a class="jxr_linenumber" name="L468" href="#L468">468</a> extractAcceptedFile(input, file);
<a class="jxr_linenumber" name="L469" href="#L469">469</a> }
<a class="jxr_linenumber" name="L470" href="#L470">470</a> }
<a class="jxr_linenumber" name="L471" href="#L471">471</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
<a class="jxr_linenumber" name="L472" href="#L472">472</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
<a class="jxr_linenumber" name="L473" href="#L473">473</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L474" href="#L474">474</a> close(input);
<a class="jxr_linenumber" name="L475" href="#L475">475</a> }
<a class="jxr_linenumber" name="L476" href="#L476">476</a> }
<a class="jxr_linenumber" name="L477" href="#L477">477</a>
<a class="jxr_linenumber" name="L478" href="#L478">478</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L479" href="#L479">479</a> <em class="jxr_javadoccomment"> * Extracts a file from an archive.</em>
<a class="jxr_linenumber" name="L480" href="#L480">480</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L481" href="#L481">481</a> <em class="jxr_javadoccomment"> * @param input the archives input stream</em>
<a class="jxr_linenumber" name="L482" href="#L482">482</a> <em class="jxr_javadoccomment"> * @param file the file to extract</em>
<a class="jxr_linenumber" name="L483" href="#L483">483</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an error</em>
<a class="jxr_linenumber" name="L484" href="#L484">484</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L485" href="#L485">485</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> extractAcceptedFile(ArchiveInputStream input, File file) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="L486" href="#L486">486</a> LOGGER.debug(<span class="jxr_string">"Extracting '{}'"</span>, file.getPath());
<a class="jxr_linenumber" name="L487" href="#L487">487</a> FileOutputStream fos = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L488" href="#L488">488</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L489" href="#L489">489</a> <strong class="jxr_keyword">final</strong> File parent = file.getParentFile();
<a class="jxr_linenumber" name="L490" href="#L490">490</a> <strong class="jxr_keyword">if</strong> (!parent.isDirectory() &amp;&amp; !parent.mkdirs()) {
<a class="jxr_linenumber" name="L491" href="#L491">491</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to build directory '%s'."</span>, parent.getAbsolutePath());
<a class="jxr_linenumber" name="L492" href="#L492">492</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
<a class="jxr_linenumber" name="L493" href="#L493">493</a> }
<a class="jxr_linenumber" name="L494" href="#L494">494</a> fos = <strong class="jxr_keyword">new</strong> FileOutputStream(file);
<a class="jxr_linenumber" name="L495" href="#L495">495</a> IOUtils.copy(input, fos);
<a class="jxr_linenumber" name="L496" href="#L496">496</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
<a class="jxr_linenumber" name="L497" href="#L497">497</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L498" href="#L498">498</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to find file '%s'."</span>, file.getName());
<a class="jxr_linenumber" name="L499" href="#L499">499</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg, ex);
<a class="jxr_linenumber" name="L500" href="#L500">500</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L501" href="#L501">501</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L502" href="#L502">502</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"IO Exception while parsing file '%s'."</span>, file.getName());
<a class="jxr_linenumber" name="L503" href="#L503">503</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg, ex);
<a class="jxr_linenumber" name="L504" href="#L504">504</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L505" href="#L505">505</a> close(fos);
<a class="jxr_linenumber" name="L506" href="#L506">506</a> }
<a class="jxr_linenumber" name="L507" href="#L507">507</a> }
<a class="jxr_linenumber" name="L508" href="#L508">508</a>
<a class="jxr_linenumber" name="L509" href="#L509">509</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L510" href="#L510">510</a> <em class="jxr_javadoccomment"> * Decompresses a file.</em>
<a class="jxr_linenumber" name="L511" href="#L511">511</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L512" href="#L512">512</a> <em class="jxr_javadoccomment"> * @param inputStream the compressed file</em>
<a class="jxr_linenumber" name="L513" href="#L513">513</a> <em class="jxr_javadoccomment"> * @param outputFile the location to write the decompressed file</em>
<a class="jxr_linenumber" name="L514" href="#L514">514</a> <em class="jxr_javadoccomment"> * @throws ArchiveExtractionException thrown if there is an exception</em>
<a class="jxr_linenumber" name="L515" href="#L515">515</a> <em class="jxr_javadoccomment"> * decompressing the file</em>
<a class="jxr_linenumber" name="L516" href="#L516">516</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L517" href="#L517">517</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> decompressFile(CompressorInputStream inputStream, File outputFile) <strong class="jxr_keyword">throws</strong> ArchiveExtractionException {
<a class="jxr_linenumber" name="L518" href="#L518">518</a> LOGGER.debug(<span class="jxr_string">"Decompressing '{}'"</span>, outputFile.getPath());
<a class="jxr_linenumber" name="L519" href="#L519">519</a> FileOutputStream out = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L520" href="#L520">520</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L521" href="#L521">521</a> out = <strong class="jxr_keyword">new</strong> FileOutputStream(outputFile);
<a class="jxr_linenumber" name="L522" href="#L522">522</a> IOUtils.copy(inputStream, out);
<a class="jxr_linenumber" name="L523" href="#L523">523</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
<a class="jxr_linenumber" name="L524" href="#L524">524</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L525" href="#L525">525</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
<a class="jxr_linenumber" name="L526" href="#L526">526</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L527" href="#L527">527</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L528" href="#L528">528</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
<a class="jxr_linenumber" name="L529" href="#L529">529</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L530" href="#L530">530</a> close(out);
<a class="jxr_linenumber" name="L531" href="#L531">531</a> }
<a class="jxr_linenumber" name="L532" href="#L532">532</a> }
<a class="jxr_linenumber" name="L533" href="#L533">533</a>
<a class="jxr_linenumber" name="L534" href="#L534">534</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L535" href="#L535">535</a> <em class="jxr_javadoccomment"> * Close the given {@link Closeable} instance, ignoring nulls, and logging</em>
<a class="jxr_linenumber" name="L536" href="#L536">536</a> <em class="jxr_javadoccomment"> * any thrown {@link IOException}.</em>
<a class="jxr_linenumber" name="L537" href="#L537">537</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L538" href="#L538">538</a> <em class="jxr_javadoccomment"> * @param closeable to be closed</em>
<a class="jxr_linenumber" name="L539" href="#L539">539</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L540" href="#L540">540</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> close(Closeable closeable) {
<a class="jxr_linenumber" name="L541" href="#L541">541</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != closeable) {
<a class="jxr_linenumber" name="L542" href="#L542">542</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L543" href="#L543">543</a> closeable.close();
<a class="jxr_linenumber" name="L544" href="#L544">544</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L545" href="#L545">545</a> LOGGER.trace(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L546" href="#L546">546</a> }
<a class="jxr_linenumber" name="L547" href="#L547">547</a> }
<a class="jxr_linenumber" name="L548" href="#L548">548</a> }
<a class="jxr_linenumber" name="L549" href="#L549">549</a>
<a class="jxr_linenumber" name="L550" href="#L550">550</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L551" href="#L551">551</a> <em class="jxr_javadoccomment"> * Attempts to determine if a zip file is actually a JAR file.</em>
<a class="jxr_linenumber" name="L552" href="#L552">552</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L553" href="#L553">553</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to check</em>
<a class="jxr_linenumber" name="L554" href="#L554">554</a> <em class="jxr_javadoccomment"> * @return true if the dependency appears to be a JAR file; otherwise false</em>
<a class="jxr_linenumber" name="L555" href="#L555">555</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L556" href="#L556">556</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isZipFileActuallyJarFile(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
<a class="jxr_linenumber" name="L557" href="#L557">557</a> <strong class="jxr_keyword">boolean</strong> isJar = false;
<a class="jxr_linenumber" name="L558" href="#L558">558</a> ZipFile zip = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L559" href="#L559">559</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L560" href="#L560">560</a> zip = <strong class="jxr_keyword">new</strong> ZipFile(dependency.getActualFilePath());
<a class="jxr_linenumber" name="L561" href="#L561">561</a> <strong class="jxr_keyword">if</strong> (zip.getEntry(<span class="jxr_string">"META-INF/MANIFEST.MF"</span>) != <strong class="jxr_keyword">null</strong>
<a class="jxr_linenumber" name="L562" href="#L562">562</a> || zip.getEntry(<span class="jxr_string">"META-INF/maven"</span>) != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L563" href="#L563">563</a> <strong class="jxr_keyword">final</strong> Enumeration&lt;ZipArchiveEntry&gt; entries = zip.getEntries();
<a class="jxr_linenumber" name="L564" href="#L564">564</a> <strong class="jxr_keyword">while</strong> (entries.hasMoreElements()) {
<a class="jxr_linenumber" name="L565" href="#L565">565</a> <strong class="jxr_keyword">final</strong> ZipArchiveEntry entry = entries.nextElement();
<a class="jxr_linenumber" name="L566" href="#L566">566</a> <strong class="jxr_keyword">if</strong> (!entry.isDirectory()) {
<a class="jxr_linenumber" name="L567" href="#L567">567</a> <strong class="jxr_keyword">final</strong> String name = entry.getName().toLowerCase();
<a class="jxr_linenumber" name="L568" href="#L568">568</a> <strong class="jxr_keyword">if</strong> (name.endsWith(<span class="jxr_string">".class"</span>)) {
<a class="jxr_linenumber" name="L569" href="#L569">569</a> isJar = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L570" href="#L570">570</a> <strong class="jxr_keyword">break</strong>;
<a class="jxr_linenumber" name="L571" href="#L571">571</a> }
<a class="jxr_linenumber" name="L572" href="#L572">572</a> }
<a class="jxr_linenumber" name="L573" href="#L573">573</a> }
<a class="jxr_linenumber" name="L574" href="#L574">574</a> }
<a class="jxr_linenumber" name="L575" href="#L575">575</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L576" href="#L576">576</a> LOGGER.debug(<span class="jxr_string">"Unable to unzip zip file '{}'"</span>, dependency.getFilePath(), ex);
<a class="jxr_linenumber" name="L577" href="#L577">577</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L578" href="#L578">578</a> ZipFile.closeQuietly(zip);
<a class="jxr_linenumber" name="L579" href="#L579">579</a> }
<a class="jxr_linenumber" name="L580" href="#L580">580</a>
<a class="jxr_linenumber" name="L581" href="#L581">581</a> <strong class="jxr_keyword">return</strong> isJar;
<a class="jxr_linenumber" name="L582" href="#L582">582</a> }
<a class="jxr_linenumber" name="L583" href="#L583">583</a> }
<a class="jxr_linenumber" name="L360" href="#L360">360</a> String archiveExt = FileUtils.getFileExtension(archive.getName());
<a class="jxr_linenumber" name="L361" href="#L361">361</a> <strong class="jxr_keyword">if</strong> (archiveExt == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L362" href="#L362">362</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L363" href="#L363">363</a> }
<a class="jxr_linenumber" name="L364" href="#L364">364</a> archiveExt = archiveExt.toLowerCase();
<a class="jxr_linenumber" name="L365" href="#L365">365</a>
<a class="jxr_linenumber" name="L366" href="#L366">366</a> FileInputStream fis;
<a class="jxr_linenumber" name="L367" href="#L367">367</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L368" href="#L368">368</a> fis = <strong class="jxr_keyword">new</strong> FileInputStream(archive);
<a class="jxr_linenumber" name="L369" href="#L369">369</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
<a class="jxr_linenumber" name="L370" href="#L370">370</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L371" href="#L371">371</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Archive file was not found."</span>, ex);
<a class="jxr_linenumber" name="L372" href="#L372">372</a> }
<a class="jxr_linenumber" name="L373" href="#L373">373</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L374" href="#L374">374</a> <strong class="jxr_keyword">if</strong> (ZIPPABLES.contains(archiveExt)) {
<a class="jxr_linenumber" name="L375" href="#L375">375</a> <strong class="jxr_keyword">final</strong> BufferedInputStream in = <strong class="jxr_keyword">new</strong> BufferedInputStream(fis);
<a class="jxr_linenumber" name="L376" href="#L376">376</a> ensureReadableJar(archiveExt, in);
<a class="jxr_linenumber" name="L377" href="#L377">377</a> extractArchive(<strong class="jxr_keyword">new</strong> ZipArchiveInputStream(in), destination, engine);
<a class="jxr_linenumber" name="L378" href="#L378">378</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"tar"</span>.equals(archiveExt)) {
<a class="jxr_linenumber" name="L379" href="#L379">379</a> extractArchive(<strong class="jxr_keyword">new</strong> TarArchiveInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), destination, engine);
<a class="jxr_linenumber" name="L380" href="#L380">380</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"gz"</span>.equals(archiveExt) || <span class="jxr_string">"tgz"</span>.equals(archiveExt)) {
<a class="jxr_linenumber" name="L381" href="#L381">381</a> <strong class="jxr_keyword">final</strong> String uncompressedName = GzipUtils.getUncompressedFilename(archive.getName());
<a class="jxr_linenumber" name="L382" href="#L382">382</a> <strong class="jxr_keyword">final</strong> File f = <strong class="jxr_keyword">new</strong> File(destination, uncompressedName);
<a class="jxr_linenumber" name="L383" href="#L383">383</a> <strong class="jxr_keyword">if</strong> (engine.accept(f)) {
<a class="jxr_linenumber" name="L384" href="#L384">384</a> decompressFile(<strong class="jxr_keyword">new</strong> GzipCompressorInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), f);
<a class="jxr_linenumber" name="L385" href="#L385">385</a> }
<a class="jxr_linenumber" name="L386" href="#L386">386</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"bz2"</span>.equals(archiveExt) || <span class="jxr_string">"tbz2"</span>.equals(archiveExt)) {
<a class="jxr_linenumber" name="L387" href="#L387">387</a> <strong class="jxr_keyword">final</strong> String uncompressedName = BZip2Utils.getUncompressedFilename(archive.getName());
<a class="jxr_linenumber" name="L388" href="#L388">388</a> <strong class="jxr_keyword">final</strong> File f = <strong class="jxr_keyword">new</strong> File(destination, uncompressedName);
<a class="jxr_linenumber" name="L389" href="#L389">389</a> <strong class="jxr_keyword">if</strong> (engine.accept(f)) {
<a class="jxr_linenumber" name="L390" href="#L390">390</a> decompressFile(<strong class="jxr_keyword">new</strong> BZip2CompressorInputStream(<strong class="jxr_keyword">new</strong> BufferedInputStream(fis)), f);
<a class="jxr_linenumber" name="L391" href="#L391">391</a> }
<a class="jxr_linenumber" name="L392" href="#L392">392</a> }
<a class="jxr_linenumber" name="L393" href="#L393">393</a> } <strong class="jxr_keyword">catch</strong> (ArchiveExtractionException ex) {
<a class="jxr_linenumber" name="L394" href="#L394">394</a> LOGGER.warn(<span class="jxr_string">"Exception extracting archive '{}'."</span>, archive.getName());
<a class="jxr_linenumber" name="L395" href="#L395">395</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L396" href="#L396">396</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L397" href="#L397">397</a> LOGGER.warn(<span class="jxr_string">"Exception reading archive '{}'."</span>, archive.getName());
<a class="jxr_linenumber" name="L398" href="#L398">398</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L399" href="#L399">399</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L400" href="#L400">400</a> close(fis);
<a class="jxr_linenumber" name="L401" href="#L401">401</a> }
<a class="jxr_linenumber" name="L402" href="#L402">402</a> }
<a class="jxr_linenumber" name="L403" href="#L403">403</a> }
<a class="jxr_linenumber" name="L404" href="#L404">404</a>
<a class="jxr_linenumber" name="L405" href="#L405">405</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L406" href="#L406">406</a> <em class="jxr_javadoccomment"> * Checks if the file being scanned is a JAR that begins with '#!/bin' which</em>
<a class="jxr_linenumber" name="L407" href="#L407">407</a> <em class="jxr_javadoccomment"> * indicates it is a fully executable jar. If a fully executable JAR is</em>
<a class="jxr_linenumber" name="L408" href="#L408">408</a> <em class="jxr_javadoccomment"> * identified the input stream will be advanced to the start of the actual</em>
<a class="jxr_linenumber" name="L409" href="#L409">409</a> <em class="jxr_javadoccomment"> * JAR file ( skipping the script).</em>
<a class="jxr_linenumber" name="L410" href="#L410">410</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L411" href="#L411">411</a> <em class="jxr_javadoccomment"> * @see</em>
<a class="jxr_linenumber" name="L412" href="#L412">412</a> <em class="jxr_javadoccomment"> * &lt;a href="<a href="http://docs.spring.io/spring-boot/docs/1.3.0.BUILD-SNAPSHOT/reference/htmlsingle/" target="alexandria_uri">http://docs.spring.io/spring-boot/docs/1.3.0.BUILD-SNAPSHOT/reference/htmlsingle/</a>#deployment-install"&gt;Installing</em>
<a class="jxr_linenumber" name="L413" href="#L413">413</a> <em class="jxr_javadoccomment"> * Spring Boot Applications&lt;/a&gt;</em>
<a class="jxr_linenumber" name="L414" href="#L414">414</a> <em class="jxr_javadoccomment"> * @param archiveExt the file extension</em>
<a class="jxr_linenumber" name="L415" href="#L415">415</a> <em class="jxr_javadoccomment"> * @param in the input stream</em>
<a class="jxr_linenumber" name="L416" href="#L416">416</a> <em class="jxr_javadoccomment"> * @throws IOException thrown if there is an error reading the stream</em>
<a class="jxr_linenumber" name="L417" href="#L417">417</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L418" href="#L418">418</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> ensureReadableJar(<strong class="jxr_keyword">final</strong> String archiveExt, BufferedInputStream in) <strong class="jxr_keyword">throws</strong> IOException {
<a class="jxr_linenumber" name="L419" href="#L419">419</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"jar"</span>.equals(archiveExt) &amp;&amp; in.markSupported()) {
<a class="jxr_linenumber" name="L420" href="#L420">420</a> in.mark(7);
<a class="jxr_linenumber" name="L421" href="#L421">421</a> <strong class="jxr_keyword">final</strong> byte[] b = <strong class="jxr_keyword">new</strong> byte[7];
<a class="jxr_linenumber" name="L422" href="#L422">422</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> read = in.read(b);
<a class="jxr_linenumber" name="L423" href="#L423">423</a> <strong class="jxr_keyword">if</strong> (read == 7
<a class="jxr_linenumber" name="L424" href="#L424">424</a> &amp;&amp; b[0] == '#'
<a class="jxr_linenumber" name="L425" href="#L425">425</a> &amp;&amp; b[1] == '!'
<a class="jxr_linenumber" name="L426" href="#L426">426</a> &amp;&amp; b[2] == '/'
<a class="jxr_linenumber" name="L427" href="#L427">427</a> &amp;&amp; b[3] == 'b'
<a class="jxr_linenumber" name="L428" href="#L428">428</a> &amp;&amp; b[4] == 'i'
<a class="jxr_linenumber" name="L429" href="#L429">429</a> &amp;&amp; b[5] == 'n'
<a class="jxr_linenumber" name="L430" href="#L430">430</a> &amp;&amp; b[6] == '/') {
<a class="jxr_linenumber" name="L431" href="#L431">431</a> <strong class="jxr_keyword">boolean</strong> stillLooking = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L432" href="#L432">432</a> <strong class="jxr_keyword">int</strong> chr, nxtChr;
<a class="jxr_linenumber" name="L433" href="#L433">433</a> <strong class="jxr_keyword">while</strong> (stillLooking &amp;&amp; (chr = in.read()) != -1) {
<a class="jxr_linenumber" name="L434" href="#L434">434</a> <strong class="jxr_keyword">if</strong> (chr == '\n' || chr == '\r') {
<a class="jxr_linenumber" name="L435" href="#L435">435</a> in.mark(4);
<a class="jxr_linenumber" name="L436" href="#L436">436</a> <strong class="jxr_keyword">if</strong> ((chr = in.read()) != -1) {
<a class="jxr_linenumber" name="L437" href="#L437">437</a> <strong class="jxr_keyword">if</strong> (chr == 'P' &amp;&amp; (chr = in.read()) != -1) {
<a class="jxr_linenumber" name="L438" href="#L438">438</a> <strong class="jxr_keyword">if</strong> (chr == 'K' &amp;&amp; (chr = in.read()) != -1) {
<a class="jxr_linenumber" name="L439" href="#L439">439</a> <strong class="jxr_keyword">if</strong> ((chr == 3 || chr == 5 || chr == 7) &amp;&amp; (nxtChr = in.read()) != -1) {
<a class="jxr_linenumber" name="L440" href="#L440">440</a> <strong class="jxr_keyword">if</strong> (nxtChr == chr + 1) {
<a class="jxr_linenumber" name="L441" href="#L441">441</a> stillLooking = false;
<a class="jxr_linenumber" name="L442" href="#L442">442</a> in.reset();
<a class="jxr_linenumber" name="L443" href="#L443">443</a> }
<a class="jxr_linenumber" name="L444" href="#L444">444</a> }
<a class="jxr_linenumber" name="L445" href="#L445">445</a> }
<a class="jxr_linenumber" name="L446" href="#L446">446</a> }
<a class="jxr_linenumber" name="L447" href="#L447">447</a> }
<a class="jxr_linenumber" name="L448" href="#L448">448</a> }
<a class="jxr_linenumber" name="L449" href="#L449">449</a> }
<a class="jxr_linenumber" name="L450" href="#L450">450</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L451" href="#L451">451</a> in.reset();
<a class="jxr_linenumber" name="L452" href="#L452">452</a> }
<a class="jxr_linenumber" name="L453" href="#L453">453</a> }
<a class="jxr_linenumber" name="L454" href="#L454">454</a> }
<a class="jxr_linenumber" name="L455" href="#L455">455</a>
<a class="jxr_linenumber" name="L456" href="#L456">456</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L457" href="#L457">457</a> <em class="jxr_javadoccomment"> * Extracts files from an archive.</em>
<a class="jxr_linenumber" name="L458" href="#L458">458</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L459" href="#L459">459</a> <em class="jxr_javadoccomment"> * @param input the archive to extract files from</em>
<a class="jxr_linenumber" name="L460" href="#L460">460</a> <em class="jxr_javadoccomment"> * @param destination the location to write the files too</em>
<a class="jxr_linenumber" name="L461" href="#L461">461</a> <em class="jxr_javadoccomment"> * @param engine the dependency-check engine</em>
<a class="jxr_linenumber" name="L462" href="#L462">462</a> <em class="jxr_javadoccomment"> * @throws ArchiveExtractionException thrown if there is an exception</em>
<a class="jxr_linenumber" name="L463" href="#L463">463</a> <em class="jxr_javadoccomment"> * extracting files from the archive</em>
<a class="jxr_linenumber" name="L464" href="#L464">464</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L465" href="#L465">465</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractArchive(ArchiveInputStream input, File destination, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> ArchiveExtractionException {
<a class="jxr_linenumber" name="L466" href="#L466">466</a> ArchiveEntry entry;
<a class="jxr_linenumber" name="L467" href="#L467">467</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L468" href="#L468">468</a> <strong class="jxr_keyword">while</strong> ((entry = input.getNextEntry()) != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L469" href="#L469">469</a> <strong class="jxr_keyword">final</strong> File file = <strong class="jxr_keyword">new</strong> File(destination, entry.getName());
<a class="jxr_linenumber" name="L470" href="#L470">470</a> <strong class="jxr_keyword">if</strong> (entry.isDirectory()) {
<a class="jxr_linenumber" name="L471" href="#L471">471</a> <strong class="jxr_keyword">if</strong> (!file.exists() &amp;&amp; !file.mkdirs()) {
<a class="jxr_linenumber" name="L472" href="#L472">472</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to create directory '%s'."</span>, file.getAbsolutePath());
<a class="jxr_linenumber" name="L473" href="#L473">473</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
<a class="jxr_linenumber" name="L474" href="#L474">474</a> }
<a class="jxr_linenumber" name="L475" href="#L475">475</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (engine.accept(file)) {
<a class="jxr_linenumber" name="L476" href="#L476">476</a> extractAcceptedFile(input, file);
<a class="jxr_linenumber" name="L477" href="#L477">477</a> }
<a class="jxr_linenumber" name="L478" href="#L478">478</a> }
<a class="jxr_linenumber" name="L479" href="#L479">479</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
<a class="jxr_linenumber" name="L480" href="#L480">480</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
<a class="jxr_linenumber" name="L481" href="#L481">481</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L482" href="#L482">482</a> close(input);
<a class="jxr_linenumber" name="L483" href="#L483">483</a> }
<a class="jxr_linenumber" name="L484" href="#L484">484</a> }
<a class="jxr_linenumber" name="L485" href="#L485">485</a>
<a class="jxr_linenumber" name="L486" href="#L486">486</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L487" href="#L487">487</a> <em class="jxr_javadoccomment"> * Extracts a file from an archive.</em>
<a class="jxr_linenumber" name="L488" href="#L488">488</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L489" href="#L489">489</a> <em class="jxr_javadoccomment"> * @param input the archives input stream</em>
<a class="jxr_linenumber" name="L490" href="#L490">490</a> <em class="jxr_javadoccomment"> * @param file the file to extract</em>
<a class="jxr_linenumber" name="L491" href="#L491">491</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an error</em>
<a class="jxr_linenumber" name="L492" href="#L492">492</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L493" href="#L493">493</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> extractAcceptedFile(ArchiveInputStream input, File file) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="L494" href="#L494">494</a> LOGGER.debug(<span class="jxr_string">"Extracting '{}'"</span>, file.getPath());
<a class="jxr_linenumber" name="L495" href="#L495">495</a> FileOutputStream fos = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L496" href="#L496">496</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L497" href="#L497">497</a> <strong class="jxr_keyword">final</strong> File parent = file.getParentFile();
<a class="jxr_linenumber" name="L498" href="#L498">498</a> <strong class="jxr_keyword">if</strong> (!parent.isDirectory() &amp;&amp; !parent.mkdirs()) {
<a class="jxr_linenumber" name="L499" href="#L499">499</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to build directory '%s'."</span>, parent.getAbsolutePath());
<a class="jxr_linenumber" name="L500" href="#L500">500</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
<a class="jxr_linenumber" name="L501" href="#L501">501</a> }
<a class="jxr_linenumber" name="L502" href="#L502">502</a> fos = <strong class="jxr_keyword">new</strong> FileOutputStream(file);
<a class="jxr_linenumber" name="L503" href="#L503">503</a> IOUtils.copy(input, fos);
<a class="jxr_linenumber" name="L504" href="#L504">504</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
<a class="jxr_linenumber" name="L505" href="#L505">505</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L506" href="#L506">506</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unable to find file '%s'."</span>, file.getName());
<a class="jxr_linenumber" name="L507" href="#L507">507</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg, ex);
<a class="jxr_linenumber" name="L508" href="#L508">508</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L509" href="#L509">509</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L510" href="#L510">510</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"IO Exception while parsing file '%s'."</span>, file.getName());
<a class="jxr_linenumber" name="L511" href="#L511">511</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg, ex);
<a class="jxr_linenumber" name="L512" href="#L512">512</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L513" href="#L513">513</a> close(fos);
<a class="jxr_linenumber" name="L514" href="#L514">514</a> }
<a class="jxr_linenumber" name="L515" href="#L515">515</a> }
<a class="jxr_linenumber" name="L516" href="#L516">516</a>
<a class="jxr_linenumber" name="L517" href="#L517">517</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L518" href="#L518">518</a> <em class="jxr_javadoccomment"> * Decompresses a file.</em>
<a class="jxr_linenumber" name="L519" href="#L519">519</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L520" href="#L520">520</a> <em class="jxr_javadoccomment"> * @param inputStream the compressed file</em>
<a class="jxr_linenumber" name="L521" href="#L521">521</a> <em class="jxr_javadoccomment"> * @param outputFile the location to write the decompressed file</em>
<a class="jxr_linenumber" name="L522" href="#L522">522</a> <em class="jxr_javadoccomment"> * @throws ArchiveExtractionException thrown if there is an exception</em>
<a class="jxr_linenumber" name="L523" href="#L523">523</a> <em class="jxr_javadoccomment"> * decompressing the file</em>
<a class="jxr_linenumber" name="L524" href="#L524">524</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L525" href="#L525">525</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> decompressFile(CompressorInputStream inputStream, File outputFile) <strong class="jxr_keyword">throws</strong> ArchiveExtractionException {
<a class="jxr_linenumber" name="L526" href="#L526">526</a> LOGGER.debug(<span class="jxr_string">"Decompressing '{}'"</span>, outputFile.getPath());
<a class="jxr_linenumber" name="L527" href="#L527">527</a> FileOutputStream out = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L528" href="#L528">528</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L529" href="#L529">529</a> out = <strong class="jxr_keyword">new</strong> FileOutputStream(outputFile);
<a class="jxr_linenumber" name="L530" href="#L530">530</a> IOUtils.copy(inputStream, out);
<a class="jxr_linenumber" name="L531" href="#L531">531</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
<a class="jxr_linenumber" name="L532" href="#L532">532</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L533" href="#L533">533</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
<a class="jxr_linenumber" name="L534" href="#L534">534</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L535" href="#L535">535</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L536" href="#L536">536</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/ArchiveExtractionException.html">ArchiveExtractionException</a>(ex);
<a class="jxr_linenumber" name="L537" href="#L537">537</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L538" href="#L538">538</a> close(out);
<a class="jxr_linenumber" name="L539" href="#L539">539</a> }
<a class="jxr_linenumber" name="L540" href="#L540">540</a> }
<a class="jxr_linenumber" name="L541" href="#L541">541</a>
<a class="jxr_linenumber" name="L542" href="#L542">542</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L543" href="#L543">543</a> <em class="jxr_javadoccomment"> * Close the given {@link Closeable} instance, ignoring nulls, and logging</em>
<a class="jxr_linenumber" name="L544" href="#L544">544</a> <em class="jxr_javadoccomment"> * any thrown {@link IOException}.</em>
<a class="jxr_linenumber" name="L545" href="#L545">545</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L546" href="#L546">546</a> <em class="jxr_javadoccomment"> * @param closeable to be closed</em>
<a class="jxr_linenumber" name="L547" href="#L547">547</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L548" href="#L548">548</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> close(Closeable closeable) {
<a class="jxr_linenumber" name="L549" href="#L549">549</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != closeable) {
<a class="jxr_linenumber" name="L550" href="#L550">550</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L551" href="#L551">551</a> closeable.close();
<a class="jxr_linenumber" name="L552" href="#L552">552</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L553" href="#L553">553</a> LOGGER.trace(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L554" href="#L554">554</a> }
<a class="jxr_linenumber" name="L555" href="#L555">555</a> }
<a class="jxr_linenumber" name="L556" href="#L556">556</a> }
<a class="jxr_linenumber" name="L557" href="#L557">557</a>
<a class="jxr_linenumber" name="L558" href="#L558">558</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L559" href="#L559">559</a> <em class="jxr_javadoccomment"> * Attempts to determine if a zip file is actually a JAR file.</em>
<a class="jxr_linenumber" name="L560" href="#L560">560</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L561" href="#L561">561</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to check</em>
<a class="jxr_linenumber" name="L562" href="#L562">562</a> <em class="jxr_javadoccomment"> * @return true if the dependency appears to be a JAR file; otherwise false</em>
<a class="jxr_linenumber" name="L563" href="#L563">563</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L564" href="#L564">564</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isZipFileActuallyJarFile(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency) {
<a class="jxr_linenumber" name="L565" href="#L565">565</a> <strong class="jxr_keyword">boolean</strong> isJar = false;
<a class="jxr_linenumber" name="L566" href="#L566">566</a> ZipFile zip = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L567" href="#L567">567</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L568" href="#L568">568</a> zip = <strong class="jxr_keyword">new</strong> ZipFile(dependency.getActualFilePath());
<a class="jxr_linenumber" name="L569" href="#L569">569</a> <strong class="jxr_keyword">if</strong> (zip.getEntry(<span class="jxr_string">"META-INF/MANIFEST.MF"</span>) != <strong class="jxr_keyword">null</strong>
<a class="jxr_linenumber" name="L570" href="#L570">570</a> || zip.getEntry(<span class="jxr_string">"META-INF/maven"</span>) != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L571" href="#L571">571</a> <strong class="jxr_keyword">final</strong> Enumeration&lt;ZipArchiveEntry&gt; entries = zip.getEntries();
<a class="jxr_linenumber" name="L572" href="#L572">572</a> <strong class="jxr_keyword">while</strong> (entries.hasMoreElements()) {
<a class="jxr_linenumber" name="L573" href="#L573">573</a> <strong class="jxr_keyword">final</strong> ZipArchiveEntry entry = entries.nextElement();
<a class="jxr_linenumber" name="L574" href="#L574">574</a> <strong class="jxr_keyword">if</strong> (!entry.isDirectory()) {
<a class="jxr_linenumber" name="L575" href="#L575">575</a> <strong class="jxr_keyword">final</strong> String name = entry.getName().toLowerCase();
<a class="jxr_linenumber" name="L576" href="#L576">576</a> <strong class="jxr_keyword">if</strong> (name.endsWith(<span class="jxr_string">".class"</span>)) {
<a class="jxr_linenumber" name="L577" href="#L577">577</a> isJar = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L578" href="#L578">578</a> <strong class="jxr_keyword">break</strong>;
<a class="jxr_linenumber" name="L579" href="#L579">579</a> }
<a class="jxr_linenumber" name="L580" href="#L580">580</a> }
<a class="jxr_linenumber" name="L581" href="#L581">581</a> }
<a class="jxr_linenumber" name="L582" href="#L582">582</a> }
<a class="jxr_linenumber" name="L583" href="#L583">583</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L584" href="#L584">584</a> LOGGER.debug(<span class="jxr_string">"Unable to unzip zip file '{}'"</span>, dependency.getFilePath(), ex);
<a class="jxr_linenumber" name="L585" href="#L585">585</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L586" href="#L586">586</a> ZipFile.closeQuietly(zip);
<a class="jxr_linenumber" name="L587" href="#L587">587</a> }
<a class="jxr_linenumber" name="L588" href="#L588">588</a>
<a class="jxr_linenumber" name="L589" href="#L589">589</a> <strong class="jxr_keyword">return</strong> isJar;
<a class="jxr_linenumber" name="L590" href="#L590">590</a> }
<a class="jxr_linenumber" name="L591" href="#L591">591</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>