From 0372c2eccc0656f08fa3183f7afb406762131d80 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Kimminich?= <bjoern.kimminich@kuehne-nagel.com>
Date: Fri, 25 Apr 2014 14:33:15 +0200
Subject: [PATCH 1/2] attempt to locate suppressions in classpath when they
 cannot be found via URL or file path

Former-commit-id: 6ba46b24bd89465aef454ca87c20b783bc761eee
---
 .../analyzer/AbstractSuppressionAnalyzer.java | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java
index 78c5e6ab0..8b1d33a8b 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java
@@ -17,10 +17,11 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import java.io.File;
-import java.io.IOException;
+import java.io.*;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.nio.file.Files;
+import java.nio.file.Path;
 import java.util.List;
 import java.util.Set;
 import java.util.logging.Level;
@@ -115,6 +116,20 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
                 }
             } else {
                 file = new File(suppressionFilePath);
+                if (!file.exists()) {
+                    InputStream suppressionsFromClasspath = this.getClass().getClassLoader().getResourceAsStream(suppressionFilePath);
+                    if (suppressionsFromClasspath != null) {
+                        deleteTempFile = true;
+                        file = FileUtils.getTempFile("suppression", "xml");
+                        try {
+                            org.apache.commons.io.FileUtils.copyInputStreamToFile(suppressionsFromClasspath, file);
+                        } catch (IOException ex) {
+                            LOGGER.log(Level.WARNING, "Unable to locate suppressions file in classpath");
+                            LOGGER.log(Level.FINE, "", ex);
+                            throw new SuppressionParseException("Unable to locate suppressions file in classpath", ex);
+                        }
+                    }
+                }
             }
 
             if (file != null) {

From 35a264d21c0dc5f4e71cbf9dcd81d1cc3b6a0111 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Kimminich?= <bjoern.kimminich@kuehne-nagel.com>
Date: Fri, 25 Apr 2014 14:39:56 +0200
Subject: [PATCH 2/2] organized imports extracted exception handling

Former-commit-id: 2ec171b680d77c0db1dca9ec667e72040040eab9
---
 .../analyzer/AbstractSuppressionAnalyzer.java | 49 +++++++++----------
 1 file changed, 24 insertions(+), 25 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java
index 8b1d33a8b..209e686f8 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java
@@ -17,16 +17,6 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import java.io.*;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.util.List;
-import java.util.Set;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-import java.util.regex.Pattern;
 import org.owasp.dependencycheck.suppression.SuppressionParseException;
 import org.owasp.dependencycheck.suppression.SuppressionParser;
 import org.owasp.dependencycheck.suppression.SuppressionRule;
@@ -35,6 +25,17 @@ import org.owasp.dependencycheck.utils.Downloader;
 import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.Settings;
 
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.List;
+import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import java.util.regex.Pattern;
+
 /**
  * Abstract base suppression analyzer that contains methods for parsing the suppression xml file.
  *
@@ -48,6 +49,7 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
     private static final Logger LOGGER = Logger.getLogger(AbstractSuppressionAnalyzer.class.getName());
 
     //<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
+
     /**
      * Returns a list of file EXTENSIONS supported by this analyzer.
      *
@@ -58,6 +60,7 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
     }
 
     //</editor-fold>
+
     /**
      * The initialize method loads the suppression XML file.
      *
@@ -68,6 +71,7 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
         super.initialize();
         loadSuppressionData();
     }
+
     /**
      * The list of suppression rules
      */
@@ -124,9 +128,7 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
                         try {
                             org.apache.commons.io.FileUtils.copyInputStreamToFile(suppressionsFromClasspath, file);
                         } catch (IOException ex) {
-                            LOGGER.log(Level.WARNING, "Unable to locate suppressions file in classpath");
-                            LOGGER.log(Level.FINE, "", ex);
-                            throw new SuppressionParseException("Unable to locate suppressions file in classpath", ex);
+                            throwSuppressionParseException("Unable to locate suppressions file in classpath", ex);
                         }
                     }
                 }
@@ -146,24 +148,21 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
                 }
             }
         } catch (DownloadFailedException ex) {
-            LOGGER.log(Level.WARNING,
-                    "Unable to fetch the configured suppression file");
-            LOGGER.log(Level.FINE, "", ex);
-            throw new SuppressionParseException("Unable to fetch the configured suppression file", ex);
+            throwSuppressionParseException("Unable to fetch the configured suppression file", ex);
         } catch (MalformedURLException ex) {
-            LOGGER.log(Level.WARNING,
-                    "Configured suppression file has an invalid URL");
-            LOGGER.log(Level.FINE, "", ex);
-            throw new SuppressionParseException("Configured suppression file has an invalid URL", ex);
+            throwSuppressionParseException("Configured suppression file has an invalid URL", ex);
         } catch (IOException ex) {
-            LOGGER.log(Level.WARNING,
-                    "Unable to create temp file for suppressions");
-            LOGGER.log(Level.FINE, "", ex);
-            throw new SuppressionParseException("Unable to create temp file for suppressions", ex);
+            throwSuppressionParseException("Unable to create temp file for suppressions", ex);
         } finally {
             if (deleteTempFile && file != null) {
                 FileUtils.delete(file);
             }
         }
     }
+
+    private void throwSuppressionParseException(String message, Exception exception) throws SuppressionParseException {
+        LOGGER.log(Level.WARNING, message);
+        LOGGER.log(Level.FINE, "", exception);
+        throw new SuppressionParseException(message, exception);
+    }
 }