github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-25 10:32:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

coverity suggested updates

Browse Source
This commit is contained in:
Jeremy Long
2017-09-03 21:10:33 -04:00
parent c4ee53e147
commit ed22b6532f
2 changed files with 28 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -584,7 +584,7 @@ public class Engine implements FileFilter, AutoCloseable {
* @return the scanned dependency * @return the scanned dependency
* @since v1.4.4 * @since v1.4.4
*/ */
protected Dependency scanFile(File file, String projectReference) { protected synchronized Dependency scanFile(File file, String projectReference) {
Dependency dependency = null; Dependency dependency = null;
if (file.isFile()) { if (file.isFile()) {
if (accept(file)) { if (accept(file)) {
@@ -594,31 +594,30 @@ public class Engine implements FileFilter, AutoCloseable {
} }
final String sha1 = dependency.getSha1sum(); final String sha1 = dependency.getSha1sum();
boolean found = false; boolean found = false;
synchronized (dependencies) {
if (sha1 != null) { if (sha1 != null) {
for (Dependency existing : dependencies) { for (Dependency existing : dependencies) {
if (sha1.equals(existing.getSha1sum())) { if (sha1.equals(existing.getSha1sum())) {
found = true; found = true;
if (projectReference != null) { if (projectReference != null) {
existing.addProjectReference(projectReference); existing.addProjectReference(projectReference);
}
if (existing.getActualFilePath() != null && dependency.getActualFilePath() != null
&& !existing.getActualFilePath().equals(dependency.getActualFilePath())) {
existing.addRelatedDependency(dependency);
} else {
dependency = existing;
}
break;
} }
if (existing.getActualFilePath() != null && dependency.getActualFilePath() != null
&& !existing.getActualFilePath().equals(dependency.getActualFilePath())) {
existing.addRelatedDependency(dependency);
} else {
dependency = existing;
}
break;
} }
} }
if (!found) {
dependencies.add(dependency);
}
} }
} else { if (!found) {
LOGGER.debug("Path passed to scanFile(File) is not a file that can be scanned by dependency-check: {}. Skipping the file.", file); dependencies.add(dependency);
}
} }
} else {
LOGGER.debug("Path passed to scanFile(File) is not a file that can be scanned by dependency-check: {}. Skipping the file.", file);
} }
return dependency; return dependency;
} }
@@ -778,13 +777,11 @@ public class Engine implements FileFilter, AutoCloseable {
* @param exceptions the collection of exceptions to collect * @param exceptions the collection of exceptions to collect
* @return a collection of analysis tasks * @return a collection of analysis tasks
*/ */
protected List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) { protected synchronized List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) {
final List<AnalysisTask> result = new ArrayList<>(); final List<AnalysisTask> result = new ArrayList<>();
synchronized (dependencies) { for (final Dependency dependency : dependencies) {
for (final Dependency dependency : dependencies) { final AnalysisTask task = new AnalysisTask(analyzer, dependency, this, exceptions);
final AnalysisTask task = new AnalysisTask(analyzer, dependency, this, exceptions); result.add(task);
result.add(task);
}
} }
return result; return result;
} }

7
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -312,9 +312,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
private boolean isZipFile(final Dependency dependency) { private boolean isZipFile(final Dependency dependency) {
final byte[] buffer = new byte[4]; final byte[] buffer = new byte[4];
try (final FileInputStream fileInputStream = new FileInputStream(dependency.getActualFilePath())) { try (final FileInputStream fileInputStream = new FileInputStream(dependency.getActualFilePath())) {
fileInputStream.read(buffer); if (fileInputStream.read(buffer) > 0
if (Arrays.equals(buffer, ZIP_FIRST_BYTES) || Arrays.equals(buffer, ZIP_EMPTY_FIRST_BYTES) && (Arrays.equals(buffer, ZIP_FIRST_BYTES)
|| Arrays.equals(buffer, ZIP_SPANNED_FIRST_BYTES)) { || Arrays.equals(buffer, ZIP_EMPTY_FIRST_BYTES)
|| Arrays.equals(buffer, ZIP_SPANNED_FIRST_BYTES))) {
return true; return true;
} }
} catch (Exception e) { } catch (Exception e) {