From f81c42b1fd4154ec8f197a120f740bfa4ee87dca Mon Sep 17 00:00:00 2001
From: Will Stranathan <will@thestranathans.com>
Date: Sat, 3 May 2014 19:12:18 -0400
Subject: [PATCH] Fixed logging order of GrokAssembly for bad assemblies. Using
 resources for logging

Former-commit-id: 611d665c7f5312462c19c8dcf8e87dc672184f67
---
 .../analyzer/AssemblyAnalyzer.java            | 45 ++++++++++---------
 .../dependencycheck-resources.properties      | 10 +++++
 2 files changed, 33 insertions(+), 22 deletions(-)
 create mode 100644 dependency-check-core/src/main/resources/dependencycheck-resources.properties

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
index 8276fae2a..83632b1e1 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
@@ -73,7 +73,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
     /**
      * Logger
      */
-    private static final Logger LOGGER = Logger.getLogger(AssemblyAnalyzer.class.getName());
+    private static final Logger LOGGER = Logger.getLogger(AssemblyAnalyzer.class.getName(), "dependencycheck-resources");
 
     /**
      * Builds the beginnings of a List for ProcessBuilder
@@ -106,7 +106,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
     public void analyzeFileType(Dependency dependency, Engine engine)
             throws AnalysisException {
         if (grokAssemblyExe == null) {
-            LOGGER.warning("GrokAssembly didn't get deployed");
+            LOGGER.warning("analyzer.AssemblyAnalyzer.notdeployed");
             return;
         }
 
@@ -114,16 +114,30 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
         args.add(dependency.getActualFilePath());
         final ProcessBuilder pb = new ProcessBuilder(args);
         BufferedReader rdr = null;
+        Document doc = null;
         try {
             final Process proc = pb.start();
             // Try evacuating the error stream
             rdr = new BufferedReader(new InputStreamReader(proc.getErrorStream(), "UTF-8"));
             String line = null;
             while (rdr.ready() && (line = rdr.readLine()) != null) {
-                LOGGER.log(Level.WARNING, "Error from GrokAssembly: {0}", line);
+                LOGGER.log(Level.WARNING, "analyzer.AssemblyAnalyzer.grokassembly.stderr", line);
             }
             int rc = 0;
-            final Document doc = builder.parse(proc.getInputStream());
+            doc = builder.parse(proc.getInputStream());
+
+            try {
+                rc = proc.waitFor();
+            } catch (InterruptedException ie) {
+                return;
+            }
+            if (rc == 3) {
+                LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.notassembly", dependency.getActualFilePath());
+                return;
+            } else if (rc != 0) {
+                LOGGER.log(Level.WARNING, "analyzer.AssemblyAnalyzer.grokassembly.rc", rc);
+            }
+            
             final XPath xpath = XPathFactory.newInstance().newXPath();
 
             // First, see if there was an error
@@ -150,18 +164,6 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
                         product, Confidence.HIGH));
             }
 
-            try {
-                rc = proc.waitFor();
-            } catch (InterruptedException ie) {
-                return;
-            }
-            if (rc == 3) {
-                LOGGER.log(Level.INFO, "{0} is not a valid assembly", dependency.getActualFilePath());
-                return;
-            } else if (rc != 0) {
-                LOGGER.log(Level.WARNING, "Return code {0} from GrokAssembly", rc);
-            }
-
         } catch (IOException ioe) {
             throw new AnalysisException(ioe);
         } catch (SAXException saxe) {
@@ -201,9 +203,9 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
             grokAssemblyExe = tempFile;
             // Set the temp file to get deleted when we're done
             grokAssemblyExe.deleteOnExit();
-            LOGGER.log(Level.FINE, "Extracted GrokAssembly.exe to {0}", grokAssemblyExe.getPath());
+            LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.grokassembly.deployed", grokAssemblyExe.getPath());
         } catch (IOException ioe) {
-            LOGGER.log(Level.WARNING, "Could not extract GrokAssembly.exe: {0}", ioe.getMessage());
+            LOGGER.log(Level.WARNING, "analyzer.AssemblyAnalyzer.grokassembly.notdeployed", ioe.getMessage());
             throw new AnalysisException("Could not extract GrokAssembly.exe", ioe);
         } finally {
             if (fos != null) {
@@ -246,9 +248,8 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
             if (e instanceof AnalysisException) {
                 throw (AnalysisException) e;
             } else {
-                LOGGER.warning("An error occured with the .NET AssemblyAnalyzer; "
-                        + "this can be ignored unless you are scanning .NET DLLs. Please see the log for more details.");
-                LOGGER.log(Level.FINE, "Could not execute GrokAssembly {0}", e.getMessage());
+                LOGGER.warning("analyzer.AssemblyAnalyzer.grokassembly.initialization.failed");
+                LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.grokassembly.initialization.message", e.getMessage());
                 throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", e);
             }
         } finally {
@@ -272,7 +273,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
                 grokAssemblyExe.deleteOnExit();
             }
         } catch (SecurityException se) {
-            LOGGER.fine("Can't delete temporary GrokAssembly.exe");
+            LOGGER.fine("analyzer.AssemblyAnalyzer.grokassembly.notdeleted");
         }
     }
 
diff --git a/dependency-check-core/src/main/resources/dependencycheck-resources.properties b/dependency-check-core/src/main/resources/dependencycheck-resources.properties
new file mode 100644
index 000000000..dce8dc616
--- /dev/null
+++ b/dependency-check-core/src/main/resources/dependencycheck-resources.properties
@@ -0,0 +1,10 @@
+analyzer.AssemblyAnalyzer.notdeployed=GrokAssembly didn't get deployed
+analyzer.AssemblyAnalyzer.grokassembly.stderr=Error from GrokAssembly: {0}
+analyzer.AssemblyAnalyzer.notassembly={0} is not a .NET assembly or executable and as such cannot be analyzed by dependency-check
+analyzer.AssemblyAnalyzer.grokassembly.rc=Return code {0} from GrokAssembly
+analyzer.AssemblyAnalyzer.grokassembly.deployed=Extracted GrokAssembly.exe to {0}
+analyzer.AssemblyAnalyzer.grokassembly.notdeployed=Could not extract GrokAssembly.exe: {0}
+analyzer.AssemblyAnalyzer.grokassembly.initlization.failed=An error occured with the .NET AssemblyAnalyzer; \
+    this can be ignored unless you are scanning .NET DLLs. Please see the log for more details.
+analyzer.AssemblyAnalyzer.grokassembly.initialization.message=Could not execute GrokAssembly {0}
+analyzer.AssemblyAnalyzer.grokassembly.notdeleted=Can't delete temporary GrokAssembly.exe
\ No newline at end of file