mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-20 00:04:27 +01:00
Merge pull request #122 from colezlaw/master
Fixed logging order of GrokAssembly for bad assemblies. Using resources ... Former-commit-id: 65a41d23df6ccfa8c4f05235da3d7c613e4290a0
This commit is contained in:
Jeremy Long
@@ -73,7 +73,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
/**
|
/**
|
||||||
* Logger
|
* Logger
|
||||||
*/
|
*/
|
||||||
private static final Logger LOGGER = Logger.getLogger(AssemblyAnalyzer.class.getName());
|
private static final Logger LOGGER = Logger.getLogger(AssemblyAnalyzer.class.getName(), "dependencycheck-resources");
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Builds the beginnings of a List for ProcessBuilder
|
* Builds the beginnings of a List for ProcessBuilder
|
||||||
@@ -106,7 +106,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
public void analyzeFileType(Dependency dependency, Engine engine)
|
public void analyzeFileType(Dependency dependency, Engine engine)
|
||||||
throws AnalysisException {
|
throws AnalysisException {
|
||||||
if (grokAssemblyExe == null) {
|
if (grokAssemblyExe == null) {
|
||||||
LOGGER.warning("GrokAssembly didn't get deployed");
|
LOGGER.warning("analyzer.AssemblyAnalyzer.notdeployed");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -114,16 +114,30 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
args.add(dependency.getActualFilePath());
|
args.add(dependency.getActualFilePath());
|
||||||
final ProcessBuilder pb = new ProcessBuilder(args);
|
final ProcessBuilder pb = new ProcessBuilder(args);
|
||||||
BufferedReader rdr = null;
|
BufferedReader rdr = null;
|
||||||
|
Document doc = null;
|
||||||
try {
|
try {
|
||||||
final Process proc = pb.start();
|
final Process proc = pb.start();
|
||||||
// Try evacuating the error stream
|
// Try evacuating the error stream
|
||||||
rdr = new BufferedReader(new InputStreamReader(proc.getErrorStream(), "UTF-8"));
|
rdr = new BufferedReader(new InputStreamReader(proc.getErrorStream(), "UTF-8"));
|
||||||
String line = null;
|
String line = null;
|
||||||
while (rdr.ready() && (line = rdr.readLine()) != null) {
|
while (rdr.ready() && (line = rdr.readLine()) != null) {
|
||||||
LOGGER.log(Level.WARNING, "Error from GrokAssembly: {0}", line);
|
LOGGER.log(Level.WARNING, "analyzer.AssemblyAnalyzer.grokassembly.stderr", line);
|
||||||
}
|
}
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
final Document doc = builder.parse(proc.getInputStream());
|
doc = builder.parse(proc.getInputStream());
|
||||||
|
|
||||||
|
try {
|
||||||
|
rc = proc.waitFor();
|
||||||
|
} catch (InterruptedException ie) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (rc == 3) {
|
||||||
|
LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.notassembly", dependency.getActualFilePath());
|
||||||
|
return;
|
||||||
|
} else if (rc != 0) {
|
||||||
|
LOGGER.log(Level.WARNING, "analyzer.AssemblyAnalyzer.grokassembly.rc", rc);
|
||||||
|
}
|
||||||
|
|
||||||
final XPath xpath = XPathFactory.newInstance().newXPath();
|
final XPath xpath = XPathFactory.newInstance().newXPath();
|
||||||
|
|
||||||
// First, see if there was an error
|
// First, see if there was an error
|
||||||
@@ -150,18 +164,6 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
product, Confidence.HIGH));
|
product, Confidence.HIGH));
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
|
||||||
rc = proc.waitFor();
|
|
||||||
} catch (InterruptedException ie) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (rc == 3) {
|
|
||||||
LOGGER.log(Level.INFO, "{0} is not a valid assembly", dependency.getActualFilePath());
|
|
||||||
return;
|
|
||||||
} else if (rc != 0) {
|
|
||||||
LOGGER.log(Level.WARNING, "Return code {0} from GrokAssembly", rc);
|
|
||||||
}
|
|
||||||
|
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
throw new AnalysisException(ioe);
|
throw new AnalysisException(ioe);
|
||||||
} catch (SAXException saxe) {
|
} catch (SAXException saxe) {
|
||||||
@@ -201,9 +203,9 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
grokAssemblyExe = tempFile;
|
grokAssemblyExe = tempFile;
|
||||||
// Set the temp file to get deleted when we're done
|
// Set the temp file to get deleted when we're done
|
||||||
grokAssemblyExe.deleteOnExit();
|
grokAssemblyExe.deleteOnExit();
|
||||||
LOGGER.log(Level.FINE, "Extracted GrokAssembly.exe to {0}", grokAssemblyExe.getPath());
|
LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.grokassembly.deployed", grokAssemblyExe.getPath());
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
LOGGER.log(Level.WARNING, "Could not extract GrokAssembly.exe: {0}", ioe.getMessage());
|
LOGGER.log(Level.WARNING, "analyzer.AssemblyAnalyzer.grokassembly.notdeployed", ioe.getMessage());
|
||||||
throw new AnalysisException("Could not extract GrokAssembly.exe", ioe);
|
throw new AnalysisException("Could not extract GrokAssembly.exe", ioe);
|
||||||
} finally {
|
} finally {
|
||||||
if (fos != null) {
|
if (fos != null) {
|
||||||
@@ -246,9 +248,8 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
if (e instanceof AnalysisException) {
|
if (e instanceof AnalysisException) {
|
||||||
throw (AnalysisException) e;
|
throw (AnalysisException) e;
|
||||||
} else {
|
} else {
|
||||||
LOGGER.warning("An error occured with the .NET AssemblyAnalyzer; "
|
LOGGER.warning("analyzer.AssemblyAnalyzer.grokassembly.initialization.failed");
|
||||||
+ "this can be ignored unless you are scanning .NET DLLs. Please see the log for more details.");
|
LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.grokassembly.initialization.message", e.getMessage());
|
||||||
LOGGER.log(Level.FINE, "Could not execute GrokAssembly {0}", e.getMessage());
|
|
||||||
throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", e);
|
throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", e);
|
||||||
}
|
}
|
||||||
} finally {
|
} finally {
|
||||||
@@ -272,7 +273,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
grokAssemblyExe.deleteOnExit();
|
grokAssemblyExe.deleteOnExit();
|
||||||
}
|
}
|
||||||
} catch (SecurityException se) {
|
} catch (SecurityException se) {
|
||||||
LOGGER.fine("Can't delete temporary GrokAssembly.exe");
|
LOGGER.fine("analyzer.AssemblyAnalyzer.grokassembly.notdeleted");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,10 @@
|
|||||||
|
analyzer.AssemblyAnalyzer.notdeployed=GrokAssembly didn't get deployed
|
||||||
|
analyzer.AssemblyAnalyzer.grokassembly.stderr=Error from GrokAssembly: {0}
|
||||||
|
analyzer.AssemblyAnalyzer.notassembly={0} is not a .NET assembly or executable and as such cannot be analyzed by dependency-check
|
||||||
|
analyzer.AssemblyAnalyzer.grokassembly.rc=Return code {0} from GrokAssembly
|
||||||
|
analyzer.AssemblyAnalyzer.grokassembly.deployed=Extracted GrokAssembly.exe to {0}
|
||||||
|
analyzer.AssemblyAnalyzer.grokassembly.notdeployed=Could not extract GrokAssembly.exe: {0}
|
||||||
|
analyzer.AssemblyAnalyzer.grokassembly.initlization.failed=An error occured with the .NET AssemblyAnalyzer; \
|
||||||
|
this can be ignored unless you are scanning .NET DLLs. Please see the log for more details.
|
||||||
|
analyzer.AssemblyAnalyzer.grokassembly.initialization.message=Could not execute GrokAssembly {0}
|
||||||
|
analyzer.AssemblyAnalyzer.grokassembly.notdeleted=Can't delete temporary GrokAssembly.exe
|
||||||
Reference in New Issue
Block a user