mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-24 01:51:49 +01:00
checkstyle and formating updates
This commit is contained in:
Jeremy Long
@@ -35,7 +35,8 @@ import org.owasp.dependencycheck.utils.Settings;
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* This analyzer is used to analyze SWIFT and Objective-C packages by collecting
|
* This analyzer is used to analyze SWIFT and Objective-C packages by collecting
|
||||||
* information from .podspec files. CocoaPods dependency manager see https://cocoapods.org/.
|
* information from .podspec files. CocoaPods dependency manager see
|
||||||
|
* https://cocoapods.org/.
|
||||||
*
|
*
|
||||||
* @author Bianca Jiang (https://twitter.com/biancajiang)
|
* @author Bianca Jiang (https://twitter.com/biancajiang)
|
||||||
*/
|
*/
|
||||||
@@ -46,7 +47,6 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
* The logger.
|
* The logger.
|
||||||
*/
|
*/
|
||||||
// private static final Logger LOGGER = LoggerFactory.getLogger(CocoaPodsAnalyzer.class);
|
// private static final Logger LOGGER = LoggerFactory.getLogger(CocoaPodsAnalyzer.class);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The name of the analyzer.
|
* The name of the analyzer.
|
||||||
*/
|
*/
|
||||||
@@ -66,14 +66,11 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
*/
|
*/
|
||||||
private static final FileFilter PODSPEC_FILTER = FileFilterBuilder.newInstance().addExtensions(PODSPEC).build();
|
private static final FileFilter PODSPEC_FILTER = FileFilterBuilder.newInstance().addExtensions(PODSPEC).build();
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The capture group #1 is the block variable.
|
* The capture group #1 is the block variable. e.g. "Pod::Spec.new do
|
||||||
* e.g. "Pod::Spec.new do |spec|"
|
* |spec|"
|
||||||
*/
|
*/
|
||||||
private static final Pattern PODSPEC_BLOCK_PATTERN
|
private static final Pattern PODSPEC_BLOCK_PATTERN = Pattern.compile("Pod::Spec\\.new\\s+?do\\s+?\\|(.+?)\\|");
|
||||||
= Pattern.compile("Pod::Spec\\.new\\s+?do\\s+?\\|(.+?)\\|");
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the FileFilter
|
* Returns the FileFilter
|
||||||
@@ -111,7 +108,8 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the key used in the properties file to reference the analyzer's enabled property.
|
* Returns the key used in the properties file to reference the analyzer's
|
||||||
|
* enabled property.
|
||||||
*
|
*
|
||||||
* @return the analyzer's enabled property setting key
|
* @return the analyzer's enabled property setting key
|
||||||
*/
|
*/
|
||||||
@@ -165,8 +163,7 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
String.format("\\s*?%s\\.%s\\s*?=\\s*?\\{\\s*?(.*?)\\s*?\\}", blockVariable, fieldPattern), Pattern.CASE_INSENSITIVE).matcher(contents);
|
String.format("\\s*?%s\\.%s\\s*?=\\s*?\\{\\s*?(.*?)\\s*?\\}", blockVariable, fieldPattern), Pattern.CASE_INSENSITIVE).matcher(contents);
|
||||||
if (arrayMatcher.find()) {
|
if (arrayMatcher.find()) {
|
||||||
value = arrayMatcher.group(1);
|
value = arrayMatcher.group(1);
|
||||||
}
|
} //capture single value between quotes
|
||||||
//capture single value between quotes
|
|
||||||
else {
|
else {
|
||||||
final Matcher matcher = Pattern.compile(
|
final Matcher matcher = Pattern.compile(
|
||||||
String.format("\\s*?%s\\.%s\\s*?=\\s*?(['\"])(.*?)\\1", blockVariable, fieldPattern), Pattern.CASE_INSENSITIVE).matcher(contents);
|
String.format("\\s*?%s\\.%s\\s*?=\\s*?(['\"])(.*?)\\1", blockVariable, fieldPattern), Pattern.CASE_INSENSITIVE).matcher(contents);
|
||||||
@@ -174,16 +171,17 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
value = matcher.group(2);
|
value = matcher.group(2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(value.length() > 0)
|
if (value.length() > 0) {
|
||||||
evidences.addEvidence(PODSPEC, field, value, confidence);
|
evidences.addEvidence(PODSPEC, field, value, confidence);
|
||||||
|
}
|
||||||
return value;
|
return value;
|
||||||
}
|
}
|
||||||
|
|
||||||
private void setPackagePath(Dependency dep) {
|
private void setPackagePath(Dependency dep) {
|
||||||
File file = new File(dep.getFilePath());
|
File file = new File(dep.getFilePath());
|
||||||
String parent = file.getParent();
|
String parent = file.getParent();
|
||||||
if(parent != null)
|
if (parent != null) {
|
||||||
dep.setPackagePath(parent);
|
dep.setPackagePath(parent);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -384,27 +384,35 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Bundling same swift dependencies with the same packagePath but identified by different analyzers.
|
* Bundling same swift dependencies with the same packagePath but identified
|
||||||
|
* by different analyzers.
|
||||||
|
*
|
||||||
|
* @param dependency1 dependency to test
|
||||||
|
* @param dependency2 dependency to test
|
||||||
|
* @return <code>true</code> if the dependencies appear to be the same;
|
||||||
|
* otherwise <code>false</code>
|
||||||
*/
|
*/
|
||||||
private boolean isSameSwiftPackage(Dependency dependency1, Dependency dependency2) {
|
private boolean isSameSwiftPackage(Dependency dependency1, Dependency dependency2) {
|
||||||
if (dependency1 == null || dependency2 == null ||
|
if (dependency1 == null || dependency2 == null
|
||||||
(!dependency1.getFileName().endsWith(".podspec") &&
|
|| (!dependency1.getFileName().endsWith(".podspec")
|
||||||
!dependency1.getFileName().equals("Package.swift")) ||
|
&& !dependency1.getFileName().equals("Package.swift"))
|
||||||
(!dependency2.getFileName().endsWith(".podspec") &&
|
|| (!dependency2.getFileName().endsWith(".podspec")
|
||||||
!dependency2.getFileName().equals("Package.swift")) ||
|
&& !dependency2.getFileName().equals("Package.swift"))
|
||||||
dependency1.getPackagePath() == null ||
|
|| dependency1.getPackagePath() == null
|
||||||
dependency2.getPackagePath() == null) {
|
|| dependency2.getPackagePath() == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (dependency1.getPackagePath().equalsIgnoreCase(dependency2.getPackagePath()))
|
if (dependency1.getPackagePath().equalsIgnoreCase(dependency2.getPackagePath())) {
|
||||||
return true;
|
return true;
|
||||||
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
private Dependency getMainSwiftDependency(Dependency dependency1, Dependency dependency2) {
|
private Dependency getMainSwiftDependency(Dependency dependency1, Dependency dependency2) {
|
||||||
if (isSameSwiftPackage(dependency1, dependency2)) {
|
if (isSameSwiftPackage(dependency1, dependency2)) {
|
||||||
if(dependency1.getFileName().endsWith(".podspec"))
|
if (dependency1.getFileName().endsWith(".podspec")) {
|
||||||
return dependency1;
|
return dependency1;
|
||||||
|
}
|
||||||
return dependency2;
|
return dependency2;
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
|
|||||||
@@ -73,8 +73,7 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
|
|||||||
private static final NameFileFilter IGNORED_FILES = new NameFileFilter(new String[]{
|
private static final NameFileFilter IGNORED_FILES = new NameFileFilter(new String[]{
|
||||||
"__init__.py",
|
"__init__.py",
|
||||||
"__init__.pyc",
|
"__init__.pyc",
|
||||||
"__init__.pyo",
|
"__init__.pyo",});
|
||||||
});
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Collects information about the file name.
|
* Collects information about the file name.
|
||||||
|
|||||||
@@ -704,17 +704,12 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
addMatchingValues(classInformation, value, productEvidence);
|
addMatchingValues(classInformation, value, productEvidence);
|
||||||
// //the following caused false positives.
|
// //the following caused false positives.
|
||||||
// } else if (key.equalsIgnoreCase(BUNDLE_VENDOR)) {
|
// } else if (key.equalsIgnoreCase(BUNDLE_VENDOR)) {
|
||||||
// foundSomething = true;
|
|
||||||
// vendorEvidence.addEvidence(source, key, value, Confidence.HIGH);
|
|
||||||
// addMatchingValues(classInformation, value, vendorEvidence);
|
|
||||||
} else if (key.equalsIgnoreCase(BUNDLE_VERSION)) {
|
} else if (key.equalsIgnoreCase(BUNDLE_VERSION)) {
|
||||||
foundSomething = true;
|
foundSomething = true;
|
||||||
versionEvidence.addEvidence(source, key, value, Confidence.HIGH);
|
versionEvidence.addEvidence(source, key, value, Confidence.HIGH);
|
||||||
} else if (key.equalsIgnoreCase(Attributes.Name.MAIN_CLASS.toString())) {
|
} else if (key.equalsIgnoreCase(Attributes.Name.MAIN_CLASS.toString())) {
|
||||||
continue;
|
continue;
|
||||||
//skipping main class as if this has important information to add
|
//skipping main class as if this has important information to add it will be added during class name analysis...
|
||||||
// it will be added during class name analysis... if other fields
|
|
||||||
// have the information from the class name then they will get added...
|
|
||||||
} else {
|
} else {
|
||||||
key = key.toLowerCase();
|
key = key.toLowerCase();
|
||||||
if (!IGNORE_KEYS.contains(key)
|
if (!IGNORE_KEYS.contains(key)
|
||||||
|
|||||||
@@ -70,8 +70,7 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
* name: "Gloss"
|
* name: "Gloss"
|
||||||
* )"
|
* )"
|
||||||
*/
|
*/
|
||||||
private static final Pattern SPM_BLOCK_PATTERN
|
private static final Pattern SPM_BLOCK_PATTERN = Pattern.compile("let[^=]+=\\s*Package\\s*\\(\\s*([^)]*)\\s*\\)", Pattern.DOTALL);
|
||||||
= Pattern.compile("let[^=]+=\\s*Package\\s*\\(\\s*([^)]*)\\s*\\)", Pattern.DOTALL);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the FileFilter
|
* Returns the FileFilter
|
||||||
|
|||||||
@@ -95,7 +95,7 @@ public final class ConnectionFactory {
|
|||||||
* @throws DatabaseException thrown if we are unable to connect to the
|
* @throws DatabaseException thrown if we are unable to connect to the
|
||||||
* database
|
* database
|
||||||
*/
|
*/
|
||||||
public static synchronized void initialize() throws DatabaseException {
|
public static void initialize() throws DatabaseException {
|
||||||
//this only needs to be called once.
|
//this only needs to be called once.
|
||||||
if (connectionString != null) {
|
if (connectionString != null) {
|
||||||
return;
|
return;
|
||||||
@@ -196,7 +196,7 @@ public final class ConnectionFactory {
|
|||||||
* finalize method being called as during shutdown the class loader used to
|
* finalize method being called as during shutdown the class loader used to
|
||||||
* load the driver may be unloaded prior to the driver being de-registered.
|
* load the driver may be unloaded prior to the driver being de-registered.
|
||||||
*/
|
*/
|
||||||
public static synchronized void cleanup() {
|
public static void cleanup() {
|
||||||
if (driver != null) {
|
if (driver != null) {
|
||||||
try {
|
try {
|
||||||
DriverManager.deregisterDriver(driver);
|
DriverManager.deregisterDriver(driver);
|
||||||
|
|||||||
@@ -24,7 +24,8 @@ import java.util.regex.Pattern;
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>
|
* <p>
|
||||||
* A utility class to extract version numbers from file names (or other strings containing version numbers.</p>
|
* A utility class to extract version numbers from file names (or other strings
|
||||||
|
* containing version numbers.</p>
|
||||||
*
|
*
|
||||||
* @author Jeremy Long
|
* @author Jeremy Long
|
||||||
*/
|
*/
|
||||||
@@ -35,13 +36,16 @@ public final class DependencyVersionUtil {
|
|||||||
*/
|
*/
|
||||||
private static final Pattern RX_VERSION = Pattern.compile("\\d+(\\.\\d{1,6})+(\\.?([_-](release|beta|alpha|\\d+)|[a-zA-Z_-]{1,3}\\d{0,8}))?");
|
private static final Pattern RX_VERSION = Pattern.compile("\\d+(\\.\\d{1,6})+(\\.?([_-](release|beta|alpha|\\d+)|[a-zA-Z_-]{1,3}\\d{0,8}))?");
|
||||||
/**
|
/**
|
||||||
* Regular expression to extract a single version number without periods. This is a last ditch effort just to check in case we
|
* Regular expression to extract a single version number without periods.
|
||||||
* are missing a version number using the previous regex.
|
* This is a last ditch effort just to check in case we are missing a
|
||||||
|
* version number using the previous regex.
|
||||||
*/
|
*/
|
||||||
private static final Pattern RX_SINGLE_VERSION = Pattern.compile("\\d+(\\.?([_-](release|beta|alpha)|[a-zA-Z_-]{1,3}\\d{1,8}))?");
|
private static final Pattern RX_SINGLE_VERSION = Pattern.compile("\\d+(\\.?([_-](release|beta|alpha)|[a-zA-Z_-]{1,3}\\d{1,8}))?");
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Regular expression to extract the part before the version numbers if there are any based on RX_VERSION. In most cases, this part represents a more accurate name.
|
* Regular expression to extract the part before the version numbers if
|
||||||
|
* there are any based on RX_VERSION. In most cases, this part represents a
|
||||||
|
* more accurate name.
|
||||||
*/
|
*/
|
||||||
private static final Pattern RX_PRE_VERSION = Pattern.compile("^(.+)[_-](\\d+\\.\\d{1,6})+");
|
private static final Pattern RX_PRE_VERSION = Pattern.compile("^(.+)[_-](\\d+\\.\\d{1,6})+");
|
||||||
|
|
||||||
@@ -53,7 +57,8 @@ public final class DependencyVersionUtil {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>
|
* <p>
|
||||||
* A utility class to extract version numbers from file names (or other strings containing version numbers.</p>
|
* A utility class to extract version numbers from file names (or other
|
||||||
|
* strings containing version numbers.</p>
|
||||||
* <pre>
|
* <pre>
|
||||||
* Example:
|
* Example:
|
||||||
* Give the file name: library-name-1.4.1r2-release.jar
|
* Give the file name: library-name-1.4.1r2-release.jar
|
||||||
@@ -103,21 +108,24 @@ public final class DependencyVersionUtil {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>
|
* <p>
|
||||||
* A utility class to extract the part before version numbers from file names (or other strings containing version numbers.
|
* A utility class to extract the part before version numbers from file
|
||||||
* In most cases, this part represents a more accurate name than the full file name.</p>
|
* names (or other strings containing version numbers. In most cases, this
|
||||||
|
* part represents a more accurate name than the full file name.</p>
|
||||||
* <pre>
|
* <pre>
|
||||||
* Example:
|
* Example:
|
||||||
* Give the file name: library-name-1.4.1r2-release.jar
|
* Give the file name: library-name-1.4.1r2-release.jar
|
||||||
* This function would return: library-name</pre>
|
* This function would return: library-name</pre>
|
||||||
*
|
*
|
||||||
* @param text the text being analyzed
|
* @param text the text being analyzed
|
||||||
* @return the part before the version numbers if any, otherwise return the text itself.
|
* @return the part before the version numbers if any, otherwise return the
|
||||||
|
* text itself.
|
||||||
*/
|
*/
|
||||||
public static String parsePreVersion(String text) {
|
public static String parsePreVersion(String text) {
|
||||||
if(parseVersion(text) == null)
|
if (parseVersion(text) == null) {
|
||||||
return text;
|
return text;
|
||||||
|
}
|
||||||
|
|
||||||
Matcher matcher = RX_PRE_VERSION.matcher(text);
|
final Matcher matcher = RX_PRE_VERSION.matcher(text);
|
||||||
if (matcher.find()) {
|
if (matcher.find()) {
|
||||||
return matcher.group(1);
|
return matcher.group(1);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -13,6 +13,6 @@
|
|||||||
^ \* See the License for the specific language governing permissions and\s*$
|
^ \* See the License for the specific language governing permissions and\s*$
|
||||||
^ \* limitations under the License\.\s*$
|
^ \* limitations under the License\.\s*$
|
||||||
^ \*\s*$
|
^ \*\s*$
|
||||||
^ \* Copyright \(c\) 201[0-9] (Jeremy Long|Steve Springett|Bianca Jiang|The OWASP Foundation|Institute for Defense Analyses)\. All Rights Reserved\.\s*$
|
^ \* Copyright \(c\) 201[0-9] (Jeremy Long|Steve Springett|Bianca Jiang|IBM Corporation|The OWASP Foundation|Institute for Defense Analyses)\. All Rights Reserved\.\s*$
|
||||||
^ \*/\s*$
|
^ \*/\s*$
|
||||||
^package
|
^package
|
||||||
|
|||||||
Reference in New Issue
Block a user