github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-24 01:51:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

checkstyle and formating updates

Browse Source
This commit is contained in:
Jeremy Long
2016-08-21 15:59:47 -04:00
parent 659785f972
commit f4fff5d9cb
9 changed files with 98 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java
View File

@@ -35,7 +35,8 @@ import org.owasp.dependencycheck.utils.Settings;
/** /**
* This analyzer is used to analyze SWIFT and Objective-C packages by collecting * This analyzer is used to analyze SWIFT and Objective-C packages by collecting
* information from .podspec files. CocoaPods dependency manager see https://cocoapods.org/. * information from .podspec files. CocoaPods dependency manager see
* https://cocoapods.org/.
* *
* @author Bianca Jiang (https://twitter.com/biancajiang) * @author Bianca Jiang (https://twitter.com/biancajiang)
*/ */
@@ -46,7 +47,6 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
* The logger. * The logger.
*/ */
// private static final Logger LOGGER = LoggerFactory.getLogger(CocoaPodsAnalyzer.class); // private static final Logger LOGGER = LoggerFactory.getLogger(CocoaPodsAnalyzer.class);
/** /**
* The name of the analyzer. * The name of the analyzer.
*/ */
@@ -66,14 +66,11 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
*/ */
private static final FileFilter PODSPEC_FILTER = FileFilterBuilder.newInstance().addExtensions(PODSPEC).build(); private static final FileFilter PODSPEC_FILTER = FileFilterBuilder.newInstance().addExtensions(PODSPEC).build();
/** /**
* The capture group #1 is the block variable. * The capture group #1 is the block variable. e.g. "Pod::Spec.new do
* e.g. "Pod::Spec.new do |spec|" * |spec|"
*/ */
private static final Pattern PODSPEC_BLOCK_PATTERN private static final Pattern PODSPEC_BLOCK_PATTERN = Pattern.compile("Pod::Spec\\.new\\s+?do\\s+?\\|(.+?)\\|");
= Pattern.compile("Pod::Spec\\.new\\s+?do\\s+?\\|(.+?)\\|");
/** /**
* Returns the FileFilter * Returns the FileFilter
@@ -111,7 +108,8 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
} }
/** /**
* Returns the key used in the properties file to reference the analyzer's enabled property. * Returns the key used in the properties file to reference the analyzer's
* enabled property.
* *
* @return the analyzer's enabled property setting key * @return the analyzer's enabled property setting key
*/ */
@@ -124,7 +122,7 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
protected void analyzeFileType(Dependency dependency, Engine engine) protected void analyzeFileType(Dependency dependency, Engine engine)
throws AnalysisException { throws AnalysisException {
String contents; String contents;
try { try {
contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset()); contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());
} catch (IOException e) { } catch (IOException e) {
@@ -160,30 +158,30 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
String blockVariable, String field, String fieldPattern, Confidence confidence) { String blockVariable, String field, String fieldPattern, Confidence confidence) {
String value = ""; String value = "";
//capture array value between [ ] //capture array value between [ ]
final Matcher arrayMatcher = Pattern.compile( final Matcher arrayMatcher = Pattern.compile(
String.format("\\s*?%s\\.%s\\s*?=\\s*?\\{\\s*?(.*?)\\s*?\\}", blockVariable, fieldPattern), Pattern.CASE_INSENSITIVE).matcher(contents); String.format("\\s*?%s\\.%s\\s*?=\\s*?\\{\\s*?(.*?)\\s*?\\}", blockVariable, fieldPattern), Pattern.CASE_INSENSITIVE).matcher(contents);
if(arrayMatcher.find()) { if (arrayMatcher.find()) {
value = arrayMatcher.group(1); value = arrayMatcher.group(1);
} } //capture single value between quotes
//capture single value between quotes else {
else { final Matcher matcher = Pattern.compile(
final Matcher matcher = Pattern.compile( String.format("\\s*?%s\\.%s\\s*?=\\s*?(['\"])(.*?)\\1", blockVariable, fieldPattern), Pattern.CASE_INSENSITIVE).matcher(contents);
String.format("\\s*?%s\\.%s\\s*?=\\s*?(['\"])(.*?)\\1", blockVariable, fieldPattern), Pattern.CASE_INSENSITIVE).matcher(contents); if (matcher.find()) {
if (matcher.find()) { value = matcher.group(2);
value = matcher.group(2); }
} }
} if (value.length() > 0) {
if(value.length() > 0) evidences.addEvidence(PODSPEC, field, value, confidence);
evidences.addEvidence(PODSPEC, field, value, confidence); }
return value; return value;
} }
private void setPackagePath(Dependency dep) { private void setPackagePath(Dependency dep) {
File file = new File(dep.getFilePath()); File file = new File(dep.getFilePath());
String parent = file.getParent(); String parent = file.getParent();
if(parent != null) if (parent != null) {
dep.setPackagePath(parent); dep.setPackagePath(parent);
}
} }
} }

54
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
View File

@@ -144,17 +144,17 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
mergeDependencies(nextDependency, dependency, dependenciesToRemove); mergeDependencies(nextDependency, dependency, dependenciesToRemove);
break; //since we merged into the next dependency - skip forward to the next in mainIterator break; //since we merged into the next dependency - skip forward to the next in mainIterator
} }
} else if ( (main = getMainGemspecDependency(dependency, nextDependency)) != null ) { } else if ((main = getMainGemspecDependency(dependency, nextDependency)) != null) {
if (main == dependency) { if (main == dependency) {
mergeDependencies(dependency, nextDependency, dependenciesToRemove); mergeDependencies(dependency, nextDependency, dependenciesToRemove);
} else { } else {
mergeDependencies(nextDependency, dependency, dependenciesToRemove); mergeDependencies(nextDependency, dependency, dependenciesToRemove);
break; //since we merged into the next dependency - skip forward to the next in mainIterator break; //since we merged into the next dependency - skip forward to the next in mainIterator
} }
} else if ( (main = getMainSwiftDependency(dependency, nextDependency)) != null) { } else if ((main = getMainSwiftDependency(dependency, nextDependency)) != null) {
if (main == dependency) { if (main == dependency) {
mergeDependencies(dependency, nextDependency, dependenciesToRemove); mergeDependencies(dependency, nextDependency, dependenciesToRemove);
} else { } else {
mergeDependencies(nextDependency, dependency, dependenciesToRemove); mergeDependencies(nextDependency, dependency, dependenciesToRemove);
break; //since we merged into the next dependency - skip forward to the next in mainIterator break; //since we merged into the next dependency - skip forward to the next in mainIterator
} }
@@ -384,27 +384,35 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
} }
/** /**
* Bundling same swift dependencies with the same packagePath but identified by different analyzers. * Bundling same swift dependencies with the same packagePath but identified
* by different analyzers.
*
* @param dependency1 dependency to test
* @param dependency2 dependency to test
* @return <code>true</code> if the dependencies appear to be the same;
* otherwise <code>false</code>
*/ */
private boolean isSameSwiftPackage(Dependency dependency1, Dependency dependency2) { private boolean isSameSwiftPackage(Dependency dependency1, Dependency dependency2) {
if (dependency1 == null || dependency2 == null || if (dependency1 == null || dependency2 == null
(!dependency1.getFileName().endsWith(".podspec") && || (!dependency1.getFileName().endsWith(".podspec")
!dependency1.getFileName().equals("Package.swift")) || && !dependency1.getFileName().equals("Package.swift"))
(!dependency2.getFileName().endsWith(".podspec") && || (!dependency2.getFileName().endsWith(".podspec")
!dependency2.getFileName().equals("Package.swift")) || && !dependency2.getFileName().equals("Package.swift"))
dependency1.getPackagePath() == null || || dependency1.getPackagePath() == null
dependency2.getPackagePath() == null) { || dependency2.getPackagePath() == null) {
return false; return false;
} }
if (dependency1.getPackagePath().equalsIgnoreCase(dependency2.getPackagePath())) if (dependency1.getPackagePath().equalsIgnoreCase(dependency2.getPackagePath())) {
return true; return true;
}
return false; return false;
} }
private Dependency getMainSwiftDependency(Dependency dependency1, Dependency dependency2) { private Dependency getMainSwiftDependency(Dependency dependency1, Dependency dependency2) {
if (isSameSwiftPackage(dependency1, dependency2)) { if (isSameSwiftPackage(dependency1, dependency2)) {
if(dependency1.getFileName().endsWith(".podspec")) if (dependency1.getFileName().endsWith(".podspec")) {
return dependency1; return dependency1;
}
return dependency2; return dependency2;
} }
return null; return null;

7
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java
View File

@@ -73,8 +73,7 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
private static final NameFileFilter IGNORED_FILES = new NameFileFilter(new String[]{ private static final NameFileFilter IGNORED_FILES = new NameFileFilter(new String[]{
"__init__.py", "__init__.py",
"__init__.pyc", "__init__.pyc",
"__init__.pyo", "__init__.pyo",});
});
/** /**
* Collects information about the file name. * Collects information about the file name.
@@ -111,9 +110,9 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
if (!IGNORED_FILES.accept(f)) { if (!IGNORED_FILES.accept(f)) {
dependency.getProductEvidence().addEvidence("file", "name", dependency.getProductEvidence().addEvidence("file", "name",
packageName, Confidence.HIGH); packageName, Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("file", "name", dependency.getVendorEvidence().addEvidence("file", "name",
packageName, Confidence.HIGH); packageName, Confidence.HIGH);
} }
} }
} }

7
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -704,17 +704,12 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
addMatchingValues(classInformation, value, productEvidence); addMatchingValues(classInformation, value, productEvidence);
// //the following caused false positives. // //the following caused false positives.
// } else if (key.equalsIgnoreCase(BUNDLE_VENDOR)) { // } else if (key.equalsIgnoreCase(BUNDLE_VENDOR)) {
// foundSomething = true;
// vendorEvidence.addEvidence(source, key, value, Confidence.HIGH);
// addMatchingValues(classInformation, value, vendorEvidence);
} else if (key.equalsIgnoreCase(BUNDLE_VERSION)) { } else if (key.equalsIgnoreCase(BUNDLE_VERSION)) {
foundSomething = true; foundSomething = true;
versionEvidence.addEvidence(source, key, value, Confidence.HIGH); versionEvidence.addEvidence(source, key, value, Confidence.HIGH);
} else if (key.equalsIgnoreCase(Attributes.Name.MAIN_CLASS.toString())) { } else if (key.equalsIgnoreCase(Attributes.Name.MAIN_CLASS.toString())) {
continue; continue;
//skipping main class as if this has important information to add //skipping main class as if this has important information to add it will be added during class name analysis...
// it will be added during class name analysis... if other fields
// have the information from the class name then they will get added...
} else { } else {
key = key.toLowerCase(); key = key.toLowerCase();
if (!IGNORE_KEYS.contains(key) if (!IGNORE_KEYS.contains(key)

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java
View File

@@ -70,8 +70,7 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
* name: "Gloss" * name: "Gloss"
* )" * )"
*/ */
private static final Pattern SPM_BLOCK_PATTERN private static final Pattern SPM_BLOCK_PATTERN = Pattern.compile("let[^=]+=\\s*Package\\s*\\(\\s*([^)]*)\\s*\\)", Pattern.DOTALL);
= Pattern.compile("let[^=]+=\\s*Package\\s*\\(\\s*([^)]*)\\s*\\)", Pattern.DOTALL);
/** /**
* Returns the FileFilter * Returns the FileFilter

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
View File

@@ -95,7 +95,7 @@ public final class ConnectionFactory {
* @throws DatabaseException thrown if we are unable to connect to the * @throws DatabaseException thrown if we are unable to connect to the
* database * database
*/ */
public static synchronized void initialize() throws DatabaseException { public static void initialize() throws DatabaseException {
//this only needs to be called once. //this only needs to be called once.
if (connectionString != null) { if (connectionString != null) {
return; return;
@@ -196,7 +196,7 @@ public final class ConnectionFactory {
* finalize method being called as during shutdown the class loader used to * finalize method being called as during shutdown the class loader used to
* load the driver may be unloaded prior to the driver being de-registered. * load the driver may be unloaded prior to the driver being de-registered.
*/ */
public static synchronized void cleanup() { public static void cleanup() {
if (driver != null) { if (driver != null) {
try { try {
DriverManager.deregisterDriver(driver); DriverManager.deregisterDriver(driver);

30
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java
View File

@@ -24,7 +24,8 @@ import java.util.regex.Pattern;
/** /**
* <p> * <p>
* A utility class to extract version numbers from file names (or other strings containing version numbers.</p> * A utility class to extract version numbers from file names (or other strings
* containing version numbers.</p>
* *
* @author Jeremy Long * @author Jeremy Long
*/ */
@@ -35,13 +36,16 @@ public final class DependencyVersionUtil {
*/ */
private static final Pattern RX_VERSION = Pattern.compile("\\d+(\\.\\d{1,6})+(\\.?([_-](release|beta|alpha|\\d+)|[a-zA-Z_-]{1,3}\\d{0,8}))?"); private static final Pattern RX_VERSION = Pattern.compile("\\d+(\\.\\d{1,6})+(\\.?([_-](release|beta|alpha|\\d+)|[a-zA-Z_-]{1,3}\\d{0,8}))?");
/** /**
* Regular expression to extract a single version number without periods. This is a last ditch effort just to check in case we * Regular expression to extract a single version number without periods.
* are missing a version number using the previous regex. * This is a last ditch effort just to check in case we are missing a
* version number using the previous regex.
*/ */
private static final Pattern RX_SINGLE_VERSION = Pattern.compile("\\d+(\\.?([_-](release|beta|alpha)|[a-zA-Z_-]{1,3}\\d{1,8}))?"); private static final Pattern RX_SINGLE_VERSION = Pattern.compile("\\d+(\\.?([_-](release|beta|alpha)|[a-zA-Z_-]{1,3}\\d{1,8}))?");
/** /**
* Regular expression to extract the part before the version numbers if there are any based on RX_VERSION. In most cases, this part represents a more accurate name. * Regular expression to extract the part before the version numbers if
* there are any based on RX_VERSION. In most cases, this part represents a
* more accurate name.
*/ */
private static final Pattern RX_PRE_VERSION = Pattern.compile("^(.+)[_-](\\d+\\.\\d{1,6})+"); private static final Pattern RX_PRE_VERSION = Pattern.compile("^(.+)[_-](\\d+\\.\\d{1,6})+");
@@ -53,7 +57,8 @@ public final class DependencyVersionUtil {
/** /**
* <p> * <p>
* A utility class to extract version numbers from file names (or other strings containing version numbers.</p> * A utility class to extract version numbers from file names (or other
* strings containing version numbers.</p>
* <pre> * <pre>
* Example: * Example:
* Give the file name: library-name-1.4.1r2-release.jar * Give the file name: library-name-1.4.1r2-release.jar
@@ -103,21 +108,24 @@ public final class DependencyVersionUtil {
/** /**
* <p> * <p>
* A utility class to extract the part before version numbers from file names (or other strings containing version numbers. * A utility class to extract the part before version numbers from file
* In most cases, this part represents a more accurate name than the full file name.</p> * names (or other strings containing version numbers. In most cases, this
* part represents a more accurate name than the full file name.</p>
* <pre> * <pre>
* Example: * Example:
* Give the file name: library-name-1.4.1r2-release.jar * Give the file name: library-name-1.4.1r2-release.jar
* This function would return: library-name</pre> * This function would return: library-name</pre>
* *
* @param text the text being analyzed * @param text the text being analyzed
* @return the part before the version numbers if any, otherwise return the text itself. * @return the part before the version numbers if any, otherwise return the
* text itself.
*/ */
public static String parsePreVersion(String text) { public static String parsePreVersion(String text) {
if(parseVersion(text) == null) if (parseVersion(text) == null) {
return text; return text;
}
Matcher matcher = RX_PRE_VERSION.matcher(text); final Matcher matcher = RX_PRE_VERSION.matcher(text);
if (matcher.find()) { if (matcher.find()) {
return matcher.group(1); return matcher.group(1);
} }

2
src/main/config/checkstyle-header.txt
View File

@@ -13,6 +13,6 @@
^ \* See the License for the specific language governing permissions and\s*$ ^ \* See the License for the specific language governing permissions and\s*$
^ \* limitations under the License\.\s*$ ^ \* limitations under the License\.\s*$
^ \*\s*$ ^ \*\s*$
^ \* Copyright \(c\) 201[0-9] (Jeremy Long|Steve Springett|Bianca Jiang|The OWASP Foundation|Institute for Defense Analyses)\. All Rights Reserved\.\s*$ ^ \* Copyright \(c\) 201[0-9] (Jeremy Long|Steve Springett|Bianca Jiang|IBM Corporation|The OWASP Foundation|Institute for Defense Analyses)\. All Rights Reserved\.\s*$
^ \*/\s*$ ^ \*/\s*$
^package ^package