github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 16:49:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

added filter to add the correct Maven namespace to the POM if it is missing

Browse Source 
Former-commit-id: c8e02d730b9c0195fa390b3cced77a4fd4410197
This commit is contained in:
Jeremy Long
2013-06-04 22:54:28 -04:00
parent c31be72c8a
commit faff34a8c6
1 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -23,6 +23,7 @@ import java.util.Enumeration;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import javax.xml.bind.JAXBException; import javax.xml.bind.JAXBException;
import javax.xml.parsers.ParserConfigurationException;
import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence; import org.owasp.dependencycheck.dependency.Evidence;
@@ -46,12 +47,21 @@ import java.util.zip.ZipEntry;
import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement; import javax.xml.bind.JAXBElement;
import javax.xml.bind.Unmarshaller; import javax.xml.bind.Unmarshaller;
import javax.xml.bind.UnmarshallerHandler;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.sax.SAXSource;
import org.jsoup.Jsoup; import org.jsoup.Jsoup;
import org.owasp.dependencycheck.analyzer.pom.MavenNamespaceFilter;
import org.owasp.dependencycheck.analyzer.pom.generated.License; import org.owasp.dependencycheck.analyzer.pom.generated.License;
import org.owasp.dependencycheck.analyzer.pom.generated.Model; import org.owasp.dependencycheck.analyzer.pom.generated.Model;
import org.owasp.dependencycheck.analyzer.pom.generated.Organization; import org.owasp.dependencycheck.analyzer.pom.generated.Organization;
import org.owasp.dependencycheck.utils.NonClosingStream; import org.owasp.dependencycheck.utils.NonClosingStream;
import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.Settings;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLFilter;
import org.xml.sax.XMLReader;
/** /**
* *
@@ -320,9 +330,29 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
private Model retrievePom(String path, JarFile jar) throws JAXBException, IOException { private Model retrievePom(String path, JarFile jar) throws JAXBException, IOException {
ZipEntry entry = jar.getEntry(path); ZipEntry entry = jar.getEntry(path);
if (entry != null) { //should never be null if (entry != null) { //should never be null
final NonClosingStream stream = new NonClosingStream(jar.getInputStream(entry)); Model m = null;
final JAXBElement obj = (JAXBElement) pomUnmarshaller.unmarshal(stream); try {
return (Model) obj.getValue(); XMLFilter filter = new MavenNamespaceFilter();
SAXParserFactory spf = SAXParserFactory.newInstance();
SAXParser sp = spf.newSAXParser();
XMLReader xr = sp.getXMLReader();
filter.setParent(xr);
NonClosingStream stream = new NonClosingStream(jar.getInputStream(entry));
InputStreamReader reader = new InputStreamReader(stream);
InputSource xml = new InputSource(reader);
SAXSource source = new SAXSource(filter, xml);
JAXBElement<Model> el = pomUnmarshaller.unmarshal(source, Model.class);
m = el.getValue();
} catch (ParserConfigurationException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
} catch (SAXException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
} catch (JAXBException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, "failure reading pom via jaxb path:'"
+ path + "' jar:'" + jar.getName() + "'", ex);
}
return m;
} }
return null; return null;
} }