From fb0f4dd2cf809c2b7045cceb7a7be5a020e57f2a Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 7 Jun 2013 22:04:35 -0400 Subject: [PATCH] re-arranged code and improved documentation (some) Former-commit-id: 24b983d81673b2055bef970e04a040c334a716bb --- .../analyzer/DependencyBundlingAnalyzer.java | 26 +++++------ .../analyzer/FalsePositiveAnalyzer.java | 13 +++--- .../analyzer/FileNameAnalyzer.java | 6 +-- .../analyzer/HintAnalyzer.java | 7 +-- .../dependencycheck/analyzer/JarAnalyzer.java | 43 +++++++++---------- .../analyzer/JavaScriptAnalyzer.java | 17 ++++---- 6 files changed, 51 insertions(+), 61 deletions(-) diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java index ae1bb5e9f..5cd139ccc 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java @@ -43,6 +43,18 @@ import org.owasp.dependencycheck.utils.DependencyVersionUtil; */ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Analyzer { + // + /** + * A pattern for obtaining the first part of a filename. + */ + private static final Pattern STARTING_TEXT_PATTERN = Pattern.compile("^[a-zA-Z]*"); + /** + * a flag indicating if this analyzer has run. This analyzer only runs once. + */ + private boolean analyzed = false; + // + + // /** * The set of file extensions supported by this analyzer. */ @@ -55,14 +67,8 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal * The phase that this analyzer is intended to run in. */ private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_FINDING_ANALYSIS; - /** - * A pattern for obtaining the first part of a filename. - */ - private static final Pattern STARTING_TEXT_PATTERN = Pattern.compile("^[a-zA-Z]*"); - /** * Returns a list of file EXTENSIONS supported by this analyzer. - * * @return a list of file EXTENSIONS supported by this analyzer. */ public Set getSupportedExtensions() { @@ -71,7 +77,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal /** * Returns the name of the analyzer. - * * @return the name of the analyzer. */ public String getName() { @@ -80,7 +85,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal /** * Returns whether or not this analyzer can process the given extension. - * * @param extension the file extension to test for support * @return whether or not the specified file extension is supported by this * analyzer. @@ -91,16 +95,12 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal /** * Returns the phase that the analyzer is intended to run in. - * * @return the phase that the analyzer is intended to run in. */ public AnalysisPhase getAnalysisPhase() { return ANALYSIS_PHASE; } - /** - * a flag indicating if this analyzer has run. This analyzer only runs once. - */ - private boolean analyzed = false; + // /** * Analyzes a set of dependencies. If they have been found to have the same diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java index 5c0e7336d..9dfebbe78 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java @@ -41,6 +41,7 @@ import org.owasp.dependencycheck.utils.Settings; */ public class FalsePositiveAnalyzer extends AbstractAnalyzer { + // /** * The set of file extensions supported by this analyzer. */ @@ -56,7 +57,6 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { /** * Returns a list of file EXTENSIONS supported by this analyzer. - * * @return a list of file EXTENSIONS supported by this analyzer. */ public Set getSupportedExtensions() { @@ -65,7 +65,6 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { /** * Returns the name of the analyzer. - * * @return the name of the analyzer. */ public String getName() { @@ -74,27 +73,26 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { /** * Returns whether or not this analyzer can process the given extension. - * * @param extension the file extension to test for support * @return whether or not the specified file extension is supported by this * analyzer. */ public boolean supportsExtension(String extension) { - return true; //EXTENSIONS.contains(extension); + return true; } /** * Returns the phase that the analyzer is intended to run in. - * * @return the phase that the analyzer is intended to run in. */ public AnalysisPhase getAnalysisPhase() { return ANALYSIS_PHASE; } + // /** - * - * + * Analyzes the dependencies and removes bad/incorrect CPE associations + * based on various heuristics. * @param dependency the dependency to analyze. * @param engine the engine that is scanning the dependencies * @throws AnalysisException is thrown if there is an error reading the JAR @@ -232,6 +230,5 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { itr.remove(); } } - } } diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java index 9d33103fc..d92723277 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java @@ -31,6 +31,7 @@ import org.owasp.dependencycheck.Engine; */ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer { + // /** * The name of the analyzer. */ @@ -46,7 +47,6 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer { /** * Returns a list of file EXTENSIONS supported by this analyzer. - * * @return a list of file EXTENSIONS supported by this analyzer. */ public Set getSupportedExtensions() { @@ -55,7 +55,6 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer { /** * Returns the name of the analyzer. - * * @return the name of the analyzer. */ public String getName() { @@ -64,7 +63,6 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer { /** * Returns whether or not this analyzer can process the given extension. - * * @param extension the file extension to test for support. * @return whether or not the specified file extension is supported by this * analyzer. @@ -75,12 +73,12 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer { /** * Returns the phase that the analyzer is intended to run in. - * * @return the phase that the analyzer is intended to run in. */ public AnalysisPhase getAnalysisPhase() { return ANALYSIS_PHASE; } + // /** * Collects information about the file name. diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java index f15e48075..e27565651 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java @@ -29,6 +29,7 @@ import org.owasp.dependencycheck.dependency.Evidence; */ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer { + // /** * The name of the analyzer. */ @@ -41,10 +42,8 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer { * The set of file extensions supported by this analyzer. */ private static final Set EXTENSIONS = null; - /** * Returns a list of file EXTENSIONS supported by this analyzer. - * * @return a list of file EXTENSIONS supported by this analyzer. */ public Set getSupportedExtensions() { @@ -53,7 +52,6 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer { /** * Returns the name of the analyzer. - * * @return the name of the analyzer. */ public String getName() { @@ -62,7 +60,6 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer { /** * Returns whether or not this analyzer can process the given extension. - * * @param extension the file extension to test for support. * @return whether or not the specified file extension is supported by this * analyzer. @@ -73,12 +70,12 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer { /** * Returns the phase that the analyzer is intended to run in. - * * @return the phase that the analyzer is intended to run in. */ public AnalysisPhase getAnalysisPhase() { return ANALYSIS_PHASE; } + // /** * The HintAnalyzer uses knowledge about a dependency to add additional information diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index f328297ae..139d6b4ee 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -71,18 +71,11 @@ import org.xml.sax.XMLReader; */ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { + // /** * The system independent newline character. */ private static final String NEWLINE = System.getProperty("line.separator"); - /** - * The name of the analyzer. - */ - private static final String ANALYZER_NAME = "Jar Analyzer"; - /** - * The phase that this analyzer is intended to run in. - */ - private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION; /** * A list of elements in the manifest to ignore. */ @@ -110,10 +103,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { "bundle-manifestversion", "bundlemanifestversion", "include-resource"); - /** - * The set of file extensions supported by this analyzer. - */ - private static final Set EXTENSIONS = newHashSet("jar"); + /** * item in some manifest, should be considered medium confidence. */ @@ -130,10 +120,15 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { * item in some manifest, should be considered medium confidence. */ private static final String BUNDLE_VENDOR = "Bundle-Vendor"; //: Apache Software Foundation + /** + * A pattern to detect HTML within text. + */ + private static final Pattern HTML_DETECTION_PATTERN = Pattern.compile("\\<[a-z]+.*/?\\>", Pattern.CASE_INSENSITIVE); /** * The unmarshaller used to parse the pom.xml from a JAR file. */ private Unmarshaller pomUnmarshaller; + // /** * Constructs a new JarAnalyzer. @@ -147,27 +142,35 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { } } + // + /** + * The name of the analyzer. + */ + private static final String ANALYZER_NAME = "Jar Analyzer"; + /** + * The phase that this analyzer is intended to run in. + */ + private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION; + /** + * The set of file extensions supported by this analyzer. + */ + private static final Set EXTENSIONS = newHashSet("jar"); /** * Returns a list of file EXTENSIONS supported by this analyzer. - * * @return a list of file EXTENSIONS supported by this analyzer. */ public Set getSupportedExtensions() { return EXTENSIONS; } - /** * Returns the name of the analyzer. - * * @return the name of the analyzer. */ public String getName() { return ANALYZER_NAME; } - /** * Returns whether or not this analyzer can process the given extension. - * * @param extension the file extension to test for support. * @return whether or not the specified file extension is supported by this * analyzer. @@ -175,7 +178,6 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { public boolean supportsExtension(String extension) { return EXTENSIONS.contains(extension); } - /** * Returns the phase that the analyzer is intended to run in. * @@ -184,6 +186,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { public AnalysisPhase getAnalysisPhase() { return ANALYSIS_PHASE; } + // /** * Loads a specified JAR file and collects information from the manifest and @@ -217,10 +220,6 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { throw new AnalysisException("Exception occurred reading the JAR file.", ex); } } - /** - * A pattern to detect HTML within text. - */ - private static final Pattern HTML_DETECTION_PATTERN = Pattern.compile("\\<[a-z]+.*/?\\>", Pattern.CASE_INSENSITIVE); /** * Attempts to find a pom.xml within the JAR file. If found it extracts diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java index c2462c5db..c377b92ac 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java @@ -31,11 +31,8 @@ import java.util.regex.Pattern; * @author Jeremy Long (jeremy.long@owasp.org) */ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer { - - /** - * The system independent newline character. - */ - private static final String NEWLINE = System.getProperty("line.separator"); + + // /** * The name of the analyzer. */ @@ -51,7 +48,6 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer { /** * Returns a list of file EXTENSIONS supported by this analyzer. - * * @return a list of file EXTENSIONS supported by this analyzer. */ public Set getSupportedExtensions() { @@ -60,7 +56,6 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer { /** * Returns the name of the analyzer. - * * @return the name of the analyzer. */ public String getName() { @@ -69,7 +64,6 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer { /** * Returns whether or not this analyzer can process the given extension. - * * @param extension the file extension to test for support. * @return whether or not the specified file extension is supported by this * analyzer. @@ -80,12 +74,17 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer { /** * Returns the phase that the analyzer is intended to run in. - * * @return the phase that the analyzer is intended to run in. */ public AnalysisPhase getAnalysisPhase() { return ANALYSIS_PHASE; } + // + + /** + * The system independent newline character. + */ + private static final String NEWLINE = System.getProperty("line.separator"); /** * Loads a specified JAR file and collects information from the manifest and