mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-15 08:13:43 +01:00
more minor enhancements
Former-commit-id: e5c136aebd3a2112b4d2ea591f2d31619735f8bc
This commit is contained in:
Jeremy Long
@@ -23,11 +23,9 @@ import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.List;
|
||||
import java.util.Properties;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.LogManager;
|
||||
import java.util.logging.Logger;
|
||||
import java.util.prefs.Preferences;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
import org.apache.commons.cli.ParseException;
|
||||
import org.codesecure.dependencycheck.data.cpe.Index;
|
||||
@@ -63,6 +61,7 @@ import org.xml.sax.SAXException;
|
||||
public class App {
|
||||
|
||||
private static final String LOG_PROPERTIES_FILE = "configuration/log.properties";
|
||||
|
||||
/**
|
||||
* @param args the command line arguments
|
||||
*/
|
||||
|
||||
@@ -29,6 +29,7 @@ import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import org.codesecure.dependencycheck.analyzer.AnalysisException;
|
||||
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
|
||||
import org.codesecure.dependencycheck.analyzer.Analyzer;
|
||||
import org.codesecure.dependencycheck.analyzer.AnalyzerService;
|
||||
@@ -193,6 +194,8 @@ public class Engine {
|
||||
} else {
|
||||
a.analyze(d);
|
||||
}
|
||||
} catch (AnalysisException ex) {
|
||||
d.addAnalysisException(ex);
|
||||
} catch (IOException ex) {
|
||||
String msg = String.format("IOException occured while analyzing the file '%s'.",
|
||||
d.getActualFilePath());
|
||||
|
||||
@@ -23,7 +23,7 @@ package org.codesecure.dependencycheck.analyzer;
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
*/
|
||||
public class AnalysisException extends RuntimeException {
|
||||
public class AnalysisException extends Exception {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
|
||||
@@ -31,7 +31,10 @@ import java.util.Set;
|
||||
public interface Analyzer {
|
||||
|
||||
/**
|
||||
* Analyzes the given dependency.
|
||||
* Analyzes the given dependency. The analysis could be anything from identifying
|
||||
* an Idenifier for the dependency, to finding vulnerabilities, etc. Additionally,
|
||||
* if the analyzer collects enough information to add a description for the dependency
|
||||
* one should be added.
|
||||
*
|
||||
* @param dependency a dependency to analyze.
|
||||
* @throws AnalysisException is thrown if there is an error analyzing the dependency file
|
||||
|
||||
@@ -354,6 +354,7 @@ public class JarAnalyzer extends AbstractAnalyzer {
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.equals(BUNDLE_DESCRIPTION)) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
dependency.setDescription(value);
|
||||
} else if (key.equals(BUNDLE_NAME)) {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else if (key.equals(BUNDLE_VENDOR)) {
|
||||
@@ -379,10 +380,13 @@ public class JarAnalyzer extends AbstractAnalyzer {
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||
} else {
|
||||
if (key.contains("description")) {
|
||||
dependency.setDescription(value);
|
||||
}
|
||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
|
||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
|
||||
if (value.matches(".*\\d.*")) {
|
||||
StringTokenizer tokenizer = new StringTokenizer(value," ");
|
||||
StringTokenizer tokenizer = new StringTokenizer(value, " ");
|
||||
while (tokenizer.hasMoreElements()) {
|
||||
String s = tokenizer.nextToken();
|
||||
if (s.matches("^[0-9.]+$")) {
|
||||
@@ -397,6 +401,12 @@ public class JarAnalyzer extends AbstractAnalyzer {
|
||||
}
|
||||
}
|
||||
|
||||
private void addDescription(Dependency d, String description) {
|
||||
if (d.getDescription() == null) {
|
||||
d.setDescription(description);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The initialize method does nothing for this Analyzer
|
||||
*/
|
||||
|
||||
@@ -231,7 +231,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
|
||||
sb.append(txt);
|
||||
for (Evidence e : ec.iterator(confidenceFilter)) {
|
||||
String value = e.getValue();
|
||||
|
||||
|
||||
//hack to get around the fact that lucene does a realy good job of recognizing domains and not
|
||||
// splitting them. TODO - put together a better lucene analyzer specific to the domain.
|
||||
if (value.startsWith("http://")) {
|
||||
|
||||
@@ -286,6 +286,57 @@ public class Dependency {
|
||||
public EvidenceCollection getVersionEvidence() {
|
||||
return this.versionEvidence;
|
||||
}
|
||||
/**
|
||||
* A list of exceptions that occured during analysis of this dependency.
|
||||
*/
|
||||
protected List<Exception> analysisExceptions = new ArrayList<Exception>();
|
||||
|
||||
/**
|
||||
* Get the value of analysisExceptions
|
||||
*
|
||||
* @return the value of analysisExceptions
|
||||
*/
|
||||
public List<Exception> getAnalysisExceptions() {
|
||||
return analysisExceptions;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the value of analysisExceptions
|
||||
*
|
||||
* @param analysisExceptions new value of analysisExceptions
|
||||
*/
|
||||
public void setAnalysisExceptions(List<Exception> analysisExceptions) {
|
||||
this.analysisExceptions = analysisExceptions;
|
||||
}
|
||||
/**
|
||||
* Adds an exception to the analysis exceptions collection.
|
||||
* @param ex an exception.
|
||||
*/
|
||||
public void addAnalysisException(Exception ex) {
|
||||
this.analysisExceptions.add(ex);
|
||||
}
|
||||
/**
|
||||
* The description of the JAR file.
|
||||
*/
|
||||
protected String description;
|
||||
|
||||
/**
|
||||
* Get the value of description
|
||||
*
|
||||
* @return the value of description
|
||||
*/
|
||||
public String getDescription() {
|
||||
return description;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the value of description
|
||||
*
|
||||
* @param description new value of description
|
||||
*/
|
||||
public void setDescription(String description) {
|
||||
this.description = description;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if the specified string was used when searching.
|
||||
|
||||
@@ -37,6 +37,18 @@ public class Identifier {
|
||||
this.title = title;
|
||||
this.url = url;
|
||||
}
|
||||
/**
|
||||
* Constructs a new Identifier with the specified data.
|
||||
* @param type the identifier type.
|
||||
* @param value the identifier value.
|
||||
* @param title the identifier title.
|
||||
* @param url the identifier url.
|
||||
* @param description the description of the identifier.
|
||||
*/
|
||||
Identifier(String type, String value, String title, String url, String description) {
|
||||
this(type, value, title, url);
|
||||
this.description = description;
|
||||
}
|
||||
/**
|
||||
* The value of the identifeir
|
||||
*/
|
||||
@@ -125,4 +137,27 @@ public class Identifier {
|
||||
public void setType(String type) {
|
||||
this.type = type;
|
||||
}
|
||||
/**
|
||||
* A description of the identifier.
|
||||
*/
|
||||
protected String description;
|
||||
|
||||
/**
|
||||
* Get the value of description
|
||||
*
|
||||
* @return the value of description
|
||||
*/
|
||||
public String getDescription() {
|
||||
return description;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the value of description
|
||||
*
|
||||
* @param description new value of description
|
||||
*/
|
||||
public void setDescription(String description) {
|
||||
this.description = description;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user