more minor enhancements

Former-commit-id: e5c136aebd3a2112b4d2ea591f2d31619735f8bc
2026-01-17 09:06:55 +01:00 · 2012-09-29 04:56:50 -04:00
parent 872373410b
commit ff3be5ccf5
10 changed files with 153 additions and 341 deletions
--- a/src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisException.java
+++ b/src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisException.java
@@ -23,7 +23,7 @@ package org.codesecure.dependencycheck.analyzer;
 *
 * @author Jeremy Long (jeremy.long@gmail.com)
 */
-public class AnalysisException extends RuntimeException {
+public class AnalysisException extends Exception {

    private static final long serialVersionUID = 1L;

--- a/src/main/java/org/codesecure/dependencycheck/analyzer/Analyzer.java
+++ b/src/main/java/org/codesecure/dependencycheck/analyzer/Analyzer.java
@@ -31,7 +31,10 @@ import java.util.Set;
 public interface Analyzer {

    /**
-     * Analyzes the given dependency.
+     * Analyzes the given dependency. The analysis could be anything from identifying
+     * an Idenifier for the dependency, to finding vulnerabilities, etc. Additionally,
+     * if the analyzer collects enough information to add a description for the dependency
+     * one should be added.
     *
     * @param dependency a dependency to analyze.
     * @throws AnalysisException is thrown if there is an error analyzing the dependency file
--- a/src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java
+++ b/src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java
@@ -354,6 +354,7 @@ public class JarAnalyzer extends AbstractAnalyzer {
                vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
            } else if (key.equals(BUNDLE_DESCRIPTION)) {
                productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
+                dependency.setDescription(value);
            } else if (key.equals(BUNDLE_NAME)) {
                productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
            } else if (key.equals(BUNDLE_VENDOR)) {
@@ -379,10 +380,13 @@ public class JarAnalyzer extends AbstractAnalyzer {
                        productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
                        vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
                    } else {
+                        if (key.contains("description")) {
+                            dependency.setDescription(value);
+                        }
                        productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
                        vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
                        if (value.matches(".*\\d.*")) {
-                            StringTokenizer tokenizer = new StringTokenizer(value," ");
+                            StringTokenizer tokenizer = new StringTokenizer(value, " ");
                            while (tokenizer.hasMoreElements()) {
                                String s = tokenizer.nextToken();
                                if (s.matches("^[0-9.]+$")) {
@@ -397,6 +401,12 @@ public class JarAnalyzer extends AbstractAnalyzer {
        }
    }

+    private void addDescription(Dependency d, String description) {
+        if (d.getDescription() == null) {
+            d.setDescription(description);
+        }
+    }
+
    /**
     * The initialize method does nothing for this Analyzer
     */