mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-21 16:49:43 +01:00
more minor enhancements
Former-commit-id: e5c136aebd3a2112b4d2ea591f2d31619735f8bc
This commit is contained in:
Jeremy Long
@@ -23,11 +23,9 @@ import java.io.FileNotFoundException;
|
|||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Properties;
|
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import java.util.logging.LogManager;
|
import java.util.logging.LogManager;
|
||||||
import java.util.logging.Logger;
|
import java.util.logging.Logger;
|
||||||
import java.util.prefs.Preferences;
|
|
||||||
import javax.xml.parsers.ParserConfigurationException;
|
import javax.xml.parsers.ParserConfigurationException;
|
||||||
import org.apache.commons.cli.ParseException;
|
import org.apache.commons.cli.ParseException;
|
||||||
import org.codesecure.dependencycheck.data.cpe.Index;
|
import org.codesecure.dependencycheck.data.cpe.Index;
|
||||||
@@ -63,6 +61,7 @@ import org.xml.sax.SAXException;
|
|||||||
public class App {
|
public class App {
|
||||||
|
|
||||||
private static final String LOG_PROPERTIES_FILE = "configuration/log.properties";
|
private static final String LOG_PROPERTIES_FILE = "configuration/log.properties";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param args the command line arguments
|
* @param args the command line arguments
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -29,6 +29,7 @@ import java.util.List;
|
|||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import java.util.logging.Logger;
|
import java.util.logging.Logger;
|
||||||
|
import org.codesecure.dependencycheck.analyzer.AnalysisException;
|
||||||
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
|
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
|
||||||
import org.codesecure.dependencycheck.analyzer.Analyzer;
|
import org.codesecure.dependencycheck.analyzer.Analyzer;
|
||||||
import org.codesecure.dependencycheck.analyzer.AnalyzerService;
|
import org.codesecure.dependencycheck.analyzer.AnalyzerService;
|
||||||
@@ -193,6 +194,8 @@ public class Engine {
|
|||||||
} else {
|
} else {
|
||||||
a.analyze(d);
|
a.analyze(d);
|
||||||
}
|
}
|
||||||
|
} catch (AnalysisException ex) {
|
||||||
|
d.addAnalysisException(ex);
|
||||||
} catch (IOException ex) {
|
} catch (IOException ex) {
|
||||||
String msg = String.format("IOException occured while analyzing the file '%s'.",
|
String msg = String.format("IOException occured while analyzing the file '%s'.",
|
||||||
d.getActualFilePath());
|
d.getActualFilePath());
|
||||||
|
|||||||
@@ -23,7 +23,7 @@ package org.codesecure.dependencycheck.analyzer;
|
|||||||
*
|
*
|
||||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||||
*/
|
*/
|
||||||
public class AnalysisException extends RuntimeException {
|
public class AnalysisException extends Exception {
|
||||||
|
|
||||||
private static final long serialVersionUID = 1L;
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
|||||||
@@ -31,7 +31,10 @@ import java.util.Set;
|
|||||||
public interface Analyzer {
|
public interface Analyzer {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Analyzes the given dependency.
|
* Analyzes the given dependency. The analysis could be anything from identifying
|
||||||
|
* an Idenifier for the dependency, to finding vulnerabilities, etc. Additionally,
|
||||||
|
* if the analyzer collects enough information to add a description for the dependency
|
||||||
|
* one should be added.
|
||||||
*
|
*
|
||||||
* @param dependency a dependency to analyze.
|
* @param dependency a dependency to analyze.
|
||||||
* @throws AnalysisException is thrown if there is an error analyzing the dependency file
|
* @throws AnalysisException is thrown if there is an error analyzing the dependency file
|
||||||
|
|||||||
@@ -354,6 +354,7 @@ public class JarAnalyzer extends AbstractAnalyzer {
|
|||||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||||
} else if (key.equals(BUNDLE_DESCRIPTION)) {
|
} else if (key.equals(BUNDLE_DESCRIPTION)) {
|
||||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||||
|
dependency.setDescription(value);
|
||||||
} else if (key.equals(BUNDLE_NAME)) {
|
} else if (key.equals(BUNDLE_NAME)) {
|
||||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||||
} else if (key.equals(BUNDLE_VENDOR)) {
|
} else if (key.equals(BUNDLE_VENDOR)) {
|
||||||
@@ -379,6 +380,9 @@ public class JarAnalyzer extends AbstractAnalyzer {
|
|||||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
|
||||||
} else {
|
} else {
|
||||||
|
if (key.contains("description")) {
|
||||||
|
dependency.setDescription(value);
|
||||||
|
}
|
||||||
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
|
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
|
||||||
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
|
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
|
||||||
if (value.matches(".*\\d.*")) {
|
if (value.matches(".*\\d.*")) {
|
||||||
@@ -397,6 +401,12 @@ public class JarAnalyzer extends AbstractAnalyzer {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void addDescription(Dependency d, String description) {
|
||||||
|
if (d.getDescription() == null) {
|
||||||
|
d.setDescription(description);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The initialize method does nothing for this Analyzer
|
* The initialize method does nothing for this Analyzer
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -286,6 +286,57 @@ public class Dependency {
|
|||||||
public EvidenceCollection getVersionEvidence() {
|
public EvidenceCollection getVersionEvidence() {
|
||||||
return this.versionEvidence;
|
return this.versionEvidence;
|
||||||
}
|
}
|
||||||
|
/**
|
||||||
|
* A list of exceptions that occured during analysis of this dependency.
|
||||||
|
*/
|
||||||
|
protected List<Exception> analysisExceptions = new ArrayList<Exception>();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the value of analysisExceptions
|
||||||
|
*
|
||||||
|
* @return the value of analysisExceptions
|
||||||
|
*/
|
||||||
|
public List<Exception> getAnalysisExceptions() {
|
||||||
|
return analysisExceptions;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set the value of analysisExceptions
|
||||||
|
*
|
||||||
|
* @param analysisExceptions new value of analysisExceptions
|
||||||
|
*/
|
||||||
|
public void setAnalysisExceptions(List<Exception> analysisExceptions) {
|
||||||
|
this.analysisExceptions = analysisExceptions;
|
||||||
|
}
|
||||||
|
/**
|
||||||
|
* Adds an exception to the analysis exceptions collection.
|
||||||
|
* @param ex an exception.
|
||||||
|
*/
|
||||||
|
public void addAnalysisException(Exception ex) {
|
||||||
|
this.analysisExceptions.add(ex);
|
||||||
|
}
|
||||||
|
/**
|
||||||
|
* The description of the JAR file.
|
||||||
|
*/
|
||||||
|
protected String description;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the value of description
|
||||||
|
*
|
||||||
|
* @return the value of description
|
||||||
|
*/
|
||||||
|
public String getDescription() {
|
||||||
|
return description;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set the value of description
|
||||||
|
*
|
||||||
|
* @param description new value of description
|
||||||
|
*/
|
||||||
|
public void setDescription(String description) {
|
||||||
|
this.description = description;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Determines if the specified string was used when searching.
|
* Determines if the specified string was used when searching.
|
||||||
|
|||||||
@@ -37,6 +37,18 @@ public class Identifier {
|
|||||||
this.title = title;
|
this.title = title;
|
||||||
this.url = url;
|
this.url = url;
|
||||||
}
|
}
|
||||||
|
/**
|
||||||
|
* Constructs a new Identifier with the specified data.
|
||||||
|
* @param type the identifier type.
|
||||||
|
* @param value the identifier value.
|
||||||
|
* @param title the identifier title.
|
||||||
|
* @param url the identifier url.
|
||||||
|
* @param description the description of the identifier.
|
||||||
|
*/
|
||||||
|
Identifier(String type, String value, String title, String url, String description) {
|
||||||
|
this(type, value, title, url);
|
||||||
|
this.description = description;
|
||||||
|
}
|
||||||
/**
|
/**
|
||||||
* The value of the identifeir
|
* The value of the identifeir
|
||||||
*/
|
*/
|
||||||
@@ -125,4 +137,27 @@ public class Identifier {
|
|||||||
public void setType(String type) {
|
public void setType(String type) {
|
||||||
this.type = type;
|
this.type = type;
|
||||||
}
|
}
|
||||||
|
/**
|
||||||
|
* A description of the identifier.
|
||||||
|
*/
|
||||||
|
protected String description;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the value of description
|
||||||
|
*
|
||||||
|
* @return the value of description
|
||||||
|
*/
|
||||||
|
public String getDescription() {
|
||||||
|
return description;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set the value of description
|
||||||
|
*
|
||||||
|
* @param description new value of description
|
||||||
|
*/
|
||||||
|
public void setDescription(String description) {
|
||||||
|
this.description = description;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -245,6 +245,9 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
|||||||
.white {
|
.white {
|
||||||
background-color: #ffffff;
|
background-color: #ffffff;
|
||||||
}
|
}
|
||||||
|
.red {
|
||||||
|
background-color: #DF0101;
|
||||||
|
}
|
||||||
.left {
|
.left {
|
||||||
text-align: left;
|
text-align: left;
|
||||||
}
|
}
|
||||||
@@ -252,12 +255,22 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
|||||||
margin-left:20px;
|
margin-left:20px;
|
||||||
}
|
}
|
||||||
td, th {
|
td, th {
|
||||||
padding:3px;
|
padding:6px;
|
||||||
margin:3px;
|
margin:0px;
|
||||||
|
}
|
||||||
|
table {
|
||||||
|
border: 0px;
|
||||||
|
}
|
||||||
|
table tr:nth-child(even) {
|
||||||
|
background-color: #eeeeee;
|
||||||
}
|
}
|
||||||
body {
|
body {
|
||||||
font: 13px "Droid Sans",Arial,"Helvetica Neue","Lucida Grande",sans-serif
|
font: 13px "Droid Sans",Arial,"Helvetica Neue","Lucida Grande",sans-serif
|
||||||
}
|
}
|
||||||
|
ul {
|
||||||
|
margin-top:3px;
|
||||||
|
margin-bottom:3px;
|
||||||
|
}
|
||||||
</style>
|
</style>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
@@ -276,14 +289,35 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
|||||||
#set($cnt=0)
|
#set($cnt=0)
|
||||||
#foreach($dependency in $dependencies)
|
#foreach($dependency in $dependencies)
|
||||||
<h3 class="subsectionheader standardsubsection"><a name="$esc.html($dependency.FilePath)"></a>$esc.html($dependency.FileName)</h3>
|
<h3 class="subsectionheader standardsubsection"><a name="$esc.html($dependency.FilePath)"></a>$esc.html($dependency.FileName)</h3>
|
||||||
<div class="subsectioncontent">File Path: $esc.html($dependency.FilePath)<br/>
|
<div class="subsectioncontent">
|
||||||
MD5: $esc.html($dependency.Md5sum)<br/>
|
#if ($dependency.description)
|
||||||
SHA1: $esc.html($dependency.Sha1sum)
|
<p><b>Description: </b>$esc.html($dependency.description)</p>
|
||||||
|
#end
|
||||||
|
<p><b>File Path:</b> $esc.html($dependency.FilePath)<br/>
|
||||||
|
<b>MD5:</b> $esc.html($dependency.Md5sum)<br/>
|
||||||
|
<b>SHA1:</b> $esc.html($dependency.Sha1sum)</p>
|
||||||
|
|
||||||
|
#if ( $dependency.analysisExceptions.size() != 0 )
|
||||||
|
#set($cnt=$cnt+1)
|
||||||
|
<h4 id="header$cnt" class="subsectionheader red">Analysis Exceptions</h4>
|
||||||
|
<div id="content$cnt" class="subsectioncontent standardsubsection">
|
||||||
|
<ul>
|
||||||
|
#foreach($ex in $dependency.analysisExceptions)
|
||||||
|
<li>$esc.html($ex.message)<br/><br/>$esc.html($ex.stackTrace)
|
||||||
|
#if ( $ex.cause )
|
||||||
|
<br/><b>Caused by:</b> $esc.html($ex.cause.message)
|
||||||
|
<br/><br/>$esc.html($ex.cause.stackTrace)
|
||||||
|
#end
|
||||||
|
</li>
|
||||||
|
#end
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
#end
|
||||||
#set($cnt=$cnt+1)
|
#set($cnt=$cnt+1)
|
||||||
<h4 id="header$cnt" class="subsectionheader expandablesubsection white">Evidence</h4>
|
<h4 id="header$cnt" class="subsectionheader expandablesubsection white">Evidence</h4>
|
||||||
<div id="content$cnt" class="subsectioncontent standardsubsection hidden">
|
<div id="content$cnt" class="subsectioncontent standardsubsection hidden">
|
||||||
<table border="0">
|
<table border="0" style="width:100%">
|
||||||
<tr><th class="left">Source</th><th class="left">Name</th><th class="left">Value</th></tr>
|
<tr><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:70%;">Value</th></tr>
|
||||||
#foreach($evidence in $dependency.getEvidenceUsed())
|
#foreach($evidence in $dependency.getEvidenceUsed())
|
||||||
<tr><td>$esc.html($evidence.getSource())</td><td>$esc.html($evidence.getName())</td><td>$esc.html($evidence.getValue())</td></tr>
|
<tr><td>$esc.html($evidence.getSource())</td><td>$esc.html($evidence.getName())</td><td>$esc.html($evidence.getValue())</td></tr>
|
||||||
#end
|
#end
|
||||||
@@ -310,7 +344,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
|||||||
<ul>
|
<ul>
|
||||||
#foreach($id in $dependency.getIdentifiers())
|
#foreach($id in $dependency.getIdentifiers())
|
||||||
##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
|
##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
|
||||||
<li><b>$esc.html($id.type):</b> $esc.html($id.title) : <a href="$esc.html($id.url)" target="blank">$esc.html($id.value)</a></li>
|
<li><b>$esc.html($id.type):</b> $esc.html($id.title) : <a href="$esc.html($id.url)" target="blank">$esc.html($id.value)</a>
|
||||||
|
#if( $id.descrription )
|
||||||
|
<br/>$esc.html($id.description)
|
||||||
|
#end
|
||||||
|
</li>
|
||||||
#end
|
#end
|
||||||
</ul>
|
</ul>
|
||||||
#end
|
#end
|
||||||
|
|||||||
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user