github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 16:49:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

more minor enhancements

Browse Source 
Former-commit-id: e5c136aebd3a2112b4d2ea591f2d31619735f8bc
This commit is contained in:
Jeremy Long
2012-09-29 04:56:50 -04:00
parent 872373410b
commit ff3be5ccf5
10 changed files with 153 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/org/codesecure/dependencycheck/App.java
View File

@@ -23,11 +23,9 @@ import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.util.List; import java.util.List;
import java.util.Properties;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.LogManager; import java.util.logging.LogManager;
import java.util.logging.Logger; import java.util.logging.Logger;
import java.util.prefs.Preferences;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.cli.ParseException; import org.apache.commons.cli.ParseException;
import org.codesecure.dependencycheck.data.cpe.Index; import org.codesecure.dependencycheck.data.cpe.Index;
@@ -63,6 +61,7 @@ import org.xml.sax.SAXException;
public class App { public class App {
private static final String LOG_PROPERTIES_FILE = "configuration/log.properties"; private static final String LOG_PROPERTIES_FILE = "configuration/log.properties";
/** /**
* @param args the command line arguments * @param args the command line arguments
*/ */

3
src/main/java/org/codesecure/dependencycheck/Engine.java
View File

@@ -29,6 +29,7 @@ import java.util.List;
import java.util.Set; import java.util.Set;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import org.codesecure.dependencycheck.analyzer.AnalysisException;
import org.codesecure.dependencycheck.analyzer.AnalysisPhase; import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
import org.codesecure.dependencycheck.analyzer.Analyzer; import org.codesecure.dependencycheck.analyzer.Analyzer;
import org.codesecure.dependencycheck.analyzer.AnalyzerService; import org.codesecure.dependencycheck.analyzer.AnalyzerService;
@@ -193,6 +194,8 @@ public class Engine {
} else { } else {
a.analyze(d); a.analyze(d);
} }
} catch (AnalysisException ex) {
d.addAnalysisException(ex);
} catch (IOException ex) { } catch (IOException ex) {
String msg = String.format("IOException occured while analyzing the file '%s'.", String msg = String.format("IOException occured while analyzing the file '%s'.",
d.getActualFilePath()); d.getActualFilePath());

2
src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisException.java
View File

@@ -23,7 +23,7 @@ package org.codesecure.dependencycheck.analyzer;
* *
* @author Jeremy Long (jeremy.long@gmail.com) * @author Jeremy Long (jeremy.long@gmail.com)
*/ */
public class AnalysisException extends RuntimeException { public class AnalysisException extends Exception {
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;

5
src/main/java/org/codesecure/dependencycheck/analyzer/Analyzer.java
View File

@@ -31,7 +31,10 @@ import java.util.Set;
public interface Analyzer { public interface Analyzer {
/** /**
* Analyzes the given dependency. * Analyzes the given dependency. The analysis could be anything from identifying
* an Idenifier for the dependency, to finding vulnerabilities, etc. Additionally,
* if the analyzer collects enough information to add a description for the dependency
* one should be added.
* *
* @param dependency a dependency to analyze. * @param dependency a dependency to analyze.
* @throws AnalysisException is thrown if there is an error analyzing the dependency file * @throws AnalysisException is thrown if there is an error analyzing the dependency file

12
src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -354,6 +354,7 @@ public class JarAnalyzer extends AbstractAnalyzer {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_DESCRIPTION)) { } else if (key.equals(BUNDLE_DESCRIPTION)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
dependency.setDescription(value);
} else if (key.equals(BUNDLE_NAME)) { } else if (key.equals(BUNDLE_NAME)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_VENDOR)) { } else if (key.equals(BUNDLE_VENDOR)) {
@@ -379,10 +380,13 @@ public class JarAnalyzer extends AbstractAnalyzer {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else { } else {
if (key.contains("description")) {
dependency.setDescription(value);
}
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW); productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW); vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
if (value.matches(".*\\d.*")) { if (value.matches(".*\\d.*")) {
StringTokenizer tokenizer = new StringTokenizer(value," "); StringTokenizer tokenizer = new StringTokenizer(value, " ");
while (tokenizer.hasMoreElements()) { while (tokenizer.hasMoreElements()) {
String s = tokenizer.nextToken(); String s = tokenizer.nextToken();
if (s.matches("^[0-9.]+$")) { if (s.matches("^[0-9.]+$")) {
@@ -397,6 +401,12 @@ public class JarAnalyzer extends AbstractAnalyzer {
} }
} }
private void addDescription(Dependency d, String description) {
if (d.getDescription() == null) {
d.setDescription(description);
}
}
/** /**
* The initialize method does nothing for this Analyzer * The initialize method does nothing for this Analyzer
*/ */

51
src/main/java/org/codesecure/dependencycheck/dependency/Dependency.java
View File

@@ -286,6 +286,57 @@ public class Dependency {
public EvidenceCollection getVersionEvidence() { public EvidenceCollection getVersionEvidence() {
return this.versionEvidence; return this.versionEvidence;
} }
/**
* A list of exceptions that occured during analysis of this dependency.
*/
protected List<Exception> analysisExceptions = new ArrayList<Exception>();
/**
* Get the value of analysisExceptions
*
* @return the value of analysisExceptions
*/
public List<Exception> getAnalysisExceptions() {
return analysisExceptions;
}
/**
* Set the value of analysisExceptions
*
* @param analysisExceptions new value of analysisExceptions
*/
public void setAnalysisExceptions(List<Exception> analysisExceptions) {
this.analysisExceptions = analysisExceptions;
}
/**
* Adds an exception to the analysis exceptions collection.
* @param ex an exception.
*/
public void addAnalysisException(Exception ex) {
this.analysisExceptions.add(ex);
}
/**
* The description of the JAR file.
*/
protected String description;
/**
* Get the value of description
*
* @return the value of description
*/
public String getDescription() {
return description;
}
/**
* Set the value of description
*
* @param description new value of description
*/
public void setDescription(String description) {
this.description = description;
}
/** /**
* Determines if the specified string was used when searching. * Determines if the specified string was used when searching.

35
src/main/java/org/codesecure/dependencycheck/dependency/Identifier.java
View File

@@ -37,6 +37,18 @@ public class Identifier {
this.title = title; this.title = title;
this.url = url; this.url = url;
} }
/**
* Constructs a new Identifier with the specified data.
* @param type the identifier type.
* @param value the identifier value.
* @param title the identifier title.
* @param url the identifier url.
* @param description the description of the identifier.
*/
Identifier(String type, String value, String title, String url, String description) {
this(type, value, title, url);
this.description = description;
}
/** /**
* The value of the identifeir * The value of the identifeir
*/ */
@@ -125,4 +137,27 @@ public class Identifier {
public void setType(String type) { public void setType(String type) {
this.type = type; this.type = type;
} }
/**
* A description of the identifier.
*/
protected String description;
/**
* Get the value of description
*
* @return the value of description
*/
public String getDescription() {
return description;
}
/**
* Set the value of description
*
* @param description new value of description
*/
public void setDescription(String description) {
this.description = description;
}
} }

54
src/main/resources/templates/HtmlReport.vsl
View File

@@ -245,6 +245,9 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
.white { .white {
background-color: #ffffff; background-color: #ffffff;
} }
.red {
background-color: #DF0101;
}
.left { .left {
text-align: left; text-align: left;
} }
@@ -252,12 +255,22 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
margin-left:20px; margin-left:20px;
} }
td, th { td, th {
padding:3px; padding:6px;
margin:3px; margin:0px;
}
table {
border: 0px;
}
table tr:nth-child(even) {
background-color: #eeeeee;
} }
body { body {
font: 13px "Droid Sans",Arial,"Helvetica Neue","Lucida Grande",sans-serif font: 13px "Droid Sans",Arial,"Helvetica Neue","Lucida Grande",sans-serif
} }
ul {
margin-top:3px;
margin-bottom:3px;
}
</style> </style>
</head> </head>
<body> <body>
@@ -276,14 +289,35 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
#set($cnt=0) #set($cnt=0)
#foreach($dependency in $dependencies) #foreach($dependency in $dependencies)
<h3 class="subsectionheader standardsubsection"><a name="$esc.html($dependency.FilePath)"></a>$esc.html($dependency.FileName)</h3> <h3 class="subsectionheader standardsubsection"><a name="$esc.html($dependency.FilePath)"></a>$esc.html($dependency.FileName)</h3>
<div class="subsectioncontent">File&nbsp;Path:&nbsp;$esc.html($dependency.FilePath)<br/> <div class="subsectioncontent">
MD5:&nbsp;$esc.html($dependency.Md5sum)<br/> #if ($dependency.description)
SHA1:&nbsp;$esc.html($dependency.Sha1sum) <p><b>Description:&nbsp;</b>$esc.html($dependency.description)</p>
#end
<p><b>File&nbsp;Path:</b>&nbsp;$esc.html($dependency.FilePath)<br/>
<b>MD5:</b>&nbsp;$esc.html($dependency.Md5sum)<br/>
<b>SHA1:</b>&nbsp;$esc.html($dependency.Sha1sum)</p>
#if ( $dependency.analysisExceptions.size() != 0 )
#set($cnt=$cnt+1)
<h4 id="header$cnt" class="subsectionheader red">Analysis Exceptions</h4>
<div id="content$cnt" class="subsectioncontent standardsubsection">
<ul>
#foreach($ex in $dependency.analysisExceptions)
<li>$esc.html($ex.message)<br/><br/>$esc.html($ex.stackTrace)
#if ( $ex.cause )
<br/><b>Caused by:</b> $esc.html($ex.cause.message)
<br/><br/>$esc.html($ex.cause.stackTrace)
#end
</li>
#end
</ul>
</div>
#end
#set($cnt=$cnt+1) #set($cnt=$cnt+1)
<h4 id="header$cnt" class="subsectionheader expandablesubsection white">Evidence</h4> <h4 id="header$cnt" class="subsectionheader expandablesubsection white">Evidence</h4>
<div id="content$cnt" class="subsectioncontent standardsubsection hidden"> <div id="content$cnt" class="subsectioncontent standardsubsection hidden">
<table border="0"> <table border="0" style="width:100%">
<tr><th class="left">Source</th><th class="left">Name</th><th class="left">Value</th></tr> <tr><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:70%;">Value</th></tr>
#foreach($evidence in $dependency.getEvidenceUsed()) #foreach($evidence in $dependency.getEvidenceUsed())
<tr><td>$esc.html($evidence.getSource())</td><td>$esc.html($evidence.getName())</td><td>$esc.html($evidence.getValue())</td></tr> <tr><td>$esc.html($evidence.getSource())</td><td>$esc.html($evidence.getName())</td><td>$esc.html($evidence.getValue())</td></tr>
#end #end
@@ -310,7 +344,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
<ul> <ul>
#foreach($id in $dependency.getIdentifiers()) #foreach($id in $dependency.getIdentifiers())
##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here... ##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
<li><b>$esc.html($id.type):</b>&nbsp;$esc.html($id.title)&nbsp;:&nbsp;<a href="$esc.html($id.url)" target="blank">$esc.html($id.value)</a></li> <li><b>$esc.html($id.type):</b>&nbsp;$esc.html($id.title)&nbsp;:&nbsp;<a href="$esc.html($id.url)" target="blank">$esc.html($id.value)</a>
#if( $id.descrription )
<br/>$esc.html($id.description)
#end
</li>
#end #end
</ul> </ul>
#end #end

327
src/main/resources/templates/HtmlReport.vsl.bak
View File

File diff suppressed because one or more lines are too long