View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.data.nuget;
19  
20  import java.io.InputStream;
21  import javax.xml.parsers.DocumentBuilder;
22  import javax.xml.xpath.XPath;
23  import javax.xml.xpath.XPathConstants;
24  import javax.xml.xpath.XPathFactory;
25  import org.owasp.dependencycheck.utils.XmlUtils;
26  import org.w3c.dom.Document;
27  import org.w3c.dom.Node;
28  
29  /**
30   * Parse a Nuspec file using XPath.
31   *
32   * @author colezlaw
33   */
34  public class XPathNuspecParser implements NuspecParser {
35  
36      /**
37       * Gets the string value of a node or null if it's not present
38       *
39       * @param n the node to test
40       * @return the string content of the node, or null if the node itself is
41       * null
42       */
43      private String getOrNull(Node n) {
44          if (n != null) {
45              return n.getTextContent();
46          } else {
47              return null;
48          }
49      }
50  
51      /**
52       * Parse an input stream and return the resulting {@link NugetPackage}.
53       *
54       * @param stream the input stream to parse
55       * @return the populated bean
56       * @throws NuspecParseException when an exception occurs
57       */
58      @Override
59      public NugetPackage parse(InputStream stream) throws NuspecParseException {
60          try {
61              final DocumentBuilder db = XmlUtils.buildSecureDocumentBuilder();
62              final Document d = db.parse(stream);
63  
64              final XPath xpath = XPathFactory.newInstance().newXPath();
65              final NugetPackage nuspec = new NugetPackage();
66  
67              if (xpath.evaluate("/package/metadata/id", d, XPathConstants.NODE) == null
68                      || xpath.evaluate("/package/metadata/version", d, XPathConstants.NODE) == null
69                      || xpath.evaluate("/package/metadata/authors", d, XPathConstants.NODE) == null
70                      || xpath.evaluate("/package/metadata/description", d, XPathConstants.NODE) == null) {
71                  throw new NuspecParseException("Invalid Nuspec format");
72              }
73  
74              nuspec.setId(xpath.evaluate("/package/metadata/id", d));
75              nuspec.setVersion(xpath.evaluate("/package/metadata/version", d));
76              nuspec.setAuthors(xpath.evaluate("/package/metadata/authors", d));
77              nuspec.setOwners(getOrNull((Node) xpath.evaluate("/package/metadata/owners", d, XPathConstants.NODE)));
78              nuspec.setLicenseUrl(getOrNull((Node) xpath.evaluate("/package/metadata/licenseUrl", d, XPathConstants.NODE)));
79              nuspec.setTitle(getOrNull((Node) xpath.evaluate("/package/metadata/title", d, XPathConstants.NODE)));
80              return nuspec;
81          } catch (Throwable e) {
82              throw new NuspecParseException("Unable to parse nuspec", e);
83          }
84      }
85  }