View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2016 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.xml.hints;
19  
20  import java.util.ArrayList;
21  import java.util.List;
22  import org.owasp.dependencycheck.dependency.Confidence;
23  import org.owasp.dependencycheck.xml.suppression.PropertyType;
24  import org.xml.sax.Attributes;
25  import org.xml.sax.SAXException;
26  import org.xml.sax.helpers.DefaultHandler;
27  
28  /**
29   * A handler to load hint rules.
30   *
31   * @author Jeremy Long
32   */
33  public class HintHandler extends DefaultHandler {
34  
35      //<editor-fold defaultstate="collapsed" desc="Element and attribute names">
36      /**
37       * Element name.
38       */
39      private static final String HINT = "hint";
40      /**
41       * Element name.
42       */
43      private static final String GIVEN = "given";
44      /**
45       * Element name.
46       */
47      private static final String ADD = "add";
48      /**
49       * Element name.
50       */
51      private static final String EVIDENCE = "evidence";
52      /**
53       * Element name.
54       */
55      private static final String FILE_NAME = "fileName";
56      /**
57       * Element name.
58       */
59      private static final String VENDOR_DUPLICATING_RULE = "vendorDuplicatingHint";
60      /**
61       * Attribute name.
62       */
63      private static final String DUPLICATE = "duplicate";
64      /**
65       * Attribute value.
66       */
67      private static final String VENDOR = "vendor";
68      /**
69       * Attribute value.
70       */
71      private static final String PRODUCT = "product";
72      /**
73       * Attribute value.
74       */
75      private static final String VERSION = "version";
76      /**
77       * Attribute name.
78       */
79      private static final String CONFIDENCE = "confidence";
80      /**
81       * Attribute name.
82       */
83      private static final String VALUE = "value";
84      /**
85       * Attribute name.
86       */
87      private static final String NAME = "name";
88      /**
89       * Attribute name.
90       */
91      private static final String SOURCE = "source";
92      /**
93       * Attribute name.
94       */
95      private static final String TYPE = "type";
96      /**
97       * Attribute name.
98       */
99      private static final String CASE_SENSITIVE = "caseSensitive";
100     /**
101      * Attribute name.
102      */
103     private static final String REGEX = "regex";
104     /**
105      * Attribute name.
106      */
107     private static final String CONTAINS = "contains";
108     //</editor-fold>
109 
110     /**
111      * The list of hint rules.
112      */
113     private final List<HintRule> hintRules = new ArrayList<HintRule>();
114 
115     /**
116      * Returns the list of hint rules.
117      *
118      * @return the value of hintRules
119      */
120     public List<HintRule> getHintRules() {
121         return hintRules;
122     }
123 
124     /**
125      * The list of vendor duplicating hint rules.
126      */
127     private final List<VendorDuplicatingHintRule> vendorDuplicatingHintRules = new ArrayList<VendorDuplicatingHintRule>();
128 
129     /**
130      * Returns the list of vendor duplicating hint rules.
131      *
132      * @return the list of vendor duplicating hint rules
133      */
134     public List<VendorDuplicatingHintRule> getVendorDuplicatingHintRules() {
135         return vendorDuplicatingHintRules;
136     }
137 
138     /**
139      * The current rule being read.
140      */
141     private HintRule rule;
142     /**
143      * The current state of the parent node (to differentiate between 'add' and
144      * 'given').
145      */
146     private boolean inAddNode = false;
147 
148     /**
149      * Handles the start element event.
150      *
151      * @param uri the uri of the element being processed
152      * @param localName the local name of the element being processed
153      * @param qName the qName of the element being processed
154      * @param attr the attributes of the element being processed
155      * @throws SAXException thrown if there is an exception processing
156      */
157     @Override
158     public void startElement(String uri, String localName, String qName, Attributes attr) throws SAXException {
159         if (HINT.equals(qName)) {
160             rule = new HintRule();
161         } else if (ADD.equals(qName)) {
162             inAddNode = true;
163         } else if (GIVEN.equals(qName)) {
164             inAddNode = false;
165         } else if (EVIDENCE.equals(qName)) {
166             final String hintType = attr.getValue(TYPE);
167             if (VENDOR.equals(hintType)) {
168                 if (inAddNode) {
169                     rule.addAddVendor(attr.getValue(SOURCE),
170                             attr.getValue(NAME),
171                             attr.getValue(VALUE),
172                             Confidence.valueOf(attr.getValue(CONFIDENCE)));
173                 } else {
174                     rule.addGivenVendor(attr.getValue(SOURCE),
175                             attr.getValue(NAME),
176                             attr.getValue(VALUE),
177                             Confidence.valueOf(attr.getValue(CONFIDENCE)));
178                 }
179             } else if (PRODUCT.equals(hintType)) {
180                 if (inAddNode) {
181                     rule.addAddProduct(attr.getValue(SOURCE),
182                             attr.getValue(NAME),
183                             attr.getValue(VALUE),
184                             Confidence.valueOf(attr.getValue(CONFIDENCE)));
185                 } else {
186                     rule.addGivenProduct(attr.getValue(SOURCE),
187                             attr.getValue(NAME),
188                             attr.getValue(VALUE),
189                             Confidence.valueOf(attr.getValue(CONFIDENCE)));
190                 }
191             } else if (VERSION.equals(hintType)) {
192                 if (inAddNode) {
193                     rule.addAddVersion(attr.getValue(SOURCE),
194                             attr.getValue(NAME),
195                             attr.getValue(VALUE),
196                             Confidence.valueOf(attr.getValue(CONFIDENCE)));
197                 }
198             }
199         } else if (FILE_NAME.equals(qName)) {
200             final PropertyType pt = new PropertyType();
201             pt.setValue(attr.getValue(CONTAINS));
202             if (attr.getLength() > 0) {
203                 final String regex = attr.getValue(REGEX);
204                 if (regex != null) {
205                     pt.setRegex(Boolean.parseBoolean(regex));
206                 }
207                 final String caseSensitive = attr.getValue(CASE_SENSITIVE);
208                 if (caseSensitive != null) {
209                     pt.setCaseSensitive(Boolean.parseBoolean(caseSensitive));
210                 }
211             }
212             rule.addFilename(pt);
213         } else if (VENDOR_DUPLICATING_RULE.equals(qName)) {
214             vendorDuplicatingHintRules.add(new VendorDuplicatingHintRule(attr.getValue(VALUE), attr.getValue(DUPLICATE)));
215         }
216     }
217 
218     /**
219      * Handles the end element event.
220      *
221      * @param uri the element's URI
222      * @param localName the local name
223      * @param qName the qualified name
224      * @throws SAXException thrown if there is an exception processing the
225      * element
226      */
227     @Override
228     public void endElement(String uri, String localName, String qName) throws SAXException {
229         if (HINT.equals(qName) && rule != null) {
230             hintRules.add(rule);
231             rule = null;
232         }
233     }
234 }