Coverage Report

Coverage Report - org.owasp.dependencycheck.suppression.SuppressionHandler

Classes in this File

Line Coverage

Branch Coverage

Complexity

SuppressionHandler

97%

40/41

84%

22/26

3.6

 /*
  * This file is part of dependency-check-core.
  *
  * Dependency-check-core is free software: you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the Free
  * Software Foundation, either version 3 of the License, or (at your option) any
  * later version.
  *
  * Dependency-check-core is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
  *
  * You should have received a copy of the GNU General Public License along with
  * dependency-check-core. If not, see http://www.gnu.org/licenses/.
  *
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.suppression;
 
 import java.util.ArrayList;
 import java.util.List;
 import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.helpers.DefaultHandler;
 
 /**
  * A handler to load suppression rules.
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
 public class SuppressionHandler extends DefaultHandler {
 
     /**
      * The suppress node, indicates the start of a new rule.
      */
     public static final String SUPPRESS = "suppress";
     /**
      * The file path element name.
      */
     public static final String FILE_PATH = "filePath";
     /**
      * The sha1 hash element name.
      */
     public static final String SHA1 = "sha1";
     /**
      * The CVE element name.
      */
     public static final String CVE = "cve";
     /**
      * The CPE element name.
      */
     public static final String CPE = "cpe";
     /**
      * The CWE element name.
      */
     public static final String CWE = "cwe";
     /**
      * The cvssBelow element name.
      */
     public static final String CVSS_BELOW = "cvssBelow";
     /**
      * A list of suppression rules.
      */
     private List<SuppressionRule> suppressionRules = new ArrayList<SuppressionRule>();
 
     /**
      * Get the value of suppressionRules.
      *
      * @return the value of suppressionRules
      */
     public List<SuppressionRule> getSuppressionRules() {
         return suppressionRules;
     }
     /**
      * The current rule being read.
      */
     private SuppressionRule rule;
     /**
      * The attributes of the node being read.
      */
     private Attributes currentAttributes;
     /**
      * The current node text being extracted from the element.
      */
     private StringBuffer currentText;
 
     /**
      * Handles the start element event.
      *
      * @param uri the uri of the element being processed
      * @param localName the local name of the element being processed
      * @param qName the qName of the element being processed
      * @param attributes the attributes of the element being processed
      * @throws SAXException thrown if there is an exception processing
      */
     @Override
     public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
         currentAttributes = null;
         currentText = new StringBuffer();
 
         if (SUPPRESS.equals(qName)) {
             rule = new SuppressionRule();
         } else if (FILE_PATH.equals(qName)) {
             currentAttributes = attributes;
         }
     }
 
     /**
      * Handles the end element event.
      *
      * @param uri the URI of the element
      * @param localName the local name of the element
      * @param qName the qName of the element
      * @throws SAXException thrown if there is an exception processing
      */
     @Override
     public void endElement(String uri, String localName, String qName) throws SAXException {
         if (SUPPRESS.equals(qName)) {
             suppressionRules.add(rule);
             rule = null;
         } else if (FILE_PATH.equals(qName)) {
             final PropertyType pt = processPropertyType();
             rule.setFilePath(pt);
         } else if (SHA1.equals(qName)) {
             rule.setSha1(currentText.toString());
         } else if (CPE.equals(qName)) {
             final PropertyType pt = processPropertyType();
             rule.addCpe(pt);
         } else if (CWE.equals(qName)) {
             rule.addCwe(currentText.toString());
         } else if (CVE.equals(qName)) {
             rule.addCve(currentText.toString());
         } else if (CVSS_BELOW.equals(qName)) {
             final float cvss = Float.parseFloat(currentText.toString());
             rule.addCvssBelow(cvss);
         }
     }
 
     /**
      * Collects the body text of the node being processed.
      *
      * @param ch the char array of text
      * @param start the start position to copy text from in the char array
      * @param length the number of characters to copy from the char array
      * @throws SAXException thrown if there is a parsing exception
      */
     @Override
     public void characters(char[] ch, int start, int length) throws SAXException {
         currentText.append(ch, start, length);
     }
 
     /**
      * Processes field members that have been collected during the characters and startElement method to construct a
      * PropertyType object.
      *
      * @return a PropertyType object
      */
     private PropertyType processPropertyType() {
         final PropertyType pt = new PropertyType();
         pt.setValue(currentText.toString());
         if (currentAttributes != null && currentAttributes.getLength() > 0) {
             final String regex = currentAttributes.getValue("regex");
             if (regex != null) {
                 pt.setRegex(Boolean.parseBoolean(regex));
             }
             final String caseSensitive = currentAttributes.getValue("caseSensitive");
             if (regex != null) {
                 pt.setCaseSensitive(Boolean.parseBoolean(caseSensitive));
             }
         }
         return pt;
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Dependency-check-core is free software: you can redistribute it and/or modify it
5		* under the terms of the GNU General Public License as published by the Free
6		* Software Foundation, either version 3 of the License, or (at your option) any
7		* later version.
8		*
9		* Dependency-check-core is distributed in the hope that it will be useful, but
10		* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11		* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
12		* details.
13		*
14		* You should have received a copy of the GNU General Public License along with
15		* dependency-check-core. If not, see http://www.gnu.org/licenses/.
16		*
17		* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
18		*/
19		package org.owasp.dependencycheck.suppression;
20
21		import java.util.ArrayList;
22		import java.util.List;
23		import org.xml.sax.Attributes;
24		import org.xml.sax.SAXException;
25		import org.xml.sax.helpers.DefaultHandler;
26
27		/**
28		* A handler to load suppression rules.
29		*
30		* @author Jeremy Long <jeremy.long@owasp.org>
31		*/
32	2	public class SuppressionHandler extends DefaultHandler {
33
34		/**
35		* The suppress node, indicates the start of a new rule.
36		*/
37		public static final String SUPPRESS = "suppress";
38		/**
39		* The file path element name.
40		*/
41		public static final String FILE_PATH = "filePath";
42		/**
43		* The sha1 hash element name.
44		*/
45		public static final String SHA1 = "sha1";
46		/**
47		* The CVE element name.
48		*/
49		public static final String CVE = "cve";
50		/**
51		* The CPE element name.
52		*/
53		public static final String CPE = "cpe";
54		/**
55		* The CWE element name.
56		*/
57		public static final String CWE = "cwe";
58		/**
59		* The cvssBelow element name.
60		*/
61		public static final String CVSS_BELOW = "cvssBelow";
62		/**
63		* A list of suppression rules.
64		*/
65	2	private List<SuppressionRule> suppressionRules = new ArrayList<SuppressionRule>();
66
67		/**
68		* Get the value of suppressionRules.
69		*
70		* @return the value of suppressionRules
71		*/
72		public List<SuppressionRule> getSuppressionRules() {
73	2	return suppressionRules;
74		}
75		/**
76		* The current rule being read.
77		*/
78		private SuppressionRule rule;
79		/**
80		* The attributes of the node being read.
81		*/
82		private Attributes currentAttributes;
83		/**
84		* The current node text being extracted from the element.
85		*/
86		private StringBuffer currentText;
87
88		/**
89		* Handles the start element event.
90		*
91		* @param uri the uri of the element being processed
92		* @param localName the local name of the element being processed
93		* @param qName the qName of the element being processed
94		* @param attributes the attributes of the element being processed
95		* @throws SAXException thrown if there is an exception processing
96		*/
97		@Override
98		public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
99	40	currentAttributes = null;
100	40	currentText = new StringBuffer();
101
102	40	if (SUPPRESS.equals(qName)) {
103	10	rule = new SuppressionRule();
104	30	} else if (FILE_PATH.equals(qName)) {
105	6	currentAttributes = attributes;
106		}
107	40	}
108
109		/**
110		* Handles the end element event.
111		*
112		* @param uri the URI of the element
113		* @param localName the local name of the element
114		* @param qName the qName of the element
115		* @throws SAXException thrown if there is an exception processing
116		*/
117		@Override
118		public void endElement(String uri, String localName, String qName) throws SAXException {
119	40	if (SUPPRESS.equals(qName)) {
120	10	suppressionRules.add(rule);
121	10	rule = null;
122	30	} else if (FILE_PATH.equals(qName)) {
123	6	final PropertyType pt = processPropertyType();
124	6	rule.setFilePath(pt);
125	6	} else if (SHA1.equals(qName)) {
126	2	rule.setSha1(currentText.toString());
127	22	} else if (CPE.equals(qName)) {
128	4	final PropertyType pt = processPropertyType();
129	4	rule.addCpe(pt);
130	4	} else if (CWE.equals(qName)) {
131	0	rule.addCwe(currentText.toString());
132	18	} else if (CVE.equals(qName)) {
133	4	rule.addCve(currentText.toString());
134	14	} else if (CVSS_BELOW.equals(qName)) {
135	2	final float cvss = Float.parseFloat(currentText.toString());
136	2	rule.addCvssBelow(cvss);
137		}
138	40	}
139
140		/**
141		* Collects the body text of the node being processed.
142		*
143		* @param ch the char array of text
144		* @param start the start position to copy text from in the char array
145		* @param length the number of characters to copy from the char array
146		* @throws SAXException thrown if there is a parsing exception
147		*/
148		@Override
149		public void characters(char[] ch, int start, int length) throws SAXException {
150	88	currentText.append(ch, start, length);
151	88	}
152
153		/**
154		* Processes field members that have been collected during the characters and startElement method to construct a
155		* PropertyType object.
156		*
157		* @return a PropertyType object
158		*/
159		private PropertyType processPropertyType() {
160	10	final PropertyType pt = new PropertyType();
161	10	pt.setValue(currentText.toString());
162	10	if (currentAttributes != null && currentAttributes.getLength() > 0) {
163	6	final String regex = currentAttributes.getValue("regex");
164	6	if (regex != null) {
165	6	pt.setRegex(Boolean.parseBoolean(regex));
166		}
167	6	final String caseSensitive = currentAttributes.getValue("caseSensitive");
168	6	if (regex != null) {
169	6	pt.setCaseSensitive(Boolean.parseBoolean(caseSensitive));
170		}
171		}
172	10	return pt;
173		}
174		}