Coverage Report

Coverage Report - org.owasp.dependencycheck.analyzer.FileNameAnalyzer

Classes in this File

Line Coverage

Branch Coverage

Complexity

FileNameAnalyzer

85%

18/21

50%

5/10

2.667

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.analyzer;
 
 import java.io.File;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.utils.DependencyVersion;
 import org.owasp.dependencycheck.utils.DependencyVersionUtil;
 
 /**
  *
  * Takes a dependency and analyzes the filename and determines the hashes.
  *
  * @author Jeremy Long
  */
 public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
 
     //<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
     /**
      * The name of the analyzer.
      */
     private static final String ANALYZER_NAME = "File Name Analyzer";
     /**
      * The phase that this analyzer is intended to run in.
      */
     private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
 
     /**
      * Returns the name of the analyzer.
      *
      * @return the name of the analyzer.
      */
     @Override
     public String getName() {
         return ANALYZER_NAME;
     }
 
     /**
      * Returns the phase that the analyzer is intended to run in.
      *
      * @return the phase that the analyzer is intended to run in.
      */
     @Override
     public AnalysisPhase getAnalysisPhase() {
         return ANALYSIS_PHASE;
     }
     //</editor-fold>
 
     /**
      * Collects information about the file name.
      *
      * @param dependency the dependency to analyze.
      * @param engine the engine that is scanning the dependencies
      * @throws AnalysisException is thrown if there is an error reading the JAR file.
      */
     @Override
     public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
 
         //strip any path information that may get added by ArchiveAnalyzer, etc.
         final File f = dependency.getActualFile();
         String fileName = f.getName();
 
         //remove file extension
         final int pos = fileName.lastIndexOf(".");
         if (pos > 0) {
             fileName = fileName.substring(0, pos);
         }
 
         //add version evidence
         final DependencyVersion version = DependencyVersionUtil.parseVersion(fileName);
         if (version != null) {
             // If the version number is just a number like 2 or 23, reduce the confidence
             // a shade. This should hopefully correct for cases like log4j.jar or
             // struts2-core.jar
             if (version.getVersionParts() == null || version.getVersionParts().size() < 2) {
                 dependency.getVersionEvidence().addEvidence("file", "name",
                         version.toString(), Confidence.MEDIUM);
             } else {
                 dependency.getVersionEvidence().addEvidence("file", "name",
                         version.toString(), Confidence.HIGHEST);
             }
             dependency.getVersionEvidence().addEvidence("file", "name",
                     fileName, Confidence.MEDIUM);
         }
 
         //add as vendor and product evidence
         if (fileName.contains("-")) {
             dependency.getProductEvidence().addEvidence("file", "name",
                     fileName, Confidence.HIGHEST);
             dependency.getVendorEvidence().addEvidence("file", "name",
                     fileName, Confidence.HIGHEST);
         } else {
             dependency.getProductEvidence().addEvidence("file", "name",
                     fileName, Confidence.HIGH);
             dependency.getVendorEvidence().addEvidence("file", "name",
                     fileName, Confidence.HIGH);
         }
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.analyzer;
19
20		import java.io.File;
21		import org.owasp.dependencycheck.Engine;
22		import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
23		import org.owasp.dependencycheck.dependency.Confidence;
24		import org.owasp.dependencycheck.dependency.Dependency;
25		import org.owasp.dependencycheck.utils.DependencyVersion;
26		import org.owasp.dependencycheck.utils.DependencyVersionUtil;
27
28		/**
29		*
30		* Takes a dependency and analyzes the filename and determines the hashes.
31		*
32		* @author Jeremy Long
33		*/
34	9	public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
35
36		//<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
37		/**
38		* The name of the analyzer.
39		*/
40		private static final String ANALYZER_NAME = "File Name Analyzer";
41		/**
42		* The phase that this analyzer is intended to run in.
43		*/
44	1	private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
45
46		/**
47		* Returns the name of the analyzer.
48		*
49		* @return the name of the analyzer.
50		*/
51		@Override
52		public String getName() {
53	5	return ANALYZER_NAME;
54		}
55
56		/**
57		* Returns the phase that the analyzer is intended to run in.
58		*
59		* @return the phase that the analyzer is intended to run in.
60		*/
61		@Override
62		public AnalysisPhase getAnalysisPhase() {
63	4	return ANALYSIS_PHASE;
64		}
65		//</editor-fold>
66
67		/**
68		* Collects information about the file name.
69		*
70		* @param dependency the dependency to analyze.
71		* @param engine the engine that is scanning the dependencies
72		* @throws AnalysisException is thrown if there is an error reading the JAR file.
73		*/
74		@Override
75		public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
76
77		//strip any path information that may get added by ArchiveAnalyzer, etc.
78	4	final File f = dependency.getActualFile();
79	4	String fileName = f.getName();
80
81		//remove file extension
82	4	final int pos = fileName.lastIndexOf(".");
83	4	if (pos > 0) {
84	4	fileName = fileName.substring(0, pos);
85		}
86
87		//add version evidence
88	4	final DependencyVersion version = DependencyVersionUtil.parseVersion(fileName);
89	4	if (version != null) {
90		// If the version number is just a number like 2 or 23, reduce the confidence
91		// a shade. This should hopefully correct for cases like log4j.jar or
92		// struts2-core.jar
93	4	if (version.getVersionParts() == null \|\| version.getVersionParts().size() < 2) {
94	0	dependency.getVersionEvidence().addEvidence("file", "name",
95		version.toString(), Confidence.MEDIUM);
96		} else {
97	4	dependency.getVersionEvidence().addEvidence("file", "name",
98		version.toString(), Confidence.HIGHEST);
99		}
100	4	dependency.getVersionEvidence().addEvidence("file", "name",
101		fileName, Confidence.MEDIUM);
102		}
103
104		//add as vendor and product evidence
105	4	if (fileName.contains("-")) {
106	4	dependency.getProductEvidence().addEvidence("file", "name",
107		fileName, Confidence.HIGHEST);
108	4	dependency.getVendorEvidence().addEvidence("file", "name",
109		fileName, Confidence.HIGHEST);
110		} else {
111	0	dependency.getProductEvidence().addEvidence("file", "name",
112		fileName, Confidence.HIGH);
113	0	dependency.getVendorEvidence().addEvidence("file", "name",
114		fileName, Confidence.HIGH);
115		}
116	4	}
117		}