Coverage Report

Coverage Report - org.owasp.dependencycheck.analyzer.FileNameAnalyzer

Classes in this File

Line Coverage

Branch Coverage

Complexity

FileNameAnalyzer

80%

16/20

50%

4/8

2.333

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.analyzer;
 
 import java.io.File;
 import org.apache.commons.io.FilenameUtils;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.utils.DependencyVersion;
 import org.owasp.dependencycheck.utils.DependencyVersionUtil;
 
 /**
  *
  * Takes a dependency and analyzes the filename and determines the hashes.
  *
  * @author Jeremy Long
  */
 public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
 
     //<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
     /**
      * The name of the analyzer.
      */
     private static final String ANALYZER_NAME = "File Name Analyzer";
     /**
      * The phase that this analyzer is intended to run in.
      */
     private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
 
     /**
      * Returns the name of the analyzer.
      *
      * @return the name of the analyzer.
      */
     @Override
     public String getName() {
         return ANALYZER_NAME;
     }
 
     /**
      * Returns the phase that the analyzer is intended to run in.
      *
      * @return the phase that the analyzer is intended to run in.
      */
     @Override
     public AnalysisPhase getAnalysisPhase() {
         return ANALYSIS_PHASE;
     }
     //</editor-fold>
 
     /**
      * Collects information about the file name.
      *
      * @param dependency the dependency to analyze.
      * @param engine the engine that is scanning the dependencies
      * @throws AnalysisException is thrown if there is an error reading the JAR file.
      */
     @Override
     public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
 
         //strip any path information that may get added by ArchiveAnalyzer, etc.
         final File f = dependency.getActualFile();
         final String fileName = FilenameUtils.removeExtension(f.getName());
 
         //add version evidence
         final DependencyVersion version = DependencyVersionUtil.parseVersion(fileName);
         if (version != null) {
             // If the version number is just a number like 2 or 23, reduce the confidence
             // a shade. This should hopefully correct for cases like log4j.jar or
             // struts2-core.jar
             if (version.getVersionParts() == null || version.getVersionParts().size() < 2) {
                 dependency.getVersionEvidence().addEvidence("file", "name",
                         version.toString(), Confidence.MEDIUM);
             } else {
                 dependency.getVersionEvidence().addEvidence("file", "name",
                         version.toString(), Confidence.HIGHEST);
             }
             dependency.getVersionEvidence().addEvidence("file", "name",
                     fileName, Confidence.MEDIUM);
         }
 
         //add as vendor and product evidence
         if (fileName.contains("-")) {
             dependency.getProductEvidence().addEvidence("file", "name",
                     fileName, Confidence.HIGHEST);
             dependency.getVendorEvidence().addEvidence("file", "name",
                     fileName, Confidence.HIGHEST);
         } else {
             dependency.getProductEvidence().addEvidence("file", "name",
                     fileName, Confidence.HIGH);
             dependency.getVendorEvidence().addEvidence("file", "name",
                     fileName, Confidence.HIGH);
         }
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.analyzer;
19
20		import java.io.File;
21		import org.apache.commons.io.FilenameUtils;
22		import org.owasp.dependencycheck.Engine;
23		import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
24		import org.owasp.dependencycheck.dependency.Confidence;
25		import org.owasp.dependencycheck.dependency.Dependency;
26		import org.owasp.dependencycheck.utils.DependencyVersion;
27		import org.owasp.dependencycheck.utils.DependencyVersionUtil;
28
29		/**
30		*
31		* Takes a dependency and analyzes the filename and determines the hashes.
32		*
33		* @author Jeremy Long
34		*/
35	9	public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
36
37		//<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
38		/**
39		* The name of the analyzer.
40		*/
41		private static final String ANALYZER_NAME = "File Name Analyzer";
42		/**
43		* The phase that this analyzer is intended to run in.
44		*/
45	1	private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
46
47		/**
48		* Returns the name of the analyzer.
49		*
50		* @return the name of the analyzer.
51		*/
52		@Override
53		public String getName() {
54	5	return ANALYZER_NAME;
55		}
56
57		/**
58		* Returns the phase that the analyzer is intended to run in.
59		*
60		* @return the phase that the analyzer is intended to run in.
61		*/
62		@Override
63		public AnalysisPhase getAnalysisPhase() {
64	4	return ANALYSIS_PHASE;
65		}
66		//</editor-fold>
67
68		/**
69		* Collects information about the file name.
70		*
71		* @param dependency the dependency to analyze.
72		* @param engine the engine that is scanning the dependencies
73		* @throws AnalysisException is thrown if there is an error reading the JAR file.
74		*/
75		@Override
76		public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
77
78		//strip any path information that may get added by ArchiveAnalyzer, etc.
79	4	final File f = dependency.getActualFile();
80	4	final String fileName = FilenameUtils.removeExtension(f.getName());
81
82		//add version evidence
83	4	final DependencyVersion version = DependencyVersionUtil.parseVersion(fileName);
84	4	if (version != null) {
85		// If the version number is just a number like 2 or 23, reduce the confidence
86		// a shade. This should hopefully correct for cases like log4j.jar or
87		// struts2-core.jar
88	4	if (version.getVersionParts() == null \|\| version.getVersionParts().size() < 2) {
89	0	dependency.getVersionEvidence().addEvidence("file", "name",
90	0	version.toString(), Confidence.MEDIUM);
91		} else {
92	8	dependency.getVersionEvidence().addEvidence("file", "name",
93	4	version.toString(), Confidence.HIGHEST);
94		}
95	4	dependency.getVersionEvidence().addEvidence("file", "name",
96		fileName, Confidence.MEDIUM);
97		}
98
99		//add as vendor and product evidence
100	4	if (fileName.contains("-")) {
101	4	dependency.getProductEvidence().addEvidence("file", "name",
102		fileName, Confidence.HIGHEST);
103	4	dependency.getVendorEvidence().addEvidence("file", "name",
104		fileName, Confidence.HIGHEST);
105		} else {
106	0	dependency.getProductEvidence().addEvidence("file", "name",
107		fileName, Confidence.HIGH);
108	0	dependency.getVendorEvidence().addEvidence("file", "name",
109		fileName, Confidence.HIGH);
110		}
111	4	}
112		}