Coverage Report

Coverage Report - org.owasp.dependencycheck.xml.hints.HintHandler

Classes in this File

Line Coverage

Branch Coverage

Complexity

HintHandler

100%

51/51

85%

24/28

4.5

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2016 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.xml.hints;
 
 import java.util.ArrayList;
 import java.util.List;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.xml.suppression.PropertyType;
 import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.helpers.DefaultHandler;
 
 /**
  * A handler to load hint rules.
  *
  * @author Jeremy Long
  */
 public class HintHandler extends DefaultHandler {
 
     //<editor-fold defaultstate="collapsed" desc="Element and attribute names">
     /**
      * Element name.
      */
     private static final String HINT = "hint";
     /**
      * Element name.
      */
     private static final String GIVEN = "given";
     /**
      * Element name.
      */
     private static final String ADD = "add";
     /**
      * Element name.
      */
     private static final String EVIDENCE = "evidence";
     /**
      * Element name.
      */
     private static final String FILE_NAME = "fileName";
     /**
      * Element name.
      */
     private static final String VENDOR_DUPLICATING_RULE = "vendorDuplicatingHint";
     /**
      * Attribute name.
      */
     private static final String DUPLICATE = "duplicate";
     /**
      * Attribute name.
      */
     private static final String VENDOR = "vendor";
     /**
      * Attribute name.
      */
     private static final String CONFIDENCE = "confidence";
     /**
      * Attribute name.
      */
     private static final String VALUE = "value";
     /**
      * Attribute name.
      */
     private static final String NAME = "name";
     /**
      * Attribute name.
      */
     private static final String SOURCE = "source";
     /**
      * Attribute name.
      */
     private static final String TYPE = "type";
     /**
      * Attribute name.
      */
     private static final String CASE_SENSITIVE = "caseSensitive";
     /**
      * Attribute name.
      */
     private static final String REGEX = "regex";
     /**
      * Attribute name.
      */
     private static final String CONTAINS = "contains";
     //</editor-fold>
 
     /**
      * The list of hint rules.
      */
     private final List<HintRule> hintRules = new ArrayList<HintRule>();
 
     /**
      * Returns the list of hint rules.
      *
      * @return the value of hintRules
      */
     public List<HintRule> getHintRules() {
         return hintRules;
     }
 
     /**
      * The list of vendor duplicating hint rules.
      */
     private final List<VendorDuplicatingHintRule> vendorDuplicatingHintRules = new ArrayList<VendorDuplicatingHintRule>();
 
     /**
      * Returns the list of vendor duplicating hint rules.
      *
      * @return the list of vendor duplicating hint rules
      */
     public List<VendorDuplicatingHintRule> getVendorDuplicatingHintRules() {
         return vendorDuplicatingHintRules;
     }
 
     /**
      * The current rule being read.
      */
     private HintRule rule;
     /**
      * The current state of the parent node (to differentiate between 'add' and
      * 'given').
      */
     private boolean inAddNode = false;
 
     /**
      * Handles the start element event.
      *
      * @param uri the uri of the element being processed
      * @param localName the local name of the element being processed
      * @param qName the qName of the element being processed
      * @param attr the attributes of the element being processed
      * @throws SAXException thrown if there is an exception processing
      */
     @Override
     public void startElement(String uri, String localName, String qName, Attributes attr) throws SAXException {
         if (HINT.equals(qName)) {
             rule = new HintRule();
         } else if (ADD.equals(qName)) {
             inAddNode = true;
         } else if (GIVEN.equals(qName)) {
             inAddNode = false;
         } else if (EVIDENCE.equals(qName)) {
             final String hintType = attr.getValue(TYPE);
             if (VENDOR.equals(hintType)) {
                 if (inAddNode) {
                     rule.addAddVendor(attr.getValue(SOURCE),
                             attr.getValue(NAME),
                             attr.getValue(VALUE),
                             Confidence.valueOf(attr.getValue(CONFIDENCE)));
                 } else {
                     rule.addGivenVendor(attr.getValue(SOURCE),
                             attr.getValue(NAME),
                             attr.getValue(VALUE),
                             Confidence.valueOf(attr.getValue(CONFIDENCE)));
                 }
             } else if (inAddNode) {
                 rule.addAddProduct(attr.getValue(SOURCE),
                         attr.getValue(NAME),
                         attr.getValue(VALUE),
                         Confidence.valueOf(attr.getValue(CONFIDENCE)));
             } else {
                 rule.addGivenProduct(attr.getValue(SOURCE),
                         attr.getValue(NAME),
                         attr.getValue(VALUE),
                         Confidence.valueOf(attr.getValue(CONFIDENCE)));
             }
         } else if (FILE_NAME.equals(qName)) {
             final PropertyType pt = new PropertyType();
             pt.setValue(attr.getValue(CONTAINS));
             if (attr.getLength() > 0) {
                 final String regex = attr.getValue(REGEX);
                 if (regex != null) {
                     pt.setRegex(Boolean.parseBoolean(regex));
                 }
                 final String caseSensitive = attr.getValue(CASE_SENSITIVE);
                 if (caseSensitive != null) {
                     pt.setCaseSensitive(Boolean.parseBoolean(caseSensitive));
                 }
             }
             rule.addFilename(pt);
         } else if (VENDOR_DUPLICATING_RULE.equals(qName)) {
             vendorDuplicatingHintRules.add(new VendorDuplicatingHintRule(attr.getValue(VALUE), attr.getValue(DUPLICATE)));
         }
     }
 
     /**
      * Handles the end element event.
      *
      * @param uri the element's URI
      * @param localName the local name
      * @param qName the qualified name
      * @throws SAXException thrown if there is an exception processing the
      * element
      */
     @Override
     public void endElement(String uri, String localName, String qName) throws SAXException {
         if (HINT.equals(qName) && rule != null) {
             hintRules.add(rule);
             rule = null;
         }
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2016 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.xml.hints;
19
20		import java.util.ArrayList;
21		import java.util.List;
22		import org.owasp.dependencycheck.dependency.Confidence;
23		import org.owasp.dependencycheck.xml.suppression.PropertyType;
24		import org.xml.sax.Attributes;
25		import org.xml.sax.SAXException;
26		import org.xml.sax.helpers.DefaultHandler;
27
28		/**
29		* A handler to load hint rules.
30		*
31		* @author Jeremy Long
32		*/
33	5	public class HintHandler extends DefaultHandler {
34
35		//<editor-fold defaultstate="collapsed" desc="Element and attribute names">
36		/**
37		* Element name.
38		*/
39		private static final String HINT = "hint";
40		/**
41		* Element name.
42		*/
43		private static final String GIVEN = "given";
44		/**
45		* Element name.
46		*/
47		private static final String ADD = "add";
48		/**
49		* Element name.
50		*/
51		private static final String EVIDENCE = "evidence";
52		/**
53		* Element name.
54		*/
55		private static final String FILE_NAME = "fileName";
56		/**
57		* Element name.
58		*/
59		private static final String VENDOR_DUPLICATING_RULE = "vendorDuplicatingHint";
60		/**
61		* Attribute name.
62		*/
63		private static final String DUPLICATE = "duplicate";
64		/**
65		* Attribute name.
66		*/
67		private static final String VENDOR = "vendor";
68		/**
69		* Attribute name.
70		*/
71		private static final String CONFIDENCE = "confidence";
72		/**
73		* Attribute name.
74		*/
75		private static final String VALUE = "value";
76		/**
77		* Attribute name.
78		*/
79		private static final String NAME = "name";
80		/**
81		* Attribute name.
82		*/
83		private static final String SOURCE = "source";
84		/**
85		* Attribute name.
86		*/
87		private static final String TYPE = "type";
88		/**
89		* Attribute name.
90		*/
91		private static final String CASE_SENSITIVE = "caseSensitive";
92		/**
93		* Attribute name.
94		*/
95		private static final String REGEX = "regex";
96		/**
97		* Attribute name.
98		*/
99		private static final String CONTAINS = "contains";
100		//</editor-fold>
101
102		/**
103		* The list of hint rules.
104		*/
105	5	private final List<HintRule> hintRules = new ArrayList<HintRule>();
106
107		/**
108		* Returns the list of hint rules.
109		*
110		* @return the value of hintRules
111		*/
112		public List<HintRule> getHintRules() {
113	5	return hintRules;
114		}
115
116		/**
117		* The list of vendor duplicating hint rules.
118		*/
119	5	private final List<VendorDuplicatingHintRule> vendorDuplicatingHintRules = new ArrayList<VendorDuplicatingHintRule>();
120
121		/**
122		* Returns the list of vendor duplicating hint rules.
123		*
124		* @return the list of vendor duplicating hint rules
125		*/
126		public List<VendorDuplicatingHintRule> getVendorDuplicatingHintRules() {
127	4	return vendorDuplicatingHintRules;
128		}
129
130		/**
131		* The current rule being read.
132		*/
133		private HintRule rule;
134		/**
135		* The current state of the parent node (to differentiate between 'add' and
136		* 'given').
137		*/
138	5	private boolean inAddNode = false;
139
140		/**
141		* Handles the start element event.
142		*
143		* @param uri the uri of the element being processed
144		* @param localName the local name of the element being processed
145		* @param qName the qName of the element being processed
146		* @param attr the attributes of the element being processed
147		* @throws SAXException thrown if there is an exception processing
148		*/
149		@Override
150		public void startElement(String uri, String localName, String qName, Attributes attr) throws SAXException {
151	155	if (HINT.equals(qName)) {
152	20	rule = new HintRule();
153	135	} else if (ADD.equals(qName)) {
154	20	inAddNode = true;
155	115	} else if (GIVEN.equals(qName)) {
156	20	inAddNode = false;
157	95	} else if (EVIDENCE.equals(qName)) {
158	72	final String hintType = attr.getValue(TYPE);
159	72	if (VENDOR.equals(hintType)) {
160	39	if (inAddNode) {
161	64	rule.addAddVendor(attr.getValue(SOURCE),
162	32	attr.getValue(NAME),
163	32	attr.getValue(VALUE),
164	32	Confidence.valueOf(attr.getValue(CONFIDENCE)));
165		} else {
166	14	rule.addGivenVendor(attr.getValue(SOURCE),
167	7	attr.getValue(NAME),
168	7	attr.getValue(VALUE),
169	7	Confidence.valueOf(attr.getValue(CONFIDENCE)));
170		}
171	33	} else if (inAddNode) {
172	28	rule.addAddProduct(attr.getValue(SOURCE),
173	14	attr.getValue(NAME),
174	14	attr.getValue(VALUE),
175	14	Confidence.valueOf(attr.getValue(CONFIDENCE)));
176		} else {
177	38	rule.addGivenProduct(attr.getValue(SOURCE),
178	19	attr.getValue(NAME),
179	19	attr.getValue(VALUE),
180	19	Confidence.valueOf(attr.getValue(CONFIDENCE)));
181		}
182	72	} else if (FILE_NAME.equals(qName)) {
183	8	final PropertyType pt = new PropertyType();
184	8	pt.setValue(attr.getValue(CONTAINS));
185	8	if (attr.getLength() > 0) {
186	8	final String regex = attr.getValue(REGEX);
187	8	if (regex != null) {
188	8	pt.setRegex(Boolean.parseBoolean(regex));
189		}
190	8	final String caseSensitive = attr.getValue(CASE_SENSITIVE);
191	8	if (caseSensitive != null) {
192	8	pt.setCaseSensitive(Boolean.parseBoolean(caseSensitive));
193		}
194		}
195	8	rule.addFilename(pt);
196	8	} else if (VENDOR_DUPLICATING_RULE.equals(qName)) {
197	10	vendorDuplicatingHintRules.add(new VendorDuplicatingHintRule(attr.getValue(VALUE), attr.getValue(DUPLICATE)));
198		}
199	155	}
200
201		/**
202		* Handles the end element event.
203		*
204		* @param uri the element's URI
205		* @param localName the local name
206		* @param qName the qualified name
207		* @throws SAXException thrown if there is an exception processing the
208		* element
209		*/
210		@Override
211		public void endElement(String uri, String localName, String qName) throws SAXException {
212	155	if (HINT.equals(qName) && rule != null) {
213	20	hintRules.add(rule);
214	20	rule = null;
215		}
216	155	}
217		}