| Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
| DependencyVersionUtil |
|
| 7.0;7 |
| 1 | /* | |
| 2 | * This file is part of dependency-check-core. | |
| 3 | * | |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 5 | * you may not use this file except in compliance with the License. | |
| 6 | * You may obtain a copy of the License at | |
| 7 | * | |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 9 | * | |
| 10 | * Unless required by applicable law or agreed to in writing, software | |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 13 | * See the License for the specific language governing permissions and | |
| 14 | * limitations under the License. | |
| 15 | * | |
| 16 | * Copyright (c) 2013 Jeremy Long. All Rights Reserved. | |
| 17 | */ | |
| 18 | package org.owasp.dependencycheck.utils; | |
| 19 | ||
| 20 | import java.util.ArrayList; | |
| 21 | import java.util.List; | |
| 22 | import java.util.regex.Matcher; | |
| 23 | import java.util.regex.Pattern; | |
| 24 | ||
| 25 | /** | |
| 26 | * <p> | |
| 27 | * A utility class to extract version numbers from file names (or other strings containing version numbers.</p> | |
| 28 | * | |
| 29 | * @author Jeremy Long <jeremy.long@owasp.org> | |
| 30 | */ | |
| 31 | public final class DependencyVersionUtil { | |
| 32 | ||
| 33 | /** | |
| 34 | * Regular expression to extract version numbers from file names. | |
| 35 | */ | |
| 36 | 1 | private static final Pattern RX_VERSION = Pattern.compile("\\d+(\\.\\d{1,6})+(\\.?([_-](release|beta|alpha|\\d+)|[a-zA-Z_-]{1,3}\\d{0,8}))?"); |
| 37 | /** | |
| 38 | * Regular expression to extract a single version number without periods. This is a last ditch effort just to check | |
| 39 | * in case we are missing a version number using the previous regex. | |
| 40 | */ | |
| 41 | 1 | private static final Pattern RX_SINGLE_VERSION = Pattern.compile("\\d+(\\.?([_-](release|beta|alpha)|[a-zA-Z_-]{1,3}\\d{1,8}))?"); |
| 42 | ||
| 43 | /** | |
| 44 | * Private constructor for utility class. | |
| 45 | */ | |
| 46 | 0 | private DependencyVersionUtil() { |
| 47 | 0 | } |
| 48 | ||
| 49 | /** | |
| 50 | * <p> | |
| 51 | * A utility class to extract version numbers from file names (or other strings containing version numbers.<br/> | |
| 52 | * Example:<br/> | |
| 53 | * Give the file name: library-name-1.4.1r2-release.jar<br/> | |
| 54 | * This function would return: 1.4.1.r2</p> | |
| 55 | * | |
| 56 | * @param text the text being analyzed | |
| 57 | * @return a DependencyVersion containing the version | |
| 58 | */ | |
| 59 | public static DependencyVersion parseVersion(String text) { | |
| 60 | 737 | if (text == null) { |
| 61 | 0 | return null; |
| 62 | } | |
| 63 | //'-' is a special case used within the CVE entries, just include it as the version. | |
| 64 | 737 | if ("-".equals(text)) { |
| 65 | 1 | final DependencyVersion dv = new DependencyVersion(); |
| 66 | 1 | final List<String> list = new ArrayList<String>(); |
| 67 | 1 | list.add(text); |
| 68 | 1 | dv.setVersionParts(list); |
| 69 | 1 | return dv; |
| 70 | } | |
| 71 | 736 | String version = null; |
| 72 | 736 | Matcher matcher = RX_VERSION.matcher(text); |
| 73 | 736 | if (matcher.find()) { |
| 74 | 732 | version = matcher.group(); |
| 75 | } | |
| 76 | //throw away the results if there are two things that look like version numbers | |
| 77 | 736 | if (matcher.find()) { |
| 78 | 2 | return null; |
| 79 | } | |
| 80 | 734 | if (version == null) { |
| 81 | 4 | matcher = RX_SINGLE_VERSION.matcher(text); |
| 82 | 4 | if (matcher.find()) { |
| 83 | 2 | version = matcher.group(); |
| 84 | } else { | |
| 85 | 2 | return null; |
| 86 | } | |
| 87 | //throw away the results if there are two things that look like version numbers | |
| 88 | 2 | if (matcher.find()) { |
| 89 | 1 | return null; |
| 90 | } | |
| 91 | } | |
| 92 | 731 | return new DependencyVersion(version); |
| 93 | } | |
| 94 | } |