1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.owasp.dependencycheck.analyzer;
19
20 import java.io.File;
21
22 import org.apache.commons.io.FilenameUtils;
23 import org.apache.commons.io.filefilter.NameFileFilter;
24 import org.owasp.dependencycheck.Engine;
25 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
26 import org.owasp.dependencycheck.dependency.Confidence;
27 import org.owasp.dependencycheck.dependency.Dependency;
28 import org.owasp.dependencycheck.utils.DependencyVersion;
29 import org.owasp.dependencycheck.utils.DependencyVersionUtil;
30
31
32
33
34
35
36
37 public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
38
39
40
41
42
43 private static final String ANALYZER_NAME = "File Name Analyzer";
44
45
46
47 private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
48
49
50
51
52
53
54 @Override
55 public String getName() {
56 return ANALYZER_NAME;
57 }
58
59
60
61
62
63
64 @Override
65 public AnalysisPhase getAnalysisPhase() {
66 return ANALYSIS_PHASE;
67 }
68
69
70
71 private static final NameFileFilter IGNORED_FILES = new NameFileFilter(new String[] {
72 "__init__.py",
73 "__init__.pyc",
74 "__init__.pyo"
75 });
76
77
78
79
80
81
82
83
84 @Override
85 public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
86
87
88 final File f = dependency.getActualFile();
89 final String fileName = FilenameUtils.removeExtension(f.getName());
90
91
92 final DependencyVersion version = DependencyVersionUtil.parseVersion(fileName);
93 if (version != null) {
94
95
96
97 if (version.getVersionParts() == null || version.getVersionParts().size() < 2) {
98 dependency.getVersionEvidence().addEvidence("file", "name",
99 version.toString(), Confidence.MEDIUM);
100 } else {
101 dependency.getVersionEvidence().addEvidence("file", "name",
102 version.toString(), Confidence.HIGHEST);
103 }
104 dependency.getVersionEvidence().addEvidence("file", "name",
105 fileName, Confidence.MEDIUM);
106 }
107
108
109 if (fileName.contains("-")) {
110 dependency.getProductEvidence().addEvidence("file", "name",
111 fileName, Confidence.HIGHEST);
112 dependency.getVendorEvidence().addEvidence("file", "name",
113 fileName, Confidence.HIGHEST);
114 } else if (!IGNORED_FILES.accept(f)) {
115 dependency.getProductEvidence().addEvidence("file", "name",
116 fileName, Confidence.HIGH);
117 dependency.getVendorEvidence().addEvidence("file", "name",
118 fileName, Confidence.HIGH);
119 }
120 }
121 }