View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.data.nuget;
19  
20  import java.io.InputStream;
21  import javax.xml.parsers.DocumentBuilderFactory;
22  import javax.xml.xpath.XPath;
23  import javax.xml.xpath.XPathConstants;
24  import javax.xml.xpath.XPathFactory;
25  import org.w3c.dom.Document;
26  import org.w3c.dom.Node;
27  
28  /**
29   * Parse a Nuspec file using XPath.
30   *
31   * @author colezlaw
32   */
33  public class XPathNuspecParser implements NuspecParser {
34  
35      /**
36       * Gets the string value of a node or null if it's not present
37       *
38       * @param n the node to test
39       * @return the string content of the node, or null if the node itself is null
40       */
41      private String getOrNull(Node n) {
42          if (n != null) {
43              return n.getTextContent();
44          } else {
45              return null;
46          }
47      }
48  
49      /**
50       * Parse an input stream and return the resulting {@link NugetPackage}.
51       *
52       * @param stream the input stream to parse
53       * @return the populated bean
54       * @throws NuspecParseException when an exception occurs
55       */
56      @Override
57      public NugetPackage parse(InputStream stream) throws NuspecParseException {
58          try {
59              final Document d = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(stream);
60              final XPath xpath = XPathFactory.newInstance().newXPath();
61              final NugetPackage nuspec = new NugetPackage();
62  
63              if (xpath.evaluate("/package/metadata/id", d, XPathConstants.NODE) == null
64                      || xpath.evaluate("/package/metadata/version", d, XPathConstants.NODE) == null
65                      || xpath.evaluate("/package/metadata/authors", d, XPathConstants.NODE) == null
66                      || xpath.evaluate("/package/metadata/description", d, XPathConstants.NODE) == null) {
67                  throw new NuspecParseException("Invalid Nuspec format");
68              }
69  
70              nuspec.setId(xpath.evaluate("/package/metadata/id", d));
71              nuspec.setVersion(xpath.evaluate("/package/metadata/version", d));
72              nuspec.setAuthors(xpath.evaluate("/package/metadata/authors", d));
73              nuspec.setOwners(getOrNull((Node) xpath.evaluate("/package/metadata/owners", d, XPathConstants.NODE)));
74              nuspec.setLicenseUrl(getOrNull((Node) xpath.evaluate("/package/metadata/licenseUrl", d, XPathConstants.NODE)));
75              nuspec.setTitle(getOrNull((Node) xpath.evaluate("/package/metadata/title", d, XPathConstants.NODE)));
76              return nuspec;
77          } catch (Throwable e) {
78              throw new NuspecParseException("Unable to parse nuspec", e);
79          }
80      }
81  }