View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.suppression;
19  
20  import java.io.File;
21  import java.io.FileInputStream;
22  import java.io.FileNotFoundException;
23  import java.io.IOException;
24  import java.io.InputStream;
25  import java.io.InputStreamReader;
26  import java.io.Reader;
27  import java.util.List;
28  import javax.xml.parsers.ParserConfigurationException;
29  import javax.xml.parsers.SAXParser;
30  import javax.xml.parsers.SAXParserFactory;
31  
32  import org.slf4j.Logger;
33  import org.slf4j.LoggerFactory;
34  import org.xml.sax.InputSource;
35  import org.xml.sax.SAXException;
36  import org.xml.sax.XMLReader;
37  
38  /**
39   * A simple validating parser for XML Suppression Rules.
40   *
41   * @author Jeremy Long
42   */
43  public class SuppressionParser {
44  
45      /**
46       * The logger.
47       */
48      private static final Logger LOGGER = LoggerFactory.getLogger(SuppressionParser.class);
49      /**
50       * JAXP Schema Language. Source: http://docs.oracle.com/javase/tutorial/jaxp/sax/validation.html
51       */
52      public static final String JAXP_SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
53      /**
54       * W3C XML Schema. Source: http://docs.oracle.com/javase/tutorial/jaxp/sax/validation.html
55       */
56      public static final String W3C_XML_SCHEMA = "http://www.w3.org/2001/XMLSchema";
57      /**
58       * JAXP Schema Source. Source: http://docs.oracle.com/javase/tutorial/jaxp/sax/validation.html
59       */
60      public static final String JAXP_SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource";
61  
62      /**
63       * Parses the given xml file and returns a list of the suppression rules contained.
64       *
65       * @param file an xml file containing suppression rules
66       * @return a list of suppression rules
67       * @throws SuppressionParseException thrown if the xml file cannot be parsed
68       */
69      public List<SuppressionRule> parseSuppressionRules(File file) throws SuppressionParseException {
70          FileInputStream fis = null;
71          try {
72              fis = new FileInputStream(file);
73              return parseSuppressionRules(fis);
74          } catch (IOException ex) {
75              LOGGER.debug("", ex);
76              throw new SuppressionParseException(ex);
77          } finally {
78              if (fis != null) {
79                  try {
80                      fis.close();
81                  } catch (IOException ex) {
82                      LOGGER.debug("Unable to close stream", ex);
83                  }
84              }
85          }
86      }
87  
88      /**
89       * Parses the given xml stream and returns a list of the suppression rules contained.
90       *
91       * @param inputStream an InputStream containing suppression rues
92       * @return a list of suppression rules
93       * @throws SuppressionParseException if the xml cannot be parsed
94       */
95      public List<SuppressionRule> parseSuppressionRules(InputStream inputStream) throws SuppressionParseException {
96          try {
97              final InputStream schemaStream = this.getClass().getClassLoader().getResourceAsStream("schema/suppression.xsd");
98              final SuppressionHandler handler = new SuppressionHandler();
99              final SAXParserFactory factory = SAXParserFactory.newInstance();
100             factory.setNamespaceAware(true);
101             factory.setValidating(true);
102             final SAXParser saxParser = factory.newSAXParser();
103             saxParser.setProperty(SuppressionParser.JAXP_SCHEMA_LANGUAGE, SuppressionParser.W3C_XML_SCHEMA);
104             saxParser.setProperty(SuppressionParser.JAXP_SCHEMA_SOURCE, new InputSource(schemaStream));
105             final XMLReader xmlReader = saxParser.getXMLReader();
106             xmlReader.setErrorHandler(new SuppressionErrorHandler());
107             xmlReader.setContentHandler(handler);
108 
109             final Reader reader = new InputStreamReader(inputStream, "UTF-8");
110             final InputSource in = new InputSource(reader);
111             //in.setEncoding("UTF-8");
112 
113             xmlReader.parse(in);
114 
115             return handler.getSuppressionRules();
116         } catch (ParserConfigurationException ex) {
117             LOGGER.debug("", ex);
118             throw new SuppressionParseException(ex);
119         } catch (SAXException ex) {
120             LOGGER.debug("", ex);
121             throw new SuppressionParseException(ex);
122         } catch (FileNotFoundException ex) {
123             LOGGER.debug("", ex);
124             throw new SuppressionParseException(ex);
125         } catch (IOException ex) {
126             LOGGER.debug("", ex);
127             throw new SuppressionParseException(ex);
128         }
129     }
130 }