Coverage Report

Coverage Report - org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer

Classes in this File

0/45

0/14

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.analyzer;
 
 import java.io.File;
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.List;
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.regex.Pattern;
 import org.owasp.dependencycheck.suppression.SuppressionParseException;
 import org.owasp.dependencycheck.suppression.SuppressionParser;
 import org.owasp.dependencycheck.suppression.SuppressionRule;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Downloader;
 import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.Settings;
 
 /**
  * Abstract base suppression analyzer that contains methods for parsing the suppression xml file.
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
 public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
 
     //<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
     /**
      * Returns a list of file EXTENSIONS supported by this analyzer.
      *
      * @return a list of file EXTENSIONS supported by this analyzer.
      */
     public Set<String> getSupportedExtensions() {
         return null;
     }
 
     //</editor-fold>
     /**
      * The initialize method loads the suppression XML file.
      *
      * @throws Exception thrown if there is an exception
      */
     @Override
     public void initialize() throws Exception {
         super.initialize();
         loadSuppressionData();
     }
     /**
      * The list of suppression rules
      */
     private List<SuppressionRule> rules;
 
     /**
      * Get the value of rules.
      *
      * @return the value of rules
      */
     public List<SuppressionRule> getRules() {
         return rules;
     }
 
     /**
      * Set the value of rules.
      *
      * @param rules new value of rules
      */
     public void setRules(List<SuppressionRule> rules) {
         this.rules = rules;
     }
 
     /**
      * Loads the suppression rules file.
      *
      * @throws SuppressionParseException thrown if the XML cannot be parsed.
      */
     private void loadSuppressionData() throws SuppressionParseException {
         final String suppressionFilePath = Settings.getString(Settings.KEYS.SUPPRESSION_FILE);
         if (suppressionFilePath == null) {
             return;
         }
         File file = null;
         boolean deleteTempFile = false;
         try {
             final Pattern uriRx = Pattern.compile("^(https?|file)\\:.*", Pattern.CASE_INSENSITIVE);
             if (uriRx.matcher(suppressionFilePath).matches()) {
                 deleteTempFile = true;
                 file = FileUtils.getTempFile("suppression", "xml");
                 final URL url = new URL(suppressionFilePath);
                 try {
                     Downloader.fetchFile(url, file, false);
                 } catch (DownloadFailedException ex) {
                     Downloader.fetchFile(url, file, true);
                 }
             } else {
                 file = new File(suppressionFilePath);
             }
 
             if (file != null) {
                 final SuppressionParser parser = new SuppressionParser();
                 try {
                     rules = parser.parseSuppressionRules(file);
                     Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.FINE, rules.size() + " suppression rules were loaded.");
                 } catch (SuppressionParseException ex) {
                     final String msg = String.format("Unable to parse suppression xml file '%s'", file.getPath());
                     Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.WARNING, msg);
                     Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.WARNING, ex.getMessage());
                     Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.FINE, "", ex);
                     throw ex;
                 }
             }
         } catch (DownloadFailedException ex) {
             Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.WARNING,
                     "Unable to fetch the configured suppression file");
             Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.FINE, "", ex);
             throw new SuppressionParseException("Unable to fetch the configured suppression file", ex);
         } catch (MalformedURLException ex) {
             Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.WARNING,
                     "Configured suppression file has an invalid URL");
             Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.FINE, "", ex);
             throw new SuppressionParseException("Configured suppression file has an invalid URL", ex);
         } catch (IOException ex) {
             Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.WARNING,
                     "Unable to create temp file for suppressions");
             Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.FINE, "", ex);
             throw new SuppressionParseException("Unable to create temp file for suppressions", ex);
         } finally {
             if (deleteTempFile && file != null) {
                 FileUtils.delete(file);
             }
         }
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.analyzer;
19
20		import java.io.File;
21		import java.io.IOException;
22		import java.net.MalformedURLException;
23		import java.net.URL;
24		import java.util.List;
25		import java.util.Set;
26		import java.util.logging.Level;
27		import java.util.logging.Logger;
28		import java.util.regex.Pattern;
29		import org.owasp.dependencycheck.suppression.SuppressionParseException;
30		import org.owasp.dependencycheck.suppression.SuppressionParser;
31		import org.owasp.dependencycheck.suppression.SuppressionRule;
32		import org.owasp.dependencycheck.utils.DownloadFailedException;
33		import org.owasp.dependencycheck.utils.Downloader;
34		import org.owasp.dependencycheck.utils.FileUtils;
35		import org.owasp.dependencycheck.utils.Settings;
36
37		/**
38		* Abstract base suppression analyzer that contains methods for parsing the suppression xml file.
39		*
40		* @author Jeremy Long <jeremy.long@owasp.org>
41		*/
42		public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
43
44		//<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
45		/**
46		* Returns a list of file EXTENSIONS supported by this analyzer.
47		*
48		* @return a list of file EXTENSIONS supported by this analyzer.
49		*/
50		public Set<String> getSupportedExtensions() {
51		return null;
52		}
53
54		//</editor-fold>
55		/**
56		* The initialize method loads the suppression XML file.
57		*
58		* @throws Exception thrown if there is an exception
59		*/
60		@Override
61		public void initialize() throws Exception {
62	0	super.initialize();
63	0	loadSuppressionData();
64	0	}
65		/**
66		* The list of suppression rules
67		*/
68		private List<SuppressionRule> rules;
69
70		/**
71		* Get the value of rules.
72		*
73		* @return the value of rules
74		*/
75		public List<SuppressionRule> getRules() {
76		return rules;
77		}
78
79		/**
80		* Set the value of rules.
81		*
82		* @param rules new value of rules
83		*/
84		public void setRules(List<SuppressionRule> rules) {
85		this.rules = rules;
86		}
87
88		/**
89		* Loads the suppression rules file.
90		*
91		* @throws SuppressionParseException thrown if the XML cannot be parsed.
92		*/
93		private void loadSuppressionData() throws SuppressionParseException {
94	0	final String suppressionFilePath = Settings.getString(Settings.KEYS.SUPPRESSION_FILE);
95	0	if (suppressionFilePath == null) {
96	0	return;
97		}
98	0	File file = null;
99	0	boolean deleteTempFile = false;
100		try {
101	0	final Pattern uriRx = Pattern.compile("^(https?\|file)\\:.*", Pattern.CASE_INSENSITIVE);
102	0	if (uriRx.matcher(suppressionFilePath).matches()) {
103	0	deleteTempFile = true;
104	0	file = FileUtils.getTempFile("suppression", "xml");
105	0	final URL url = new URL(suppressionFilePath);
106		try {
107	0	Downloader.fetchFile(url, file, false);
108	0	} catch (DownloadFailedException ex) {
109	0	Downloader.fetchFile(url, file, true);
110	0	}
111	0	} else {
112	0	file = new File(suppressionFilePath);
113		}
114
115	0	if (file != null) {
116	0	final SuppressionParser parser = new SuppressionParser();
117		try {
118	0	rules = parser.parseSuppressionRules(file);
119	0	Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.FINE, rules.size() + " suppression rules were loaded.");
120	0	} catch (SuppressionParseException ex) {
121	0	final String msg = String.format("Unable to parse suppression xml file '%s'", file.getPath());
122	0	Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.WARNING, msg);
123	0	Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.WARNING, ex.getMessage());
124	0	Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.FINE, "", ex);
125	0	throw ex;
126	0	}
127		}
128	0	} catch (DownloadFailedException ex) {
129	0	Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.WARNING,
130		"Unable to fetch the configured suppression file");
131	0	Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.FINE, "", ex);
132	0	throw new SuppressionParseException("Unable to fetch the configured suppression file", ex);
133	0	} catch (MalformedURLException ex) {
134	0	Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.WARNING,
135		"Configured suppression file has an invalid URL");
136	0	Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.FINE, "", ex);
137	0	throw new SuppressionParseException("Configured suppression file has an invalid URL", ex);
138	0	} catch (IOException ex) {
139	0	Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.WARNING,
140		"Unable to create temp file for suppressions");
141	0	Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()).log(Level.FINE, "", ex);
142	0	throw new SuppressionParseException("Unable to create temp file for suppressions", ex);
143		} finally {
144	0	if (deleteTempFile && file != null) {
145	0	FileUtils.delete(file);
146		}
147		}
148	0	}
149		}