Coverage Report

Coverage Report - org.owasp.dependencycheck.analyzer.NuspecAnalyzer

Classes in this File

Line Coverage

Branch Coverage

Complexity

NuspecAnalyzer

32%

9/28

0/6

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.analyzer;
 
 import java.io.FileInputStream;
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.data.nuget.NugetPackage;
 import org.owasp.dependencycheck.data.nuget.NuspecParser;
 import org.owasp.dependencycheck.data.nuget.XPathNuspecParser;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 
 /**
  * Analyzer which will parse a Nuspec file to gather module information.
  *
  * @author colezlaw
  */
 public class NuspecAnalyzer extends AbstractAnalyzer {
 
     /**
      * The logger
      */
     private static final Logger LOGGER = Logger.getLogger(NuspecAnalyzer.class.getName());
 
     /**
      * The name of the analyzer
      */
     private static final String ANALYZER_NAME = "Nuspec Analyzer";
 
     /**
      * The phase in which the analyzer runs
      */
     private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
 
     /**
      * The types of files on which this will work.
      */
     private static final Set<String> SUPPORTED_EXTENSIONS = newHashSet("nuspec");
 
     /**
      * Initializes the analyzer once before any analysis is performed.
      *
      * @throws Exception if there's an error during initialization
      */
     @Override
     public void initialize() throws Exception {
     }
 
     /**
      * Returns the analyzer's name.
      *
      * @return the name of the analyzer
      */
     @Override
     public String getName() {
         return ANALYZER_NAME;
     }
 
     /**
      * Returns the analysis phase under which the analyzer runs.
      *
      * @return the phase under which this analyzer runs
      */
     @Override
     public AnalysisPhase getAnalysisPhase() {
         return ANALYSIS_PHASE;
     }
 
     /**
      * Returns the extensions for which this Analyzer runs.
      *
      * @return the extensions for which this Analyzer runs
      */
     @Override
     public Set<String> getSupportedExtensions() {
         return SUPPORTED_EXTENSIONS;
     }
 
     /**
      * Determines whether the incoming extension is supported.
      *
      * @param extension the extension to check for support
      * @return whether the extension is supported
      */
     @Override
     public boolean supportsExtension(String extension) {
         return SUPPORTED_EXTENSIONS.contains(extension);
     }
 
     /**
      * Performs the analysis.
      *
      * @param dependency the dependency to analyze
      * @param engine the engine
      * @throws AnalysisException when there's an exception during analysis
      */
     @Override
     public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
         LOGGER.log(Level.INFO, "Checking Nuspec file {0}", dependency.toString());
         try {
             final NuspecParser parser = new XPathNuspecParser();
             NugetPackage np = null;
             FileInputStream fis = null;
             try {
                 fis = new FileInputStream(dependency.getActualFilePath());
                 np = parser.parse(fis);
             } finally {
                 if (fis != null) {
                     try { fis.close(); } catch (Exception e) { }
                 }
             }
 
             if (np.getOwners() != null) {
                 dependency.getVendorEvidence().addEvidence("nuspec", "owners", np.getOwners(), Confidence.HIGHEST);
             }
             dependency.getVendorEvidence().addEvidence("nuspec", "authors", np.getAuthors(), Confidence.HIGH);
             dependency.getVersionEvidence().addEvidence("nuspec", "version", np.getVersion(), Confidence.HIGHEST);
             dependency.getProductEvidence().addEvidence("nuspec", "id", np.getId(), Confidence.HIGHEST);
             if (np.getTitle() != null) {
                 dependency.getProductEvidence().addEvidence("nuspec", "title", np.getTitle(), Confidence.MEDIUM);
             }
         } catch (Exception e) {
             throw new AnalysisException(e);
         }
     }
 }
 
 // vim: cc=120:sw=4:ts=4:sts=4

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.analyzer;
19
20		import java.io.FileInputStream;
21		import java.util.Set;
22		import java.util.logging.Level;
23		import java.util.logging.Logger;
24
25		import org.owasp.dependencycheck.Engine;
26		import org.owasp.dependencycheck.data.nuget.NugetPackage;
27		import org.owasp.dependencycheck.data.nuget.NuspecParser;
28		import org.owasp.dependencycheck.data.nuget.XPathNuspecParser;
29		import org.owasp.dependencycheck.dependency.Confidence;
30		import org.owasp.dependencycheck.dependency.Dependency;
31
32		/**
33		* Analyzer which will parse a Nuspec file to gather module information.
34		*
35		* @author colezlaw
36		*/
37	5	public class NuspecAnalyzer extends AbstractAnalyzer {
38
39		/**
40		* The logger
41		*/
42	1	private static final Logger LOGGER = Logger.getLogger(NuspecAnalyzer.class.getName());
43
44		/**
45		* The name of the analyzer
46		*/
47		private static final String ANALYZER_NAME = "Nuspec Analyzer";
48
49		/**
50		* The phase in which the analyzer runs
51		*/
52	1	private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
53
54		/**
55		* The types of files on which this will work.
56		*/
57	1	private static final Set<String> SUPPORTED_EXTENSIONS = newHashSet("nuspec");
58
59		/**
60		* Initializes the analyzer once before any analysis is performed.
61		*
62		* @throws Exception if there's an error during initialization
63		*/
64		@Override
65		public void initialize() throws Exception {
66	3	}
67
68		/**
69		* Returns the analyzer's name.
70		*
71		* @return the name of the analyzer
72		*/
73		@Override
74		public String getName() {
75	10	return ANALYZER_NAME;
76		}
77
78		/**
79		* Returns the analysis phase under which the analyzer runs.
80		*
81		* @return the phase under which this analyzer runs
82		*/
83		@Override
84		public AnalysisPhase getAnalysisPhase() {
85	7	return ANALYSIS_PHASE;
86		}
87
88		/**
89		* Returns the extensions for which this Analyzer runs.
90		*
91		* @return the extensions for which this Analyzer runs
92		*/
93		@Override
94		public Set<String> getSupportedExtensions() {
95	140	return SUPPORTED_EXTENSIONS;
96		}
97
98		/**
99		* Determines whether the incoming extension is supported.
100		*
101		* @param extension the extension to check for support
102		* @return whether the extension is supported
103		*/
104		@Override
105		public boolean supportsExtension(String extension) {
106	136	return SUPPORTED_EXTENSIONS.contains(extension);
107		}
108
109		/**
110		* Performs the analysis.
111		*
112		* @param dependency the dependency to analyze
113		* @param engine the engine
114		* @throws AnalysisException when there's an exception during analysis
115		*/
116		@Override
117		public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
118	0	LOGGER.log(Level.INFO, "Checking Nuspec file {0}", dependency.toString());
119		try {
120	0	final NuspecParser parser = new XPathNuspecParser();
121	0	NugetPackage np = null;
122	0	FileInputStream fis = null;
123		try {
124	0	fis = new FileInputStream(dependency.getActualFilePath());
125	0	np = parser.parse(fis);
126		} finally {
127	0	if (fis != null) {
128	0	try { fis.close(); } catch (Exception e) { }
129		}
130		}
131
132	0	if (np.getOwners() != null) {
133	0	dependency.getVendorEvidence().addEvidence("nuspec", "owners", np.getOwners(), Confidence.HIGHEST);
134		}
135	0	dependency.getVendorEvidence().addEvidence("nuspec", "authors", np.getAuthors(), Confidence.HIGH);
136	0	dependency.getVersionEvidence().addEvidence("nuspec", "version", np.getVersion(), Confidence.HIGHEST);
137	0	dependency.getProductEvidence().addEvidence("nuspec", "id", np.getId(), Confidence.HIGHEST);
138	0	if (np.getTitle() != null) {
139	0	dependency.getProductEvidence().addEvidence("nuspec", "title", np.getTitle(), Confidence.MEDIUM);
140		}
141	0	} catch (Exception e) {
142	0	throw new AnalysisException(e);
143	0	}
144	0	}
145		}
146
147		// vim: cc=120:sw=4:ts=4:sts=4