Coverage Report

Coverage Report - org.owasp.dependencycheck.data.central.CentralSearch

Classes in this File

Line Coverage

Branch Coverage

Complexity

CentralSearch

80%

37/46

78%

11/14

7.5

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.central;
 
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.logging.Logger;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.xpath.XPath;
 import javax.xml.xpath.XPathConstants;
 import javax.xml.xpath.XPathFactory;
 import org.owasp.dependencycheck.data.nexus.MavenArtifact;
 import org.owasp.dependencycheck.utils.Settings;
 import org.owasp.dependencycheck.utils.URLConnectionFactory;
 import org.w3c.dom.Document;
 import org.w3c.dom.NodeList;
 
 /**
  * Class of methods to search Maven Central via Central.
  *
  * @author colezlaw
  */
 public class CentralSearch {
 
     /**
      * The URL for the Central service
      */
     private final URL rootURL;
 
     /**
      * Whether to use the Proxy when making requests
      */
     private boolean useProxy;
 
     /**
      * Used for logging.
      */
     private static final Logger LOGGER = Logger.getLogger(CentralSearch.class.getName());
 
     /**
      * Creates a NexusSearch for the given repository URL.
      *
      * @param rootURL the URL of the repository on which searches should execute. Only parameters are added to this (so
      * it should end in /select)
      */
     public CentralSearch(URL rootURL) {
         this.rootURL = rootURL;
         if (null != Settings.getString(Settings.KEYS.PROXY_SERVER)) {
             useProxy = true;
             LOGGER.fine("Using proxy");
         } else {
             useProxy = false;
             LOGGER.fine("Not using proxy");
         }
     }
 
     /**
      * Searches the configured Central URL for the given sha1 hash. If the artifact is found, a
      * <code>MavenArtifact</code> is populated with the GAV.
      *
      * @param sha1 the SHA-1 hash string for which to search
      * @return the populated Maven GAV.
      * @throws IOException if it's unable to connect to the specified repository or if the specified artifact is not
      * found.
      */
     public List<MavenArtifact> searchSha1(String sha1) throws IOException {
         if (null == sha1 || !sha1.matches("^[0-9A-Fa-f]{40}$")) {
             throw new IllegalArgumentException("Invalid SHA1 format");
         }
 
         final URL url = new URL(rootURL + String.format("?q=1:\"%s\"&wt=xml", sha1));
 
         LOGGER.fine(String.format("Searching Central url %s", url.toString()));
 
         // Determine if we need to use a proxy. The rules:
         // 1) If the proxy is set, AND the setting is set to true, use the proxy
         // 2) Otherwise, don't use the proxy (either the proxy isn't configured,
         // or proxy is specifically set to false)
         final HttpURLConnection conn = URLConnectionFactory.createHttpURLConnection(url, useProxy);
 
         conn.setDoOutput(true);
 
         // JSON would be more elegant, but there's not currently a dependency
         // on JSON, so don't want to add one just for this
         conn.addRequestProperty("Accept", "application/xml");
         conn.connect();
 
         if (conn.getResponseCode() == 200) {
             boolean missing = false;
             try {
                 final DocumentBuilder builder = DocumentBuilderFactory
                         .newInstance().newDocumentBuilder();
                 final Document doc = builder.parse(conn.getInputStream());
                 final XPath xpath = XPathFactory.newInstance().newXPath();
                 final String numFound = xpath.evaluate("/response/result/@numFound", doc);
                 if ("0".equals(numFound)) {
                     missing = true;
                 } else {
                     final ArrayList<MavenArtifact> result = new ArrayList<MavenArtifact>();
                     final NodeList docs = (NodeList) xpath.evaluate("/response/result/doc", doc, XPathConstants.NODESET);
                     for (int i = 0; i < docs.getLength(); i++) {
                         final String g = xpath.evaluate("./str[@name='g']", docs.item(i));
                         LOGGER.finest(String.format("GroupId: %s", g));
                         final String a = xpath.evaluate("./str[@name='a']", docs.item(i));
                         LOGGER.finest(String.format("ArtifactId: %s", a));
                         final String v = xpath.evaluate("./str[@name='v']", docs.item(i));
                         LOGGER.finest(String.format("Version: %s", v));
                         result.add(new MavenArtifact(g, a, v, url.toString()));
                     }
 
                     return result;
                 }
             } catch (Throwable e) {
                 // Anything else is jacked up XML stuff that we really can't recover
                 // from well
                 throw new IOException(e.getMessage(), e);
             }
 
             if (missing) {
                 throw new FileNotFoundException("Artifact not found in Central");
             }
         } else {
             final String msg = String.format("Could not connect to Central received response code: %d %s",
                     conn.getResponseCode(), conn.getResponseMessage());
             LOGGER.fine(msg);
             throw new IOException(msg);
         }
 
         return null;
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.data.central;
19
20		import java.io.FileNotFoundException;
21		import java.io.IOException;
22		import java.net.HttpURLConnection;
23		import java.net.URL;
24		import java.util.ArrayList;
25		import java.util.List;
26		import java.util.logging.Logger;
27		import javax.xml.parsers.DocumentBuilder;
28		import javax.xml.parsers.DocumentBuilderFactory;
29		import javax.xml.xpath.XPath;
30		import javax.xml.xpath.XPathConstants;
31		import javax.xml.xpath.XPathFactory;
32		import org.owasp.dependencycheck.data.nexus.MavenArtifact;
33		import org.owasp.dependencycheck.utils.Settings;
34		import org.owasp.dependencycheck.utils.URLConnectionFactory;
35		import org.w3c.dom.Document;
36		import org.w3c.dom.NodeList;
37
38		/**
39		* Class of methods to search Maven Central via Central.
40		*
41		* @author colezlaw
42		*/
43		public class CentralSearch {
44
45		/**
46		* The URL for the Central service
47		*/
48		private final URL rootURL;
49
50		/**
51		* Whether to use the Proxy when making requests
52		*/
53		private boolean useProxy;
54
55		/**
56		* Used for logging.
57		*/
58	1	private static final Logger LOGGER = Logger.getLogger(CentralSearch.class.getName());
59
60		/**
61		* Creates a NexusSearch for the given repository URL.
62		*
63		* @param rootURL the URL of the repository on which searches should execute. Only parameters are added to this (so
64		* it should end in /select)
65		*/
66	6	public CentralSearch(URL rootURL) {
67	6	this.rootURL = rootURL;
68	6	if (null != Settings.getString(Settings.KEYS.PROXY_SERVER)) {
69	0	useProxy = true;
70	0	LOGGER.fine("Using proxy");
71		} else {
72	6	useProxy = false;
73	6	LOGGER.fine("Not using proxy");
74		}
75	6	}
76
77		/**
78		* Searches the configured Central URL for the given sha1 hash. If the artifact is found, a
79		* <code>MavenArtifact</code> is populated with the GAV.
80		*
81		* @param sha1 the SHA-1 hash string for which to search
82		* @return the populated Maven GAV.
83		* @throws IOException if it's unable to connect to the specified repository or if the specified artifact is not
84		* found.
85		*/
86		public List<MavenArtifact> searchSha1(String sha1) throws IOException {
87	7	if (null == sha1 \|\| !sha1.matches("^[0-9A-Fa-f]{40}$")) {
88	2	throw new IllegalArgumentException("Invalid SHA1 format");
89		}
90
91	5	final URL url = new URL(rootURL + String.format("?q=1:\"%s\"&wt=xml", sha1));
92
93	5	LOGGER.fine(String.format("Searching Central url %s", url.toString()));
94
95		// Determine if we need to use a proxy. The rules:
96		// 1) If the proxy is set, AND the setting is set to true, use the proxy
97		// 2) Otherwise, don't use the proxy (either the proxy isn't configured,
98		// or proxy is specifically set to false)
99	5	final HttpURLConnection conn = URLConnectionFactory.createHttpURLConnection(url, useProxy);
100
101	5	conn.setDoOutput(true);
102
103		// JSON would be more elegant, but there's not currently a dependency
104		// on JSON, so don't want to add one just for this
105	5	conn.addRequestProperty("Accept", "application/xml");
106	5	conn.connect();
107
108	5	if (conn.getResponseCode() == 200) {
109	5	boolean missing = false;
110		try {
111	5	final DocumentBuilder builder = DocumentBuilderFactory
112		.newInstance().newDocumentBuilder();
113	5	final Document doc = builder.parse(conn.getInputStream());
114	5	final XPath xpath = XPathFactory.newInstance().newXPath();
115	5	final String numFound = xpath.evaluate("/response/result/@numFound", doc);
116	5	if ("0".equals(numFound)) {
117	1	missing = true;
118		} else {
119	4	final ArrayList<MavenArtifact> result = new ArrayList<MavenArtifact>();
120	4	final NodeList docs = (NodeList) xpath.evaluate("/response/result/doc", doc, XPathConstants.NODESET);
121	9	for (int i = 0; i < docs.getLength(); i++) {
122	5	final String g = xpath.evaluate("./str[@name='g']", docs.item(i));
123	5	LOGGER.finest(String.format("GroupId: %s", g));
124	5	final String a = xpath.evaluate("./str[@name='a']", docs.item(i));
125	5	LOGGER.finest(String.format("ArtifactId: %s", a));
126	5	final String v = xpath.evaluate("./str[@name='v']", docs.item(i));
127	5	LOGGER.finest(String.format("Version: %s", v));
128	5	result.add(new MavenArtifact(g, a, v, url.toString()));
129		}
130
131	4	return result;
132		}
133	0	} catch (Throwable e) {
134		// Anything else is jacked up XML stuff that we really can't recover
135		// from well
136	0	throw new IOException(e.getMessage(), e);
137	1	}
138
139	1	if (missing) {
140	1	throw new FileNotFoundException("Artifact not found in Central");
141		}
142	0	} else {
143	0	final String msg = String.format("Could not connect to Central received response code: %d %s",
144		conn.getResponseCode(), conn.getResponseMessage());
145	0	LOGGER.fine(msg);
146	0	throw new IOException(msg);
147		}
148
149	0	return null;
150		}
151		}