1 /*
2 * This file is part of dependency-check-core.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * Copyright (c) 2016 Stefan Neuhaus. All Rights Reserved.
17 */
18 package org.owasp.dependencycheck;
19
20 import org.owasp.dependencycheck.analyzer.Analyzer;
21 import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
22 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
23 import org.owasp.dependencycheck.dependency.Dependency;
24 import org.owasp.dependencycheck.utils.Settings;
25 import org.slf4j.Logger;
26 import org.slf4j.LoggerFactory;
27
28 import java.util.List;
29 import java.util.concurrent.Callable;
30
31 /**
32 * Task to support parallelism of dependency-check analysis.
33 * Analyses a single {@link Dependency} by a specific {@link Analyzer}.
34 *
35 * @author Stefan Neuhaus
36 */
37 class AnalysisTask implements Callable<Void> {
38
39 /**
40 * Instance of the logger.
41 */
42 private static final Logger LOGGER = LoggerFactory.getLogger(AnalysisTask.class);
43
44 /**
45 * A reference to the analyzer.
46 */
47 private final Analyzer analyzer;
48 /**
49 * The dependency to analyze.
50 */
51 private final Dependency dependency;
52 /**
53 * A reference to the dependency-check engine.
54 */
55 private final Engine engine;
56 /**
57 * The list of exceptions that may occur during analysis.
58 */
59 private final List<Throwable> exceptions;
60
61 /**
62 * Creates a new analysis task.
63 *
64 * @param analyzer a reference of the analyzer to execute
65 * @param dependency the dependency to analyze
66 * @param engine the dependency-check engine
67 * @param exceptions exceptions that occur during analysis will be added to
68 * this collection of exceptions
69 */
70 AnalysisTask(Analyzer analyzer, Dependency dependency, Engine engine, List<Throwable> exceptions) {
71 this.analyzer = analyzer;
72 this.dependency = dependency;
73 this.engine = engine;
74 this.exceptions = exceptions;
75 }
76
77 /**
78 * Executes the analysis task.
79 *
80 * @return null
81 * @throws Exception thrown if unable to execute the analysis task
82 */
83 @Override
84 public Void call() {
85 Settings.initialize();
86
87 if (shouldAnalyze()) {
88 LOGGER.debug("Begin Analysis of '{}' ({})", dependency.getActualFilePath(), analyzer.getName());
89 try {
90 analyzer.analyze(dependency, engine);
91 } catch (AnalysisException ex) {
92 LOGGER.warn("An error occurred while analyzing '{}' ({}).", dependency.getActualFilePath(), analyzer.getName());
93 LOGGER.debug("", ex);
94 exceptions.add(ex);
95 } catch (Throwable ex) {
96 LOGGER.warn("An unexpected error occurred during analysis of '{}' ({}): {}",
97 dependency.getActualFilePath(), analyzer.getName(), ex.getMessage());
98 LOGGER.debug("", ex);
99 exceptions.add(ex);
100 }
101 }
102
103 return null;
104 }
105
106 /**
107 * Determines if the analyzer can analyze the given dependency.
108 *
109 * @return whether or not the analyzer can analyze the dependency
110 */
111 boolean shouldAnalyze() {
112 if (analyzer instanceof FileTypeAnalyzer) {
113 final FileTypeAnalyzer fileTypeAnalyzer = (FileTypeAnalyzer) analyzer;
114 return fileTypeAnalyzer.accept(dependency.getActualFile());
115 }
116
117 return true;
118 }
119 }