Coverage Report - org.owasp.dependencycheck.xml.pom.PomUtils
 
Classes in this File Line Coverage Branch Coverage Complexity
PomUtils
32%
14/43
50%
1/2
4.25
 
 1   
 /*
 2   
  * This file is part of dependency-check-core.
 3   
  *
 4   
  * Licensed under the Apache License, Version 2.0 (the "License");
 5   
  * you may not use this file except in compliance with the License.
 6   
  * You may obtain a copy of the License at
 7   
  *
 8   
  *     http://www.apache.org/licenses/LICENSE-2.0
 9   
  *
 10   
  * Unless required by applicable law or agreed to in writing, software
 11   
  * distributed under the License is distributed on an "AS IS" BASIS,
 12   
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13   
  * See the License for the specific language governing permissions and
 14   
  * limitations under the License.
 15   
  *
 16   
  * Copyright (c) 2015 Jeremy Long. All Rights Reserved.
 17   
  */
 18   
 package org.owasp.dependencycheck.xml.pom;
 19   
 
 20   
 import java.io.File;
 21   
 import java.io.IOException;
 22   
 import java.util.jar.JarFile;
 23   
 import java.util.zip.ZipEntry;
 24   
 import org.owasp.dependencycheck.analyzer.JarAnalyzer;
 25   
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 26   
 import org.owasp.dependencycheck.dependency.Dependency;
 27   
 import org.slf4j.Logger;
 28   
 import org.slf4j.LoggerFactory;
 29   
 
 30   
 /**
 31   
  *
 32   
  * @author jeremy
 33   
  */
 34   
 public final class PomUtils {
 35   
 
 36   
     /**
 37   
      * empty private constructor for utility class.
 38   
      */
 39  0 
     private PomUtils() {
 40  0 
     }
 41   
     /**
 42   
      * The logger.
 43   
      */
 44  1 
     private static final Logger LOGGER = LoggerFactory.getLogger(PomUtils.class);
 45   
 
 46   
     /**
 47   
      * Reads in the specified POM and converts it to a Model.
 48   
      *
 49   
      * @param file the pom.xml file
 50   
      * @return returns a
 51   
      * @throws AnalysisException is thrown if there is an exception extracting or parsing the POM {@link Model} object
 52   
      */
 53   
     public static Model readPom(File file) throws AnalysisException {
 54  1 
         Model model = null;
 55   
         try {
 56  1 
             final PomParser parser = new PomParser();
 57  1 
             model = parser.parse(file);
 58  0 
         } catch (PomParseException ex) {
 59  0 
             LOGGER.warn("Unable to parse pom '{}'", file.getPath());
 60  0 
             LOGGER.debug("", ex);
 61  0 
             throw new AnalysisException(ex);
 62  0 
         } catch (IOException ex) {
 63  0 
             LOGGER.warn("Unable to parse pom '{}'(IO Exception)", file.getPath());
 64  0 
             LOGGER.debug("", ex);
 65  0 
             throw new AnalysisException(ex);
 66  0 
         } catch (Throwable ex) {
 67  0 
             LOGGER.warn("Unexpected error during parsing of the pom '{}'", file.getPath());
 68  0 
             LOGGER.debug("", ex);
 69  0 
             throw new AnalysisException(ex);
 70  1 
         }
 71  1 
         return model;
 72   
     }
 73   
 
 74   
     /**
 75   
      * Retrieves the specified POM from a jar file and converts it to a Model.
 76   
      *
 77   
      * @param path the path to the pom.xml file within the jar file
 78   
      * @param jar the jar file to extract the pom from
 79   
      * @return returns a
 80   
      * @throws AnalysisException is thrown if there is an exception extracting or parsing the POM {@link Model} object
 81   
      */
 82   
     public static Model readPom(String path, JarFile jar) throws AnalysisException {
 83  1 
         final ZipEntry entry = jar.getEntry(path);
 84  1 
         Model model = null;
 85  1 
         if (entry != null) { //should never be null
 86   
             try {
 87  1 
                 final PomParser parser = new PomParser();
 88  1 
                 model = parser.parse(jar.getInputStream(entry));
 89  1 
                 LOGGER.debug("Read POM {}", path);
 90  0 
             } catch (SecurityException ex) {
 91  0 
                 LOGGER.warn("Unable to parse pom '{}' in jar '{}'; invalid signature", path, jar.getName());
 92  0 
                 LOGGER.debug("", ex);
 93  0 
                 throw new AnalysisException(ex);
 94  0 
             } catch (IOException ex) {
 95  0 
                 LOGGER.warn("Unable to parse pom '{}' in jar '{}' (IO Exception)", path, jar.getName());
 96  0 
                 LOGGER.debug("", ex);
 97  0 
                 throw new AnalysisException(ex);
 98  0 
             } catch (Throwable ex) {
 99  0 
                 LOGGER.warn("Unexpected error during parsing of the pom '{}' in jar '{}'", path, jar.getName());
 100  0 
                 LOGGER.debug("", ex);
 101  0 
                 throw new AnalysisException(ex);
 102  1 
             }
 103   
         }
 104  1 
         return model;
 105   
     }
 106   
 
 107   
     /**
 108   
      * Reads in the pom file and adds elements as evidence to the given dependency.
 109   
      *
 110   
      * @param dependency the dependency being analyzed
 111   
      * @param pomFile the pom file to read
 112   
      * @throws AnalysisException is thrown if there is an exception parsing the pom
 113   
      */
 114   
     public static void analyzePOM(Dependency dependency, File pomFile) throws AnalysisException {
 115  0 
         final Model pom = PomUtils.readPom(pomFile);
 116  0 
         JarAnalyzer.setPomEvidence(dependency, pom, null);
 117  0 
     }
 118   
 }
Report generated by Cobertura 2.1.1 on 11/29/15 7:26 AM.