Coverage Report

Coverage Report - org.owasp.dependencycheck.suppression.SuppressionParser

Classes in this File

Line Coverage

Branch Coverage

Complexity

SuppressionParser

65%

26/40

50%

1/2

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.suppression;
 
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.Reader;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 import org.xml.sax.XMLReader;
 
 /**
  * A simple validating parser for XML Suppression Rules.
  *
  * @author Jeremy Long
  */
 public class SuppressionParser {
 
     /**
      * The logger.
      */
     private static final Logger LOGGER = Logger.getLogger(SuppressionParser.class.getName());
     /**
      * JAXP Schema Language. Source: http://docs.oracle.com/javase/tutorial/jaxp/sax/validation.html
      */
     public static final String JAXP_SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
     /**
      * W3C XML Schema. Source: http://docs.oracle.com/javase/tutorial/jaxp/sax/validation.html
      */
     public static final String W3C_XML_SCHEMA = "http://www.w3.org/2001/XMLSchema";
     /**
      * JAXP Schema Source. Source: http://docs.oracle.com/javase/tutorial/jaxp/sax/validation.html
      */
     public static final String JAXP_SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource";
 
     /**
      * Parses the given xml file and returns a list of the suppression rules contained.
      *
      * @param file an xml file containing suppression rules
      * @return a list of suppression rules
      * @throws SuppressionParseException thrown if the xml file cannot be parsed
      */
     public List<SuppressionRule> parseSuppressionRules(File file) throws SuppressionParseException {
         FileInputStream fis = null;
         try {
             fis = new FileInputStream(file);
             return parseSuppressionRules(fis);
         } catch (IOException ex) {
             LOGGER.log(Level.FINE, null, ex);
             throw new SuppressionParseException(ex);
         } finally {
             if (fis != null) {
                 try {
                     fis.close();
                 } catch (IOException ex) {
                     LOGGER.log(Level.FINE, "Unable to close stream", ex);
                 }
             }
         }
     }
 
     /**
      * Parses the given xml stream and returns a list of the suppression rules contained.
      *
      * @param inputStream an InputStream containing suppression rues
      * @return a list of suppression rules
      * @throws SuppressionParseException if the xml cannot be parsed
      */
     public List<SuppressionRule> parseSuppressionRules(InputStream inputStream) throws SuppressionParseException {
         try {
             final InputStream schemaStream = this.getClass().getClassLoader().getResourceAsStream("schema/suppression.xsd");
             final SuppressionHandler handler = new SuppressionHandler();
             final SAXParserFactory factory = SAXParserFactory.newInstance();
             factory.setNamespaceAware(true);
             factory.setValidating(true);
             final SAXParser saxParser = factory.newSAXParser();
             saxParser.setProperty(SuppressionParser.JAXP_SCHEMA_LANGUAGE, SuppressionParser.W3C_XML_SCHEMA);
             saxParser.setProperty(SuppressionParser.JAXP_SCHEMA_SOURCE, new InputSource(schemaStream));
             final XMLReader xmlReader = saxParser.getXMLReader();
             xmlReader.setErrorHandler(new SuppressionErrorHandler());
             xmlReader.setContentHandler(handler);
 
             final Reader reader = new InputStreamReader(inputStream, "UTF-8");
             final InputSource in = new InputSource(reader);
             //in.setEncoding("UTF-8");
 
             xmlReader.parse(in);
 
             return handler.getSuppressionRules();
         } catch (ParserConfigurationException ex) {
             LOGGER.log(Level.FINE, null, ex);
             throw new SuppressionParseException(ex);
         } catch (SAXException ex) {
             LOGGER.log(Level.FINE, null, ex);
             throw new SuppressionParseException(ex);
         } catch (FileNotFoundException ex) {
             LOGGER.log(Level.FINE, null, ex);
             throw new SuppressionParseException(ex);
         } catch (IOException ex) {
             LOGGER.log(Level.FINE, null, ex);
             throw new SuppressionParseException(ex);
         }
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.suppression;
19
20		import java.io.File;
21		import java.io.FileInputStream;
22		import java.io.FileNotFoundException;
23		import java.io.IOException;
24		import java.io.InputStream;
25		import java.io.InputStreamReader;
26		import java.io.Reader;
27		import java.util.List;
28		import java.util.logging.Level;
29		import java.util.logging.Logger;
30		import javax.xml.parsers.ParserConfigurationException;
31		import javax.xml.parsers.SAXParser;
32		import javax.xml.parsers.SAXParserFactory;
33		import org.xml.sax.InputSource;
34		import org.xml.sax.SAXException;
35		import org.xml.sax.XMLReader;
36
37		/**
38		* A simple validating parser for XML Suppression Rules.
39		*
40		* @author Jeremy Long
41		*/
42	6	public class SuppressionParser {
43
44		/**
45		* The logger.
46		*/
47	1	private static final Logger LOGGER = Logger.getLogger(SuppressionParser.class.getName());
48		/**
49		* JAXP Schema Language. Source: http://docs.oracle.com/javase/tutorial/jaxp/sax/validation.html
50		*/
51		public static final String JAXP_SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
52		/**
53		* W3C XML Schema. Source: http://docs.oracle.com/javase/tutorial/jaxp/sax/validation.html
54		*/
55		public static final String W3C_XML_SCHEMA = "http://www.w3.org/2001/XMLSchema";
56		/**
57		* JAXP Schema Source. Source: http://docs.oracle.com/javase/tutorial/jaxp/sax/validation.html
58		*/
59		public static final String JAXP_SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource";
60
61		/**
62		* Parses the given xml file and returns a list of the suppression rules contained.
63		*
64		* @param file an xml file containing suppression rules
65		* @return a list of suppression rules
66		* @throws SuppressionParseException thrown if the xml file cannot be parsed
67		*/
68		public List<SuppressionRule> parseSuppressionRules(File file) throws SuppressionParseException {
69	4	FileInputStream fis = null;
70		try {
71	4	fis = new FileInputStream(file);
72	3	return parseSuppressionRules(fis);
73	1	} catch (IOException ex) {
74	1	LOGGER.log(Level.FINE, null, ex);
75	1	throw new SuppressionParseException(ex);
76		} finally {
77	4	if (fis != null) {
78		try {
79	3	fis.close();
80	0	} catch (IOException ex) {
81	0	LOGGER.log(Level.FINE, "Unable to close stream", ex);
82	7	}
83		}
84		}
85		}
86
87		/**
88		* Parses the given xml stream and returns a list of the suppression rules contained.
89		*
90		* @param inputStream an InputStream containing suppression rues
91		* @return a list of suppression rules
92		* @throws SuppressionParseException if the xml cannot be parsed
93		*/
94		public List<SuppressionRule> parseSuppressionRules(InputStream inputStream) throws SuppressionParseException {
95		try {
96	8	final InputStream schemaStream = this.getClass().getClassLoader().getResourceAsStream("schema/suppression.xsd");
97	8	final SuppressionHandler handler = new SuppressionHandler();
98	8	final SAXParserFactory factory = SAXParserFactory.newInstance();
99	8	factory.setNamespaceAware(true);
100	8	factory.setValidating(true);
101	8	final SAXParser saxParser = factory.newSAXParser();
102	8	saxParser.setProperty(SuppressionParser.JAXP_SCHEMA_LANGUAGE, SuppressionParser.W3C_XML_SCHEMA);
103	8	saxParser.setProperty(SuppressionParser.JAXP_SCHEMA_SOURCE, new InputSource(schemaStream));
104	8	final XMLReader xmlReader = saxParser.getXMLReader();
105	8	xmlReader.setErrorHandler(new SuppressionErrorHandler());
106	8	xmlReader.setContentHandler(handler);
107
108	8	final Reader reader = new InputStreamReader(inputStream, "UTF-8");
109	8	final InputSource in = new InputSource(reader);
110		//in.setEncoding("UTF-8");
111
112	8	xmlReader.parse(in);
113
114	8	return handler.getSuppressionRules();
115	0	} catch (ParserConfigurationException ex) {
116	0	LOGGER.log(Level.FINE, null, ex);
117	0	throw new SuppressionParseException(ex);
118	0	} catch (SAXException ex) {
119	0	LOGGER.log(Level.FINE, null, ex);
120	0	throw new SuppressionParseException(ex);
121	0	} catch (FileNotFoundException ex) {
122	0	LOGGER.log(Level.FINE, null, ex);
123	0	throw new SuppressionParseException(ex);
124	0	} catch (IOException ex) {
125	0	LOGGER.log(Level.FINE, null, ex);
126	0	throw new SuppressionParseException(ex);
127		}
128		}
129		}