Coverage Report

Coverage Report - org.owasp.dependencycheck.xml.pom.PomUtils

Classes in this File

Line Coverage

Branch Coverage

Complexity

PomUtils

28%

14/49

50%

1/2

4.25

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2015 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.xml.pom;
 
 import java.io.File;
 import java.io.IOException;
 import java.util.jar.JarFile;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.zip.ZipEntry;
 import org.owasp.dependencycheck.analyzer.JarAnalyzer;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Dependency;
 
 /**
  *
  * @author jeremy
  */
 public final class PomUtils {
 
     /**
      * empty private constructor for utility class.
      */
     private PomUtils() {
     }
     /**
      * The logger.
      */
     private static final Logger LOGGER = Logger.getLogger(PomUtils.class.getName());
 
     /**
      * Reads in the specified POM and converts it to a Model.
      *
      * @param file the pom.xml file
      * @return returns a
      * @throws AnalysisException is thrown if there is an exception extracting or parsing the POM
      * {@link org.owasp.dependencycheck.jaxb.pom.generated.Model} object
      */
     public static Model readPom(File file) throws AnalysisException {
         Model model = null;
         try {
             final PomParser parser = new PomParser();
             model = parser.parse(file);
         } catch (PomParseException ex) {
             final String msg = String.format("Unable to parse pom '%s'", file.getPath());
             LOGGER.log(Level.WARNING, msg);
             LOGGER.log(Level.FINE, "", ex);
             throw new AnalysisException(ex);
         } catch (IOException ex) {
             final String msg = String.format("Unable to parse pom '%s'(IO Exception)", file.getPath());
             LOGGER.log(Level.WARNING, msg);
             LOGGER.log(Level.FINE, "", ex);
             throw new AnalysisException(ex);
         } catch (Throwable ex) {
             final String msg = String.format("Unexpected error during parsing of the pom '%s'", file.getPath());
             LOGGER.log(Level.WARNING, msg);
             LOGGER.log(Level.FINE, "", ex);
             throw new AnalysisException(ex);
         }
         return model;
     }
 
     /**
      * Retrieves the specified POM from a jar file and converts it to a Model.
      *
      * @param path the path to the pom.xml file within the jar file
      * @param jar the jar file to extract the pom from
      * @return returns a
      * @throws AnalysisException is thrown if there is an exception extracting or parsing the POM
      * {@link org.owasp.dependencycheck.jaxb.pom.generated.Model} object
      */
     public static Model readPom(String path, JarFile jar) throws AnalysisException {
         final ZipEntry entry = jar.getEntry(path);
         Model model = null;
         if (entry != null) { //should never be null
             try {
                 final PomParser parser = new PomParser();
                 model = parser.parse(jar.getInputStream(entry));
                 LOGGER.fine(String.format("Read POM %s", path));
             } catch (SecurityException ex) {
                 final String msg = String.format("Unable to parse pom '%s' in jar '%s'; invalid signature", path, jar.getName());
                 LOGGER.log(Level.WARNING, msg);
                 LOGGER.log(Level.FINE, null, ex);
                 throw new AnalysisException(ex);
             } catch (IOException ex) {
                 final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName());
                 LOGGER.log(Level.WARNING, msg);
                 LOGGER.log(Level.FINE, "", ex);
                 throw new AnalysisException(ex);
             } catch (Throwable ex) {
                 final String msg = String.format("Unexpected error during parsing of the pom '%s' in jar '%s'", path, jar.getName());
                 LOGGER.log(Level.WARNING, msg);
                 LOGGER.log(Level.FINE, "", ex);
                 throw new AnalysisException(ex);
             }
         }
         return model;
     }
 
     /**
      * Reads in the pom file and adds elements as evidence to the given dependency.
      *
      * @param dependency the dependency being analyzed
      * @param pomFile the pom file to read
      * @throws AnalysisException is thrown if there is an exception parsing the pom
      */
     public static void analyzePOM(Dependency dependency, File pomFile) throws AnalysisException {
         final Model pom = PomUtils.readPom(pomFile);
         JarAnalyzer.setPomEvidence(dependency, pom, null);
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2015 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.xml.pom;
19
20		import java.io.File;
21		import java.io.IOException;
22		import java.util.jar.JarFile;
23		import java.util.logging.Level;
24		import java.util.logging.Logger;
25		import java.util.zip.ZipEntry;
26		import org.owasp.dependencycheck.analyzer.JarAnalyzer;
27		import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
28		import org.owasp.dependencycheck.dependency.Dependency;
29
30		/**
31		*
32		* @author jeremy
33		*/
34		public final class PomUtils {
35
36		/**
37		* empty private constructor for utility class.
38		*/
39	0	private PomUtils() {
40	0	}
41		/**
42		* The logger.
43		*/
44	1	private static final Logger LOGGER = Logger.getLogger(PomUtils.class.getName());
45
46		/**
47		* Reads in the specified POM and converts it to a Model.
48		*
49		* @param file the pom.xml file
50		* @return returns a
51		* @throws AnalysisException is thrown if there is an exception extracting or parsing the POM
52		* {@link org.owasp.dependencycheck.jaxb.pom.generated.Model} object
53		*/
54		public static Model readPom(File file) throws AnalysisException {
55	1	Model model = null;
56		try {
57	1	final PomParser parser = new PomParser();
58	1	model = parser.parse(file);
59	0	} catch (PomParseException ex) {
60	0	final String msg = String.format("Unable to parse pom '%s'", file.getPath());
61	0	LOGGER.log(Level.WARNING, msg);
62	0	LOGGER.log(Level.FINE, "", ex);
63	0	throw new AnalysisException(ex);
64	0	} catch (IOException ex) {
65	0	final String msg = String.format("Unable to parse pom '%s'(IO Exception)", file.getPath());
66	0	LOGGER.log(Level.WARNING, msg);
67	0	LOGGER.log(Level.FINE, "", ex);
68	0	throw new AnalysisException(ex);
69	0	} catch (Throwable ex) {
70	0	final String msg = String.format("Unexpected error during parsing of the pom '%s'", file.getPath());
71	0	LOGGER.log(Level.WARNING, msg);
72	0	LOGGER.log(Level.FINE, "", ex);
73	0	throw new AnalysisException(ex);
74	1	}
75	1	return model;
76		}
77
78		/**
79		* Retrieves the specified POM from a jar file and converts it to a Model.
80		*
81		* @param path the path to the pom.xml file within the jar file
82		* @param jar the jar file to extract the pom from
83		* @return returns a
84		* @throws AnalysisException is thrown if there is an exception extracting or parsing the POM
85		* {@link org.owasp.dependencycheck.jaxb.pom.generated.Model} object
86		*/
87		public static Model readPom(String path, JarFile jar) throws AnalysisException {
88	1	final ZipEntry entry = jar.getEntry(path);
89	1	Model model = null;
90	1	if (entry != null) { //should never be null
91		try {
92	1	final PomParser parser = new PomParser();
93	1	model = parser.parse(jar.getInputStream(entry));
94	1	LOGGER.fine(String.format("Read POM %s", path));
95	0	} catch (SecurityException ex) {
96	0	final String msg = String.format("Unable to parse pom '%s' in jar '%s'; invalid signature", path, jar.getName());
97	0	LOGGER.log(Level.WARNING, msg);
98	0	LOGGER.log(Level.FINE, null, ex);
99	0	throw new AnalysisException(ex);
100	0	} catch (IOException ex) {
101	0	final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName());
102	0	LOGGER.log(Level.WARNING, msg);
103	0	LOGGER.log(Level.FINE, "", ex);
104	0	throw new AnalysisException(ex);
105	0	} catch (Throwable ex) {
106	0	final String msg = String.format("Unexpected error during parsing of the pom '%s' in jar '%s'", path, jar.getName());
107	0	LOGGER.log(Level.WARNING, msg);
108	0	LOGGER.log(Level.FINE, "", ex);
109	0	throw new AnalysisException(ex);
110	1	}
111		}
112	1	return model;
113		}
114
115		/**
116		* Reads in the pom file and adds elements as evidence to the given dependency.
117		*
118		* @param dependency the dependency being analyzed
119		* @param pomFile the pom file to read
120		* @throws AnalysisException is thrown if there is an exception parsing the pom
121		*/
122		public static void analyzePOM(Dependency dependency, File pomFile) throws AnalysisException {
123	0	final Model pom = PomUtils.readPom(pomFile);
124	0	JarAnalyzer.setPomEvidence(dependency, pom, null);
125	0	}
126		}