Coverage Report

Coverage Report - org.owasp.dependencycheck.utils.DependencyVersionUtil

Classes in this File

Line Coverage

Branch Coverage

Complexity

DependencyVersionUtil

88%

31/35

83%

20/24

7.333

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.utils;
 
 import java.util.ArrayList;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 /**
  * <p>
  * A utility class to extract version numbers from file names (or other strings
  * containing version numbers.</p>
  *
  * @author Jeremy Long
  */
 public final class DependencyVersionUtil {
 
     /**
      * Regular expression to extract version numbers from file names.
      */
     private static final Pattern RX_VERSION = Pattern.compile("\\d+(\\.\\d{1,6})+(\\.?([_-](release|beta|alpha|\\d+)|[a-zA-Z_-]{1,3}\\d{0,8}))?");
     /**
      * Regular expression to extract a single version number without periods.
      * This is a last ditch effort just to check in case we are missing a
      * version number using the previous regex.
      */
     private static final Pattern RX_SINGLE_VERSION = Pattern.compile("\\d+(\\.?([_-](release|beta|alpha)|[a-zA-Z_-]{1,3}\\d{1,8}))?");
 
     /**
      * Regular expression to extract the part before the version numbers if
      * there are any based on RX_VERSION. In most cases, this part represents a
      * more accurate name.
      */
     private static final Pattern RX_PRE_VERSION = Pattern.compile("^(.+)[_-](\\d+\\.\\d{1,6})+");
 
     /**
      * Private constructor for utility class.
      */
     private DependencyVersionUtil() {
     }
 
     /**
      * <p>
      * A utility class to extract version numbers from file names (or other
      * strings containing version numbers.</p>
      * <pre>
      * Example:
      * Give the file name: library-name-1.4.1r2-release.jar
      * This function would return: 1.4.1.r2</pre>
      *
      * @param text the text being analyzed
      * @return a DependencyVersion containing the version
      */
     public static DependencyVersion parseVersion(String text) {
         if (text == null) {
             return null;
         }
         //'-' is a special case used within the CVE entries, just include it as the version.
         if ("-".equals(text)) {
             final DependencyVersion dv = new DependencyVersion();
             final List<String> list = new ArrayList<String>();
             list.add(text);
             dv.setVersionParts(list);
             return dv;
         }
         String version = null;
         Matcher matcher = RX_VERSION.matcher(text);
         if (matcher.find()) {
             version = matcher.group();
         }
         //throw away the results if there are two things that look like version numbers
         if (matcher.find()) {
             return null;
         }
         if (version == null) {
             matcher = RX_SINGLE_VERSION.matcher(text);
             if (matcher.find()) {
                 version = matcher.group();
             } else {
                 return null;
             }
             //throw away the results if there are two things that look like version numbers
             if (matcher.find()) {
                 return null;
             }
         }
         if (version != null && version.endsWith("-py2") && version.length() > 4) {
             version = version.substring(0, version.length() - 4);
         }
         return new DependencyVersion(version);
     }
 
     /**
      * <p>
      * A utility class to extract the part before version numbers from file
      * names (or other strings containing version numbers. In most cases, this
      * part represents a more accurate name than the full file name.</p>
      * <pre>
      * Example:
      * Give the file name: library-name-1.4.1r2-release.jar
      * This function would return: library-name</pre>
      *
      * @param text the text being analyzed
      * @return the part before the version numbers if any, otherwise return the
      * text itself.
      */
     public static String parsePreVersion(String text) {
         if (parseVersion(text) == null) {
             return text;
         }
 
         final Matcher matcher = RX_PRE_VERSION.matcher(text);
         if (matcher.find()) {
             return matcher.group(1);
         }
         return text;
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.utils;
19
20		import java.util.ArrayList;
21		import java.util.List;
22		import java.util.regex.Matcher;
23		import java.util.regex.Pattern;
24
25		/**
26		* <p>
27		* A utility class to extract version numbers from file names (or other strings
28		* containing version numbers.</p>
29		*
30		* @author Jeremy Long
31		*/
32		public final class DependencyVersionUtil {
33
34		/**
35		* Regular expression to extract version numbers from file names.
36		*/
37	1	private static final Pattern RX_VERSION = Pattern.compile("\\d+(\\.\\d{1,6})+(\\.?([_-](release\|beta\|alpha\|\\d+)\|[a-zA-Z_-]{1,3}\\d{0,8}))?");
38		/**
39		* Regular expression to extract a single version number without periods.
40		* This is a last ditch effort just to check in case we are missing a
41		* version number using the previous regex.
42		*/
43	1	private static final Pattern RX_SINGLE_VERSION = Pattern.compile("\\d+(\\.?([_-](release\|beta\|alpha)\|[a-zA-Z_-]{1,3}\\d{1,8}))?");
44
45		/**
46		* Regular expression to extract the part before the version numbers if
47		* there are any based on RX_VERSION. In most cases, this part represents a
48		* more accurate name.
49		*/
50	1	private static final Pattern RX_PRE_VERSION = Pattern.compile("^(.+)[_-](\\d+\\.\\d{1,6})+");
51
52		/**
53		* Private constructor for utility class.
54		*/
55	0	private DependencyVersionUtil() {
56	0	}
57
58		/**
59		* <p>
60		* A utility class to extract version numbers from file names (or other
61		* strings containing version numbers.</p>
62		* <pre>
63		* Example:
64		* Give the file name: library-name-1.4.1r2-release.jar
65		* This function would return: 1.4.1.r2</pre>
66		*
67		* @param text the text being analyzed
68		* @return a DependencyVersion containing the version
69		*/
70		public static DependencyVersion parseVersion(String text) {
71	1123	if (text == null) {
72	0	return null;
73		}
74		//'-' is a special case used within the CVE entries, just include it as the version.
75	1123	if ("-".equals(text)) {
76	1	final DependencyVersion dv = new DependencyVersion();
77	1	final List<String> list = new ArrayList<String>();
78	1	list.add(text);
79	1	dv.setVersionParts(list);
80	1	return dv;
81		}
82	1122	String version = null;
83	1122	Matcher matcher = RX_VERSION.matcher(text);
84	1123	if (matcher.find()) {
85	1113	version = matcher.group();
86		}
87		//throw away the results if there are two things that look like version numbers
88	1123	if (matcher.find()) {
89	2	return null;
90		}
91	1121	if (version == null) {
92	10	matcher = RX_SINGLE_VERSION.matcher(text);
93	10	if (matcher.find()) {
94	2	version = matcher.group();
95		} else {
96	8	return null;
97		}
98		//throw away the results if there are two things that look like version numbers
99	2	if (matcher.find()) {
100	1	return null;
101		}
102		}
103	1112	if (version != null && version.endsWith("-py2") && version.length() > 4) {
104	1	version = version.substring(0, version.length() - 4);
105		}
106	1112	return new DependencyVersion(version);
107		}
108
109		/**
110		* <p>
111		* A utility class to extract the part before version numbers from file
112		* names (or other strings containing version numbers. In most cases, this
113		* part represents a more accurate name than the full file name.</p>
114		* <pre>
115		* Example:
116		* Give the file name: library-name-1.4.1r2-release.jar
117		* This function would return: library-name</pre>
118		*
119		* @param text the text being analyzed
120		* @return the part before the version numbers if any, otherwise return the
121		* text itself.
122		*/
123		public static String parsePreVersion(String text) {
124	6	if (parseVersion(text) == null) {
125	1	return text;
126		}
127
128	5	final Matcher matcher = RX_PRE_VERSION.matcher(text);
129	5	if (matcher.find()) {
130	5	return matcher.group(1);
131		}
132	0	return text;
133		}
134		}