Coverage Report

Coverage Report - org.owasp.dependencycheck.xml.pom.PomUtils

Classes in this File

Line Coverage

Branch Coverage

Complexity

PomUtils

11%

5/44

16%

1/6

5.5

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2015 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.xml.pom;
 
 import java.io.File;
 import java.io.IOException;
 import java.util.jar.JarFile;
 import java.util.zip.ZipEntry;
 import org.owasp.dependencycheck.analyzer.JarAnalyzer;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
  *
  * @author jeremy
  */
 public final class PomUtils {
 
     /**
      * empty private constructor for utility class.
      */
     private PomUtils() {
     }
     /**
      * The logger.
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(PomUtils.class);
 
     /**
      * Reads in the specified POM and converts it to a Model.
      *
      * @param file the pom.xml file
      * @return returns a
      * @throws AnalysisException is thrown if there is an exception extracting
      * or parsing the POM {@link Model} object
      */
     public static Model readPom(File file) throws AnalysisException {
         try {
             final PomParser parser = new PomParser();
             final Model model = parser.parse(file);
             if (model == null) {
                 throw new AnalysisException(String.format("Unable to parse pom '%s'", file.getPath()));
             }
             return model;
         } catch (PomParseException ex) {
             LOGGER.warn("Unable to parse pom '{}'", file.getPath());
             LOGGER.debug("", ex);
             throw new AnalysisException(ex);
         } catch (IOException ex) {
             LOGGER.warn("Unable to parse pom '{}'(IO Exception)", file.getPath());
             LOGGER.debug("", ex);
             throw new AnalysisException(ex);
         } catch (Throwable ex) {
             LOGGER.warn("Unexpected error during parsing of the pom '{}'", file.getPath());
             LOGGER.debug("", ex);
             throw new AnalysisException(ex);
         }
     }
 
     /**
      * Retrieves the specified POM from a jar file and converts it to a Model.
      *
      * @param path the path to the pom.xml file within the jar file
      * @param jar the jar file to extract the pom from
      * @return returns a
      * @throws AnalysisException is thrown if there is an exception extracting
      * or parsing the POM {@link Model} object
      */
     public static Model readPom(String path, JarFile jar) throws AnalysisException {
         final ZipEntry entry = jar.getEntry(path);
         Model model = null;
         if (entry != null) { //should never be null
             try {
                 final PomParser parser = new PomParser();
                 model = parser.parse(jar.getInputStream(entry));
                 if (model == null) {
                     throw new AnalysisException(String.format("Unable to parse pom '%s/%s'", jar.getName(), path));
                 }
             } catch (SecurityException ex) {
                 LOGGER.warn("Unable to parse pom '{}' in jar '{}'; invalid signature", path, jar.getName());
                 LOGGER.debug("", ex);
                 throw new AnalysisException(ex);
             } catch (IOException ex) {
                 LOGGER.warn("Unable to parse pom '{}' in jar '{}' (IO Exception)", path, jar.getName());
                 LOGGER.debug("", ex);
                 throw new AnalysisException(ex);
             } catch (Throwable ex) {
                 LOGGER.warn("Unexpected error during parsing of the pom '{}' in jar '{}'", path, jar.getName());
                 LOGGER.debug("", ex);
                 throw new AnalysisException(ex);
             }
         }
         return model;
     }
 
     /**
      * Reads in the pom file and adds elements as evidence to the given
      * dependency.
      *
      * @param dependency the dependency being analyzed
      * @param pomFile the pom file to read
      * @throws AnalysisException is thrown if there is an exception parsing the
      * pom
      */
     public static void analyzePOM(Dependency dependency, File pomFile) throws AnalysisException {
         final Model pom = PomUtils.readPom(pomFile);
         JarAnalyzer.setPomEvidence(dependency, pom, null);
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2015 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.xml.pom;
19
20		import java.io.File;
21		import java.io.IOException;
22		import java.util.jar.JarFile;
23		import java.util.zip.ZipEntry;
24		import org.owasp.dependencycheck.analyzer.JarAnalyzer;
25		import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
26		import org.owasp.dependencycheck.dependency.Dependency;
27		import org.slf4j.Logger;
28		import org.slf4j.LoggerFactory;
29
30		/**
31		*
32		* @author jeremy
33		*/
34		public final class PomUtils {
35
36		/**
37		* empty private constructor for utility class.
38		*/
39	0	private PomUtils() {
40	0	}
41		/**
42		* The logger.
43		*/
44	1	private static final Logger LOGGER = LoggerFactory.getLogger(PomUtils.class);
45
46		/**
47		* Reads in the specified POM and converts it to a Model.
48		*
49		* @param file the pom.xml file
50		* @return returns a
51		* @throws AnalysisException is thrown if there is an exception extracting
52		* or parsing the POM {@link Model} object
53		*/
54		public static Model readPom(File file) throws AnalysisException {
55		try {
56	3	final PomParser parser = new PomParser();
57	3	final Model model = parser.parse(file);
58	3	if (model == null) {
59	0	throw new AnalysisException(String.format("Unable to parse pom '%s'", file.getPath()));
60		}
61	3	return model;
62	0	} catch (PomParseException ex) {
63	0	LOGGER.warn("Unable to parse pom '{}'", file.getPath());
64	0	LOGGER.debug("", ex);
65	0	throw new AnalysisException(ex);
66	0	} catch (IOException ex) {
67	0	LOGGER.warn("Unable to parse pom '{}'(IO Exception)", file.getPath());
68	0	LOGGER.debug("", ex);
69	0	throw new AnalysisException(ex);
70	0	} catch (Throwable ex) {
71	0	LOGGER.warn("Unexpected error during parsing of the pom '{}'", file.getPath());
72	0	LOGGER.debug("", ex);
73	0	throw new AnalysisException(ex);
74		}
75		}
76
77		/**
78		* Retrieves the specified POM from a jar file and converts it to a Model.
79		*
80		* @param path the path to the pom.xml file within the jar file
81		* @param jar the jar file to extract the pom from
82		* @return returns a
83		* @throws AnalysisException is thrown if there is an exception extracting
84		* or parsing the POM {@link Model} object
85		*/
86		public static Model readPom(String path, JarFile jar) throws AnalysisException {
87	0	final ZipEntry entry = jar.getEntry(path);
88	0	Model model = null;
89	0	if (entry != null) { //should never be null
90		try {
91	0	final PomParser parser = new PomParser();
92	0	model = parser.parse(jar.getInputStream(entry));
93	0	if (model == null) {
94	0	throw new AnalysisException(String.format("Unable to parse pom '%s/%s'", jar.getName(), path));
95		}
96	0	} catch (SecurityException ex) {
97	0	LOGGER.warn("Unable to parse pom '{}' in jar '{}'; invalid signature", path, jar.getName());
98	0	LOGGER.debug("", ex);
99	0	throw new AnalysisException(ex);
100	0	} catch (IOException ex) {
101	0	LOGGER.warn("Unable to parse pom '{}' in jar '{}' (IO Exception)", path, jar.getName());
102	0	LOGGER.debug("", ex);
103	0	throw new AnalysisException(ex);
104	0	} catch (Throwable ex) {
105	0	LOGGER.warn("Unexpected error during parsing of the pom '{}' in jar '{}'", path, jar.getName());
106	0	LOGGER.debug("", ex);
107	0	throw new AnalysisException(ex);
108	0	}
109		}
110	0	return model;
111		}
112
113		/**
114		* Reads in the pom file and adds elements as evidence to the given
115		* dependency.
116		*
117		* @param dependency the dependency being analyzed
118		* @param pomFile the pom file to read
119		* @throws AnalysisException is thrown if there is an exception parsing the
120		* pom
121		*/
122		public static void analyzePOM(Dependency dependency, File pomFile) throws AnalysisException {
123	0	final Model pom = PomUtils.readPom(pomFile);
124	0	JarAnalyzer.setPomEvidence(dependency, pom, null);
125	0	}
126		}