Coverage Report

Coverage Report - org.owasp.dependencycheck.suppression.SuppressionHandler

Classes in this File

Line Coverage

Branch Coverage

Complexity

SuppressionHandler

97%

40/41

80%

21/26

3.6

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.suppression;
 
 import java.util.ArrayList;
 import java.util.List;
 import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.helpers.DefaultHandler;
 
 /**
  * A handler to load suppression rules.
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
 public class SuppressionHandler extends DefaultHandler {
 
     /**
      * The suppress node, indicates the start of a new rule.
      */
     public static final String SUPPRESS = "suppress";
     /**
      * The file path element name.
      */
     public static final String FILE_PATH = "filePath";
     /**
      * The sha1 hash element name.
      */
     public static final String SHA1 = "sha1";
     /**
      * The CVE element name.
      */
     public static final String CVE = "cve";
     /**
      * The CPE element name.
      */
     public static final String CPE = "cpe";
     /**
      * The CWE element name.
      */
     public static final String CWE = "cwe";
     /**
      * The GAV element name.
      */
     public static final String GAV = "gav";
     /**
      * The cvssBelow element name.
      */
     public static final String CVSS_BELOW = "cvssBelow";
     /**
      * A list of suppression rules.
      */
     private List<SuppressionRule> suppressionRules = new ArrayList<SuppressionRule>();
 
     /**
      * Get the value of suppressionRules.
      *
      * @return the value of suppressionRules
      */
     public List<SuppressionRule> getSuppressionRules() {
         return suppressionRules;
     }
     /**
      * The current rule being read.
      */
     private SuppressionRule rule;
     /**
      * The attributes of the node being read.
      */
     private Attributes currentAttributes;
     /**
      * The current node text being extracted from the element.
      */
     private StringBuffer currentText;
 
     /**
      * Handles the start element event.
      *
      * @param uri the uri of the element being processed
      * @param localName the local name of the element being processed
      * @param qName the qName of the element being processed
      * @param attributes the attributes of the element being processed
      * @throws SAXException thrown if there is an exception processing
      */
     @Override
     public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
         currentAttributes = attributes;
         currentText = new StringBuffer();
         if (SUPPRESS.equals(qName)) {
             rule = new SuppressionRule();
         }
     }
 
     /**
      * Handles the end element event.
      *
      * @param uri the URI of the element
      * @param localName the local name of the element
      * @param qName the qName of the element
      * @throws SAXException thrown if there is an exception processing
      */
     @Override
     public void endElement(String uri, String localName, String qName) throws SAXException {
         if (SUPPRESS.equals(qName)) {
             suppressionRules.add(rule);
             rule = null;
         } else if (FILE_PATH.equals(qName)) {
             final PropertyType pt = processPropertyType();
             rule.setFilePath(pt);
         } else if (SHA1.equals(qName)) {
             rule.setSha1(currentText.toString());
         } else if (GAV.equals(qName)) {
             final PropertyType pt = processPropertyType();
             rule.setGav(pt);
         } else if (CPE.equals(qName)) {
             final PropertyType pt = processPropertyType();
             rule.addCpe(pt);
         } else if (CWE.equals(qName)) {
             rule.addCwe(currentText.toString());
         } else if (CVE.equals(qName)) {
             rule.addCve(currentText.toString());
         } else if (CVSS_BELOW.equals(qName)) {
             final float cvss = Float.parseFloat(currentText.toString());
             rule.addCvssBelow(cvss);
         }
     }
 
     /**
      * Collects the body text of the node being processed.
      *
      * @param ch the char array of text
      * @param start the start position to copy text from in the char array
      * @param length the number of characters to copy from the char array
      * @throws SAXException thrown if there is a parsing exception
      */
     @Override
     public void characters(char[] ch, int start, int length) throws SAXException {
         currentText.append(ch, start, length);
     }
 
     /**
      * Processes field members that have been collected during the characters and startElement method to construct a
      * PropertyType object.
      *
      * @return a PropertyType object
      */
     private PropertyType processPropertyType() {
         final PropertyType pt = new PropertyType();
         pt.setValue(currentText.toString());
         if (currentAttributes != null && currentAttributes.getLength() > 0) {
             final String regex = currentAttributes.getValue("regex");
             if (regex != null) {
                 pt.setRegex(Boolean.parseBoolean(regex));
             }
             final String caseSensitive = currentAttributes.getValue("caseSensitive");
             if (caseSensitive != null) {
                 pt.setCaseSensitive(Boolean.parseBoolean(caseSensitive));
             }
         }
         return pt;
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.suppression;
19
20		import java.util.ArrayList;
21		import java.util.List;
22		import org.xml.sax.Attributes;
23		import org.xml.sax.SAXException;
24		import org.xml.sax.helpers.DefaultHandler;
25
26		/**
27		* A handler to load suppression rules.
28		*
29		* @author Jeremy Long <jeremy.long@owasp.org>
30		*/
31	36	public class SuppressionHandler extends DefaultHandler {
32
33		/**
34		* The suppress node, indicates the start of a new rule.
35		*/
36		public static final String SUPPRESS = "suppress";
37		/**
38		* The file path element name.
39		*/
40		public static final String FILE_PATH = "filePath";
41		/**
42		* The sha1 hash element name.
43		*/
44		public static final String SHA1 = "sha1";
45		/**
46		* The CVE element name.
47		*/
48		public static final String CVE = "cve";
49		/**
50		* The CPE element name.
51		*/
52		public static final String CPE = "cpe";
53		/**
54		* The CWE element name.
55		*/
56		public static final String CWE = "cwe";
57		/**
58		* The GAV element name.
59		*/
60		public static final String GAV = "gav";
61		/**
62		* The cvssBelow element name.
63		*/
64		public static final String CVSS_BELOW = "cvssBelow";
65		/**
66		* A list of suppression rules.
67		*/
68	36	private List<SuppressionRule> suppressionRules = new ArrayList<SuppressionRule>();
69
70		/**
71		* Get the value of suppressionRules.
72		*
73		* @return the value of suppressionRules
74		*/
75		public List<SuppressionRule> getSuppressionRules() {
76		return suppressionRules;
77		}
78		/**
79		* The current rule being read.
80		*/
81		private SuppressionRule rule;
82		/**
83		* The attributes of the node being read.
84		*/
85		private Attributes currentAttributes;
86		/**
87		* The current node text being extracted from the element.
88		*/
89		private StringBuffer currentText;
90
91		/**
92		* Handles the start element event.
93		*
94		* @param uri the uri of the element being processed
95		* @param localName the local name of the element being processed
96		* @param qName the qName of the element being processed
97		* @param attributes the attributes of the element being processed
98		* @throws SAXException thrown if there is an exception processing
99		*/
100		@Override
101		public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
102	540	currentAttributes = attributes;
103	540	currentText = new StringBuffer();
104	540	if (SUPPRESS.equals(qName)) {
105	120	rule = new SuppressionRule();
106		}
107	540	}
108
109		/**
110		* Handles the end element event.
111		*
112		* @param uri the URI of the element
113		* @param localName the local name of the element
114		* @param qName the qName of the element
115		* @throws SAXException thrown if there is an exception processing
116		*/
117		@Override
118		public void endElement(String uri, String localName, String qName) throws SAXException {
119	540	if (SUPPRESS.equals(qName)) {
120	120	suppressionRules.add(rule);
121	120	rule = null;
122	420	} else if (FILE_PATH.equals(qName)) {
123	48	final PropertyType pt = processPropertyType();
124	48	rule.setFilePath(pt);
125	48	} else if (SHA1.equals(qName)) {
126	16	rule.setSha1(currentText.toString());
127	356	} else if (GAV.equals(qName)) {
128	40	final PropertyType pt = processPropertyType();
129	40	rule.setGav(pt);
130	40	} else if (CPE.equals(qName)) {
131	112	final PropertyType pt = processPropertyType();
132	112	rule.addCpe(pt);
133	112	} else if (CWE.equals(qName)) {
134	0	rule.addCwe(currentText.toString());
135	204	} else if (CVE.equals(qName)) {
136	32	rule.addCve(currentText.toString());
137	172	} else if (CVSS_BELOW.equals(qName)) {
138	16	final float cvss = Float.parseFloat(currentText.toString());
139	16	rule.addCvssBelow(cvss);
140		}
141	540	}
142
143		/**
144		* Collects the body text of the node being processed.
145		*
146		* @param ch the char array of text
147		* @param start the start position to copy text from in the char array
148		* @param length the number of characters to copy from the char array
149		* @throws SAXException thrown if there is a parsing exception
150		*/
151		@Override
152		public void characters(char[] ch, int start, int length) throws SAXException {
153	1184	currentText.append(ch, start, length);
154	1184	}
155
156		/**
157		* Processes field members that have been collected during the characters and startElement method to construct a
158		* PropertyType object.
159		*
160		* @return a PropertyType object
161		*/
162		private PropertyType processPropertyType() {
163	200	final PropertyType pt = new PropertyType();
164	200	pt.setValue(currentText.toString());
165	200	if (currentAttributes != null && currentAttributes.getLength() > 0) {
166	200	final String regex = currentAttributes.getValue("regex");
167	200	if (regex != null) {
168	200	pt.setRegex(Boolean.parseBoolean(regex));
169		}
170	200	final String caseSensitive = currentAttributes.getValue("caseSensitive");
171	200	if (caseSensitive != null) {
172	200	pt.setCaseSensitive(Boolean.parseBoolean(caseSensitive));
173		}
174		}
175	200	return pt;
176		}
177		}