Coverage Report

Coverage Report - org.owasp.dependencycheck.analyzer.FileNameAnalyzer

Classes in this File

Line Coverage

Branch Coverage

Complexity

FileNameAnalyzer

85%

17/20

50%

5/10

2.667

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.analyzer;
 
 import java.io.File;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.utils.DependencyVersion;
 import org.owasp.dependencycheck.utils.DependencyVersionUtil;
 
 /**
  *
  * Takes a dependency and analyzes the filename and determines the hashes.
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
 public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
 
     //<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
     /**
      * The name of the analyzer.
      */
     private static final String ANALYZER_NAME = "File Name Analyzer";
     /**
      * The phase that this analyzer is intended to run in.
      */
     private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
 
     /**
      * Returns the name of the analyzer.
      *
      * @return the name of the analyzer.
      */
     public String getName() {
         return ANALYZER_NAME;
     }
 
     /**
      * Returns the phase that the analyzer is intended to run in.
      *
      * @return the phase that the analyzer is intended to run in.
      */
     public AnalysisPhase getAnalysisPhase() {
         return ANALYSIS_PHASE;
     }
     //</editor-fold>
 
     /**
      * Collects information about the file name.
      *
      * @param dependency the dependency to analyze.
      * @param engine the engine that is scanning the dependencies
      * @throws AnalysisException is thrown if there is an error reading the JAR file.
      */
     @Override
     public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
 
         //strip any path information that may get added by ArchiveAnalyzer, etc.
         final File f = new File(dependency.getFileName());
         String fileName = f.getName();
 
         //remove file extension
         final int pos = fileName.lastIndexOf(".");
         if (pos > 0) {
             fileName = fileName.substring(0, pos);
         }
 
         //add version evidence
         final DependencyVersion version = DependencyVersionUtil.parseVersion(fileName);
         if (version != null) {
             // If the version number is just a number like 2 or 23, reduce the confidence
             // a shade. This should hopefully correct for cases like log4j.jar or
             // struts2-core.jar
             if (version.getVersionParts() == null || version.getVersionParts().size() < 2) {
                 dependency.getVersionEvidence().addEvidence("file", "name",
                         version.toString(), Confidence.MEDIUM);
             } else {
                 dependency.getVersionEvidence().addEvidence("file", "name",
                         version.toString(), Confidence.HIGHEST);
             }
             dependency.getVersionEvidence().addEvidence("file", "name",
                     fileName, Confidence.MEDIUM);
         }
 
         //add as vendor and product evidence
         if (fileName.contains("-")) {
             dependency.getProductEvidence().addEvidence("file", "name",
                     fileName, Confidence.HIGHEST);
             dependency.getVendorEvidence().addEvidence("file", "name",
                     fileName, Confidence.HIGHEST);
         } else {
             dependency.getProductEvidence().addEvidence("file", "name",
                     fileName, Confidence.HIGH);
             dependency.getVendorEvidence().addEvidence("file", "name",
                     fileName, Confidence.HIGH);
         }
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.analyzer;
19
20		import java.io.File;
21		import org.owasp.dependencycheck.Engine;
22		import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
23		import org.owasp.dependencycheck.dependency.Confidence;
24		import org.owasp.dependencycheck.dependency.Dependency;
25		import org.owasp.dependencycheck.utils.DependencyVersion;
26		import org.owasp.dependencycheck.utils.DependencyVersionUtil;
27
28		/**
29		*
30		* Takes a dependency and analyzes the filename and determines the hashes.
31		*
32		* @author Jeremy Long <jeremy.long@owasp.org>
33		*/
34		public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
35
36		//<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
37		/**
38		* The name of the analyzer.
39		*/
40		private static final String ANALYZER_NAME = "File Name Analyzer";
41		/**
42		* The phase that this analyzer is intended to run in.
43		*/
44	2	private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
45
46		/**
47		* Returns the name of the analyzer.
48		*
49		* @return the name of the analyzer.
50		*/
51		public String getName() {
52	10	return ANALYZER_NAME;
53		}
54
55		/**
56		* Returns the phase that the analyzer is intended to run in.
57		*
58		* @return the phase that the analyzer is intended to run in.
59		*/
60		public AnalysisPhase getAnalysisPhase() {
61	4	return ANALYSIS_PHASE;
62		}
63		//</editor-fold>
64
65		/**
66		* Collects information about the file name.
67		*
68		* @param dependency the dependency to analyze.
69		* @param engine the engine that is scanning the dependencies
70		* @throws AnalysisException is thrown if there is an error reading the JAR file.
71		*/
72		@Override
73		public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
74
75		//strip any path information that may get added by ArchiveAnalyzer, etc.
76	8	final File f = new File(dependency.getFileName());
77	8	String fileName = f.getName();
78
79		//remove file extension
80	8	final int pos = fileName.lastIndexOf(".");
81	8	if (pos > 0) {
82	8	fileName = fileName.substring(0, pos);
83		}
84
85		//add version evidence
86	8	final DependencyVersion version = DependencyVersionUtil.parseVersion(fileName);
87	8	if (version != null) {
88		// If the version number is just a number like 2 or 23, reduce the confidence
89		// a shade. This should hopefully correct for cases like log4j.jar or
90		// struts2-core.jar
91	8	if (version.getVersionParts() == null \|\| version.getVersionParts().size() < 2) {
92	0	dependency.getVersionEvidence().addEvidence("file", "name",
93		version.toString(), Confidence.MEDIUM);
94		} else {
95	8	dependency.getVersionEvidence().addEvidence("file", "name",
96		version.toString(), Confidence.HIGHEST);
97		}
98	8	dependency.getVersionEvidence().addEvidence("file", "name",
99		fileName, Confidence.MEDIUM);
100		}
101
102		//add as vendor and product evidence
103	8	if (fileName.contains("-")) {
104	8	dependency.getProductEvidence().addEvidence("file", "name",
105		fileName, Confidence.HIGHEST);
106	8	dependency.getVendorEvidence().addEvidence("file", "name",
107		fileName, Confidence.HIGHEST);
108		} else {
109	0	dependency.getProductEvidence().addEvidence("file", "name",
110		fileName, Confidence.HIGH);
111	0	dependency.getVendorEvidence().addEvidence("file", "name",
112		fileName, Confidence.HIGH);
113		}
114	8	}
115		}