Coverage Report

Coverage Report - org.owasp.dependencycheck.suppression.SuppressionHandler

Classes in this File

Line Coverage

Branch Coverage

Complexity

SuppressionHandler

97%

39/40

84%

22/26

3.6

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.suppression;
 
 import java.util.ArrayList;
 import java.util.List;
 import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.helpers.DefaultHandler;
 
 /**
  * A handler to load suppression rules.
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
 public class SuppressionHandler extends DefaultHandler {
 
     /**
      * The suppress node, indicates the start of a new rule.
      */
     public static final String SUPPRESS = "suppress";
     /**
      * The file path element name.
      */
     public static final String FILE_PATH = "filePath";
     /**
      * The sha1 hash element name.
      */
     public static final String SHA1 = "sha1";
     /**
      * The CVE element name.
      */
     public static final String CVE = "cve";
     /**
      * The CPE element name.
      */
     public static final String CPE = "cpe";
     /**
      * The CWE element name.
      */
     public static final String CWE = "cwe";
     /**
      * The cvssBelow element name.
      */
     public static final String CVSS_BELOW = "cvssBelow";
     /**
      * A list of suppression rules.
      */
     private List<SuppressionRule> suppressionRules = new ArrayList<SuppressionRule>();
 
     /**
      * Get the value of suppressionRules.
      *
      * @return the value of suppressionRules
      */
     public List<SuppressionRule> getSuppressionRules() {
         return suppressionRules;
     }
     /**
      * The current rule being read.
      */
     private SuppressionRule rule;
     /**
      * The attributes of the node being read.
      */
     private Attributes currentAttributes;
     /**
      * The current node text being extracted from the element.
      */
     private StringBuffer currentText;
 
     /**
      * Handles the start element event.
      *
      * @param uri the uri of the element being processed
      * @param localName the local name of the element being processed
      * @param qName the qName of the element being processed
      * @param attributes the attributes of the element being processed
      * @throws SAXException thrown if there is an exception processing
      */
     @Override
     public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
         currentAttributes = null;
         currentText = new StringBuffer();
 
         if (SUPPRESS.equals(qName)) {
             rule = new SuppressionRule();
         } else if (FILE_PATH.equals(qName)) {
             currentAttributes = attributes;
         }
     }
 
     /**
      * Handles the end element event.
      *
      * @param uri the URI of the element
      * @param localName the local name of the element
      * @param qName the qName of the element
      * @throws SAXException thrown if there is an exception processing
      */
     @Override
     public void endElement(String uri, String localName, String qName) throws SAXException {
         if (SUPPRESS.equals(qName)) {
             suppressionRules.add(rule);
             rule = null;
         } else if (FILE_PATH.equals(qName)) {
             final PropertyType pt = processPropertyType();
             rule.setFilePath(pt);
         } else if (SHA1.equals(qName)) {
             rule.setSha1(currentText.toString());
         } else if (CPE.equals(qName)) {
             final PropertyType pt = processPropertyType();
             rule.addCpe(pt);
         } else if (CWE.equals(qName)) {
             rule.addCwe(currentText.toString());
         } else if (CVE.equals(qName)) {
             rule.addCve(currentText.toString());
         } else if (CVSS_BELOW.equals(qName)) {
             final float cvss = Float.parseFloat(currentText.toString());
             rule.addCvssBelow(cvss);
         }
     }
 
     /**
      * Collects the body text of the node being processed.
      *
      * @param ch the char array of text
      * @param start the start position to copy text from in the char array
      * @param length the number of characters to copy from the char array
      * @throws SAXException thrown if there is a parsing exception
      */
     @Override
     public void characters(char[] ch, int start, int length) throws SAXException {
         currentText.append(ch, start, length);
     }
 
     /**
      * Processes field members that have been collected during the characters and startElement method to construct a
      * PropertyType object.
      *
      * @return a PropertyType object
      */
     private PropertyType processPropertyType() {
         final PropertyType pt = new PropertyType();
         pt.setValue(currentText.toString());
         if (currentAttributes != null && currentAttributes.getLength() > 0) {
             final String regex = currentAttributes.getValue("regex");
             if (regex != null) {
                 pt.setRegex(Boolean.parseBoolean(regex));
             }
             final String caseSensitive = currentAttributes.getValue("caseSensitive");
             if (regex != null) {
                 pt.setCaseSensitive(Boolean.parseBoolean(caseSensitive));
             }
         }
         return pt;
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.suppression;
19
20		import java.util.ArrayList;
21		import java.util.List;
22		import org.xml.sax.Attributes;
23		import org.xml.sax.SAXException;
24		import org.xml.sax.helpers.DefaultHandler;
25
26		/**
27		* A handler to load suppression rules.
28		*
29		* @author Jeremy Long <jeremy.long@owasp.org>
30		*/
31	2	public class SuppressionHandler extends DefaultHandler {
32
33		/**
34		* The suppress node, indicates the start of a new rule.
35		*/
36		public static final String SUPPRESS = "suppress";
37		/**
38		* The file path element name.
39		*/
40		public static final String FILE_PATH = "filePath";
41		/**
42		* The sha1 hash element name.
43		*/
44		public static final String SHA1 = "sha1";
45		/**
46		* The CVE element name.
47		*/
48		public static final String CVE = "cve";
49		/**
50		* The CPE element name.
51		*/
52		public static final String CPE = "cpe";
53		/**
54		* The CWE element name.
55		*/
56		public static final String CWE = "cwe";
57		/**
58		* The cvssBelow element name.
59		*/
60		public static final String CVSS_BELOW = "cvssBelow";
61		/**
62		* A list of suppression rules.
63		*/
64	2	private List<SuppressionRule> suppressionRules = new ArrayList<SuppressionRule>();
65
66		/**
67		* Get the value of suppressionRules.
68		*
69		* @return the value of suppressionRules
70		*/
71		public List<SuppressionRule> getSuppressionRules() {
72		return suppressionRules;
73		}
74		/**
75		* The current rule being read.
76		*/
77		private SuppressionRule rule;
78		/**
79		* The attributes of the node being read.
80		*/
81		private Attributes currentAttributes;
82		/**
83		* The current node text being extracted from the element.
84		*/
85		private StringBuffer currentText;
86
87		/**
88		* Handles the start element event.
89		*
90		* @param uri the uri of the element being processed
91		* @param localName the local name of the element being processed
92		* @param qName the qName of the element being processed
93		* @param attributes the attributes of the element being processed
94		* @throws SAXException thrown if there is an exception processing
95		*/
96		@Override
97		public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
98	40	currentAttributes = null;
99	40	currentText = new StringBuffer();
100
101	40	if (SUPPRESS.equals(qName)) {
102	10	rule = new SuppressionRule();
103	30	} else if (FILE_PATH.equals(qName)) {
104	6	currentAttributes = attributes;
105		}
106	40	}
107
108		/**
109		* Handles the end element event.
110		*
111		* @param uri the URI of the element
112		* @param localName the local name of the element
113		* @param qName the qName of the element
114		* @throws SAXException thrown if there is an exception processing
115		*/
116		@Override
117		public void endElement(String uri, String localName, String qName) throws SAXException {
118	40	if (SUPPRESS.equals(qName)) {
119	10	suppressionRules.add(rule);
120	10	rule = null;
121	30	} else if (FILE_PATH.equals(qName)) {
122	6	final PropertyType pt = processPropertyType();
123	6	rule.setFilePath(pt);
124	6	} else if (SHA1.equals(qName)) {
125	2	rule.setSha1(currentText.toString());
126	22	} else if (CPE.equals(qName)) {
127	4	final PropertyType pt = processPropertyType();
128	4	rule.addCpe(pt);
129	4	} else if (CWE.equals(qName)) {
130	0	rule.addCwe(currentText.toString());
131	18	} else if (CVE.equals(qName)) {
132	4	rule.addCve(currentText.toString());
133	14	} else if (CVSS_BELOW.equals(qName)) {
134	2	final float cvss = Float.parseFloat(currentText.toString());
135	2	rule.addCvssBelow(cvss);
136		}
137	40	}
138
139		/**
140		* Collects the body text of the node being processed.
141		*
142		* @param ch the char array of text
143		* @param start the start position to copy text from in the char array
144		* @param length the number of characters to copy from the char array
145		* @throws SAXException thrown if there is a parsing exception
146		*/
147		@Override
148		public void characters(char[] ch, int start, int length) throws SAXException {
149	88	currentText.append(ch, start, length);
150	88	}
151
152		/**
153		* Processes field members that have been collected during the characters and startElement method to construct a
154		* PropertyType object.
155		*
156		* @return a PropertyType object
157		*/
158		private PropertyType processPropertyType() {
159	10	final PropertyType pt = new PropertyType();
160	10	pt.setValue(currentText.toString());
161	10	if (currentAttributes != null && currentAttributes.getLength() > 0) {
162	6	final String regex = currentAttributes.getValue("regex");
163	6	if (regex != null) {
164	6	pt.setRegex(Boolean.parseBoolean(regex));
165		}
166	6	final String caseSensitive = currentAttributes.getValue("caseSensitive");
167	6	if (regex != null) {
168	6	pt.setCaseSensitive(Boolean.parseBoolean(caseSensitive));
169		}
170		}
171	10	return pt;
172		}
173		}