@Override public boolean meetsCondition(HttpResponse _response) { if(_response==null || !_response.hasBody()) return false; boolean meets = false; Library backend_lib = (Library) JacksonUtil.asObject(_response.getBody(), Library.class); //int existing_constructs = backend_lib.countConstructTypes().countTotal(); constructs_count = (this.lib.getConstructs()==null ? 0 : this.lib.getConstructs().size()); ContentCondition c = new ContentCondition("\\\"countTotal\\\"\\s*:\\s*([\\d]*)", ContentCondition.Mode.LT_DOUBLE, Integer.toString(constructs_count)); if(c.meetsCondition(_response)) meets = true; else if(backend_lib.getLibraryId()==null && this.lib.getLibraryId()!=null){ meets = true; } return meets; }
/** * Returns a {@link Library} representing the analyzed Java archive. * @return * @throws FileAnalysisException */ public Library getLibrary() throws FileAnalysisException { final Library lib = new Library(this.getSHA1()); lib.setDigestAlgorithm(DigestAlgorithm.SHA1); lib.setConstructs(this.getSharedConstructs()); lib.setLibraryId(this.libraryId); final Set<Property> p = new HashSet<Property>(); if(this.jarWriter.getOriginalManifest()!=null) { for(Object key: this.jarWriter.getOriginalManifest().getMainAttributes().keySet()) { p.add(new Property(PropertySource.JAVA_MANIFEST, key.toString(), this.jarWriter.getOriginalManifest().getMainAttributes().get(key).toString())); } } lib.setProperties(p); return lib; }
/** * Returns a short or long string representation of the library. * @param _deep * @return */ public final String toString(boolean _deep) { final StringBuilder builder = new StringBuilder(); if(_deep) { builder.append("Library ").append(this.toString(false)).append(System.getProperty("line.separator")); for(ConstructId cid: this.getConstructs()) { builder.append(" ConstructId ").append(cid).append(System.getProperty("line.separator")); } } else { builder.append("[").append(this.getDigest()).append("]"); } return builder.toString(); } }
/** * Returns true if the library has a digest and a digest algorithm, false otherwise. * @return */ public boolean hasValidDigest() { return this.getDigest()!=null && this.getDigestAlgorithm()!=null; }
/** * Returns a {@link Library} representing the analyzed Java archive. * @return * @throws FileAnalysisException */ public Library getLibrary() throws FileAnalysisException { final Library lib = new Library(); if(this.getDigest()!=null) { lib.setDigest(this.getDigest()); lib.setDigestAlgorithm(DigestAlgorithm.MD5); } lib.setConstructs(this.getSharedConstructs()); // No properties are set return lib; }
/** * Filter the given packages according to whether the artifact name is (or is not, depending on the boolean flag) contained in the given filter. * @param _packages * @param _filter * @param _include * @return */ public static Set<PipInstalledPackage> filterUsingArtifact(Set<PipInstalledPackage> _packages, StringList _filter, boolean _include) { final Set<PipInstalledPackage> r = new HashSet<PipInstalledPackage>(); for(PipInstalledPackage p: _packages) { try { if(_include) { if(_filter.contains(p.getLibrary().getLibraryId().getArtifact())) r.add(p); } else { if(!_filter.contains(p.getLibrary().getLibraryId().getArtifact())) r.add(p); } } catch (FileAnalysisException e) { log.error("Error getting library ID of package [" + p + "]: " + e.getMessage(), e); } } return r; }
for (Artifact a : artifacts) { lib = new Library(); lib.setLibraryId(new LibraryId(a.getGroupId(), a.getArtifactId(), a.getVersion())); dep_for_path.put(a.getFile().toPath(), dep); getLog().info("Dependency [" + StringUtil.padLeft(++count, 4) + "]: Dependency [libid=" + dep.getLib().getLibraryId() + ", path " + a.getFile().getPath() + ", direct=" + direct_artifacts.contains(a) + ", scope=" + dep.getScope() + "] created for Maven artifact [g=" + a.getGroupId() + ", a=" + a.getArtifactId() + ", base version=" + a.getBaseVersion() + ", version=" + a.getVersion() + ", classifier=" + a.getClassifier() + "]"); getLog().info(" " + this.trailToString(a.getDependencyTrail(), " => "));
for(Property p: l.getProperties()){ if(p.getName().equals("Implementation-Version")){ canAnalyze = true; if(a.getLib()!=null && a.getLib().getDigest().equals(digest)){ continue bugLoop; if(a.getLib()!=null && a.getLib().getDigest().equals(digest)){ continue bugLoop; if( (a.getLibraryId()!=null && l.getLibraryId()==null && a.getLibraryId().getMvnGroup().equals("org.apache.tomcat") && a.getLibraryId().getVersion().equals(version)) || (a.getLibraryId()!=null && l.getLibraryId()!=null && a.getLibraryId().getMvnGroup().equals("org.apache.tomcat") && a.getLibraryId().getArtifact().startsWith("tomcat-") && l.getLibraryId().getMvnGroup().equals("p2.eclipse-plugin") && l.getLibraryId().getArtifact().substring(0,l.getLibraryId().getArtifact().lastIndexOf(".")).equals("org.apache") && l.getLibraryId().getArtifact().substring(l.getLibraryId().getArtifact().lastIndexOf(".")+1, l.getLibraryId().getArtifact().length()).equals(a.getLibraryId().getArtifact().substring(a.getLibraryId().getArtifact().lastIndexOf("-")+1,a.getLibraryId().getArtifact().length())) && a.getLibraryId().getVersion().equals(version)) ){
final AggregatedVuln new_av = new AggregatedVuln(v.getDep().getLib().getDigest(), v.getDep().getFilename(), v.getBug()); final AggregatedVuln added_av = this.update(this.vulns, new_av); if(v.getDep().getLib().getLibraryId()!=null && this.isAmongAggregatedModules(v.getDep().getLib().getLibraryId())) log.warn("Skipping [" + v.getBug().getBugId() + "] for dependency of " + prj + " on " + v.getDep().getLib().getLibraryId() + ", the latter is one of the aggregated modules"); else added_av.addAnalysis(v);
if(lib.hasValidDigest()) { BackendConnector.getInstance().uploadLibrary(lib); if(CoreConfiguration.isJarUploadEnabled()) BackendConnector.getInstance().uploadLibraryFile(lib.getDigest(), Paths.get(dep.getPath()));
private JsonObject createJsonResult(Library _lib, Boolean _affected){ JsonObject result = new JsonObject(); result.addProperty("source", "PROPAGATE_MANUAL"); result.addProperty("explanation", "Generated automatically by DigestAnalyzer on " + new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").format(new Date())); if(_affected!=null) result.addProperty("affected", _affected); JsonObject lib = new JsonObject(); lib.addProperty("digest", _lib.getDigest()); result.add("lib", lib); return result; }
@JsonProperty(value = "constructCounter") public int countConstructs() { return ( this.getConstructs()==null ? 0 : this.getConstructs().size()); }
try { if( (prj_package==null || !prj_package.equals(pack)) && pack.getLibrary().hasValidDigest() ) {
ja.setLibraryId(this.getMavenDependency(p).getLib().getLibraryId());
public Dependency getDependency(@NotNull String _sha1) { for(Dependency d: this.getDependencies()) { if(d.getLib()!=null && d.getLib().getDigest().equals(_sha1)) { return d; } } return null; } public Collection<Dependency> getDependencies() { return dependencies; }
@JsonProperty(value = "constructTypeCounters") public ConstructIdFilter countConstructTypes() { return new ConstructIdFilter(this.getConstructs()); }
/** * Returns a {@link Library} representing the analyzed archive. * @return * @throws FileAnalysisException */ public Library getLibrary() throws FileAnalysisException { Library lib = null; if(this.fileAnalyzer!=null && this.fileAnalyzer instanceof PythonArchiveAnalyzer) { lib = ((PythonArchiveAnalyzer)this.fileAnalyzer).getLibrary(); lib.setLibraryId(new LibraryId(this.getName(), this.getName(), this.getVersion())); } else { lib = new Library(); lib.setDigest(this.getDigest()); lib.setDigestAlgorithm(DigestAlgorithm.MD5); lib.setLibraryId(new LibraryId(this.getName(), this.getName(), this.getVersion())); if(this.getConstructs()!=null) lib.setConstructs(ConstructId.getSharedType(this.getConstructs().keySet())); } final Set<Property> p = new HashSet<Property>(); for(String key: this.getProperties().keySet()) { p.add(new Property(PropertySource.PIP, key, this.getProperties().get(key))); } lib.setProperties(p); return lib; }
.getVulnDeps(Boolean.valueOf(true)); for (VulnerableDependency vd : unconfirmedBugs) { if (vd.getDep().getLib().getLibraryId() != null) { if (!contained.contains(vd.getBug().getBugId())) { bugsToAnalyze.add(new Bug(vd.getBug().getBugId(), null));
private void uploadLibraryRequest(Library _lib) throws BackendConnectionException { final String sha1 = _lib.getDigest(); final String json = JacksonUtil.asJsonString(_lib);
for ( Library l : newApiLibraries ){ if ( l.getLibraryId() != null && !libraryIdsToCheck.contains(l.getLibraryId()) ){ libraryIdsToCheck.add(l.getLibraryId()); String key = l.getLibraryId().getMvnGroup()+":"+l.getLibraryId().getArtifact(); if ( !groupsArtifactsToCheck.containsKey(key) ){ groupsArtifactsToCheck.put(key, l.getLibraryId());