DependencyBundlingAnalyzer.java

/*
 * This file is part of dependency-check-core.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
 */
package org.owasp.dependencycheck.analyzer;

import com.github.packageurl.MalformedPackageURLException;
import org.semver4j.Semver;
import org.semver4j.SemverException;
import java.io.File;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import static java.util.stream.Collectors.toSet;
import javax.annotation.concurrent.ThreadSafe;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.naming.Identifier;
import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * <p>
 * This analyzer ensures dependencies that should be grouped together, to remove
 * excess noise from the report, are grouped. An example would be Spring, Spring
 * Beans, Spring MVC, etc. If they are all for the same version and have the
 * same relative path then these should be grouped into a single dependency
 * under the core/main library.</p>
 * <p>
 * Note, this grouping only works on dependencies with identified CVE
 * entries</p>
 *
 * @author Jeremy Long
 */
@ThreadSafe
public class DependencyBundlingAnalyzer extends AbstractDependencyComparingAnalyzer {

    /**
     * The Logger.
     */
    private static final Logger LOGGER = LoggerFactory.getLogger(DependencyBundlingAnalyzer.class);

    /**
     * A pattern for obtaining the first part of a filename.
     */
    private static final Pattern STARTING_TEXT_PATTERN = Pattern.compile("^[a-zA-Z0-9]*");

    /**
     * The name of the analyzer.
     */
    private static final String ANALYZER_NAME = "Dependency Bundling Analyzer";
    /**
     * The phase that this analyzer is intended to run in.
     */
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.FINAL;

    /**
     * Returns the name of the analyzer.
     *
     * @return the name of the analyzer.
     */
    @Override
    public String getName() {
        return ANALYZER_NAME;
    }

    /**
     * Returns the phase that the analyzer is intended to run in.
     *
     * @return the phase that the analyzer is intended to run in.
     */
    @Override
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    /**
     * <p>
     * Returns the setting key to determine if the analyzer is enabled.</p>
     *
     * @return the key for the analyzer's enabled property
     */
    @Override
    protected String getAnalyzerEnabledSettingKey() {
        return Settings.KEYS.ANALYZER_DEPENDENCY_BUNDLING_ENABLED;
    }

    /**
     * Evaluates the dependencies
     *
     * @param dependency a dependency to compare
     * @param nextDependency a dependency to compare
     * @param dependenciesToRemove a set of dependencies that will be removed
     * @return true if a dependency is removed; otherwise false
     */
    @Override
    protected boolean evaluateDependencies(final Dependency dependency, final Dependency nextDependency, final Set<Dependency> dependenciesToRemove) {
        if (hashesMatch(dependency, nextDependency)) {
            if (!containedInWar(dependency.getFilePath())
                    && !containedInWar(nextDependency.getFilePath())) {
                if (firstPathIsShortest(dependency.getFilePath(), nextDependency.getFilePath())) {
                    mergeDependencies(dependency, nextDependency, dependenciesToRemove);
                } else {
                    mergeDependencies(nextDependency, dependency, dependenciesToRemove);
                    return true; //since we merged into the next dependency - skip forward to the next in mainIterator
                }
            }
        } else if (isShadedJar(dependency, nextDependency)) {
            if (dependency.getFileName().toLowerCase().endsWith("pom.xml")) {
                mergeDependencies(nextDependency, dependency, dependenciesToRemove);
                nextDependency.removeRelatedDependencies(dependency);
                return true;
            } else {
                mergeDependencies(dependency, nextDependency, dependenciesToRemove);
                dependency.removeRelatedDependencies(nextDependency);
            }
        } else if (isWebJar(dependency, nextDependency)) {
            if (dependency.getFileName().toLowerCase().endsWith(".js")) {
                mergeDependencies(nextDependency, dependency, dependenciesToRemove, true);
                nextDependency.removeRelatedDependencies(dependency);
                return true;
            } else {
                mergeDependencies(dependency, nextDependency, dependenciesToRemove, true);
                dependency.removeRelatedDependencies(nextDependency);
            }
        } else if (cpeIdentifiersMatch(dependency, nextDependency)
                && hasSameBasePath(dependency, nextDependency)
                && vulnerabilitiesMatch(dependency, nextDependency)
                && fileNameMatch(dependency, nextDependency)) {
            if (isCore(dependency, nextDependency)) {
                mergeDependencies(dependency, nextDependency, dependenciesToRemove);
            } else {
                mergeDependencies(nextDependency, dependency, dependenciesToRemove);
                return true; //since we merged into the next dependency - skip forward to the next in mainIterator
            }
        } else if (ecosystemIs(AbstractNpmAnalyzer.NPM_DEPENDENCY_ECOSYSTEM, dependency, nextDependency)
                && namesAreEqual(dependency, nextDependency)
                && npmVersionsMatch(dependency.getVersion(), nextDependency.getVersion())) {

            if (!dependency.isVirtual()) {
                DependencyMergingAnalyzer.mergeDependencies(dependency, nextDependency, dependenciesToRemove);
            } else {
                DependencyMergingAnalyzer.mergeDependencies(nextDependency, dependency, dependenciesToRemove);
                return true;
            }
        }
        return false;
    }

    /**
     * Adds the relatedDependency to the dependency's related dependencies.
     *
     * @param dependency the main dependency
     * @param relatedDependency a collection of dependencies to be removed from
     * the main analysis loop, this is the source of dependencies to remove
     * @param dependenciesToRemove a collection of dependencies that will be
     * removed from the main analysis loop, this function adds to this
     * collection
     */
    public static void mergeDependencies(final Dependency dependency,
            final Dependency relatedDependency, final Set<Dependency> dependenciesToRemove) {
        mergeDependencies(dependency, relatedDependency, dependenciesToRemove, false);
    }

    /**
     * Adds the relatedDependency to the dependency's related dependencies.
     *
     * @param dependency the main dependency
     * @param relatedDependency a collection of dependencies to be removed from
     * the main analysis loop, this is the source of dependencies to remove
     * @param dependenciesToRemove a collection of dependencies that will be
     * removed from the main analysis loop, this function adds to this
     * collection
     * @param copyVulnsAndIds whether or not identifiers and vulnerabilities are
     * copied
     */
    public static void mergeDependencies(final Dependency dependency,
            final Dependency relatedDependency, final Set<Dependency> dependenciesToRemove,
            final boolean copyVulnsAndIds) {
        dependency.addRelatedDependency(relatedDependency);
        relatedDependency.getRelatedDependencies()
                .forEach(dependency::addRelatedDependency);
        relatedDependency.clearRelatedDependencies();

        if (copyVulnsAndIds) {
            relatedDependency.getSoftwareIdentifiers()
                    .forEach(dependency::addSoftwareIdentifier);
            relatedDependency.getVulnerableSoftwareIdentifiers()
                    .forEach(dependency::addVulnerableSoftwareIdentifier);
            relatedDependency.getVulnerabilities()
                    .forEach(dependency::addVulnerability);
        }
        //TODO this null check was added for #1296 - but I believe this to be related to virtual dependencies
        //  we may want to merge project references on virtual dependencies...
        if (dependency.getSha1sum() != null && dependency.getSha1sum().equals(relatedDependency.getSha1sum())) {
            dependency.addAllProjectReferences(relatedDependency.getProjectReferences());
            dependency.addAllIncludedBy(relatedDependency.getIncludedBy());
        }
        if (dependenciesToRemove != null) {
            dependenciesToRemove.add(relatedDependency);
        }
    }

    /**
     * Attempts to trim a maven repo to a common base path. This is typically
     * [drive]\[repo_location]\repository\[path1]\[path2].
     *
     * @param path the path to trim
     * @param repo the name of the local maven repository
     * @return a string representing the base path.
     */
    private String getBaseRepoPath(final String path, final String repo) {
        int pos = path.indexOf(repo + File.separator) + repo.length() + 1;
        if (pos < repo.length() + 1) {
            return path;
        }
        int tmp = path.indexOf(File.separator, pos);
        if (tmp <= 0) {
            return path;
        }
        pos = tmp + 1;
        tmp = path.indexOf(File.separator, pos);
        if (tmp > 0) {
            pos = tmp + 1;
        }
        return path.substring(0, pos);
    }

    /**
     * Returns true if the file names (and version if it exists) of the two
     * dependencies are sufficiently similar.
     *
     * @param dependency1 a dependency2 to compare
     * @param dependency2 a dependency2 to compare
     * @return true if the identifiers in the two supplied dependencies are
     * equal
     */
    private boolean fileNameMatch(Dependency dependency1, Dependency dependency2) {
        if (dependency1 == null || dependency1.getFileName() == null
                || dependency2 == null || dependency2.getFileName() == null) {
            return false;
        }
        final String fileName1 = dependency1.getActualFile().getName();
        final String fileName2 = dependency2.getActualFile().getName();

        //version check
        final DependencyVersion version1 = DependencyVersionUtil.parseVersion(fileName1);
        final DependencyVersion version2 = DependencyVersionUtil.parseVersion(fileName2);
        if (version1 != null && version2 != null && !version1.equals(version2)) {
            return false;
        }

        //filename check
        final Matcher match1 = STARTING_TEXT_PATTERN.matcher(fileName1);
        final Matcher match2 = STARTING_TEXT_PATTERN.matcher(fileName2);
        if (match1.find() && match2.find()) {
            return match1.group().equals(match2.group());
        }

        return false;
    }

    /**
     * Returns true if the CPE identifiers in the two supplied dependencies are
     * equal.
     *
     * @param dependency1 a dependency2 to compare
     * @param dependency2 a dependency2 to compare
     * @return true if the identifiers in the two supplied dependencies are
     * equal
     */
    private boolean cpeIdentifiersMatch(Dependency dependency1, Dependency dependency2) {
        if (dependency1 == null || dependency1.getVulnerableSoftwareIdentifiers() == null
                || dependency2 == null || dependency2.getVulnerableSoftwareIdentifiers() == null) {
            return false;
        }
        boolean matches = false;
        final int cpeCount1 = dependency1.getVulnerableSoftwareIdentifiers().size();
        final int cpeCount2 = dependency2.getVulnerableSoftwareIdentifiers().size();
        if (cpeCount1 > 0 && cpeCount1 == cpeCount2) {
            for (Identifier i : dependency1.getVulnerableSoftwareIdentifiers()) {
                matches |= dependency2.getVulnerableSoftwareIdentifiers().contains(i);
                if (!matches) {
                    break;
                }
            }
        }
        LOGGER.trace("IdentifiersMatch={} ({}, {})", matches, dependency1.getFileName(), dependency2.getFileName());
        return matches;
    }

    /**
     * Returns true if the two dependencies have the same vulnerabilities.
     *
     * @param dependency1 a dependency2 to compare
     * @param dependency2 a dependency2 to compare
     * @return true if the two dependencies have the same vulnerabilities
     */
    private boolean vulnerabilitiesMatch(Dependency dependency1, Dependency dependency2) {
        final Set<Vulnerability> one = dependency1.getVulnerabilities();
        final Set<Vulnerability> two = dependency2.getVulnerabilities();
        return one != null && two != null
                && one.size() == two.size()
                && one.containsAll(two);
    }

    /**
     * Determines if the two dependencies have the same base path.
     *
     * @param dependency1 a Dependency object
     * @param dependency2 a Dependency object
     * @return true if the base paths of the dependencies are identical
     */
    private boolean hasSameBasePath(Dependency dependency1, Dependency dependency2) {
        if (dependency1 == null || dependency2 == null) {
            return false;
        }
        final File lFile = new File(dependency1.getFilePath());
        String left = lFile.getParent();
        final File rFile = new File(dependency2.getFilePath());
        String right = rFile.getParent();
        if (left == null) {
            return right == null;
        } else if (right == null) {
            return false;
        }
        if (left.equalsIgnoreCase(right)) {
            return true;
        }
        final String localRepo = getSettings().getString(Settings.KEYS.MAVEN_LOCAL_REPO);
        final Pattern p;
        if (localRepo == null) {
            p = Pattern.compile(".*[/\\\\](?<repo>repository|local-repo)[/\\\\].*");
        } else {
            final File f = new File(localRepo);
            final String dir = f.getName();
            p = Pattern.compile(".*[/\\\\](?<repo>repository|local-repo|" + Pattern.quote(dir) + ")[/\\\\].*");
        }
        final Matcher mleft = p.matcher(left);
        final Matcher mright = p.matcher(right);
        if (mleft.find() && mright.find()) {
            left = getBaseRepoPath(left, mleft.group("repo"));
            right = getBaseRepoPath(right, mright.group("repo"));
        }

        if (left.equalsIgnoreCase(right)) {
            return true;
        }
        //new code
        for (Dependency child : dependency2.getRelatedDependencies()) {
            if (hasSameBasePath(child, dependency1)) {
                return true;
            }
        }
        return false;
    }

    /**
     * This is likely a very broken attempt at determining if the 'left'
     * dependency is the 'core' library in comparison to the 'right' library.
     *
     * @param left the dependency to test
     * @param right the dependency to test against
     * @return a boolean indicating whether or not the left dependency should be
     * considered the "core" version.
     */
    protected boolean isCore(Dependency left, Dependency right) {
        final String leftName = left.getFileName().toLowerCase();
        final String rightName = right.getFileName().toLowerCase();

        final boolean returnVal;
        //TODO - should we get rid of this merging? It removes a true BOM...

        if (left.isVirtual() && !right.isVirtual()) {
            returnVal = true;
        } else if (!left.isVirtual() && right.isVirtual()) {
            returnVal = false;
        } else if ((!rightName.matches(".*\\.(tar|tgz|gz|zip|ear|war|rpm).+") && leftName.matches(".*\\.(tar|tgz|gz|zip|ear|war|rpm).+"))
                || (rightName.contains("core") && !leftName.contains("core"))
                || (rightName.contains("kernel") && !leftName.contains("kernel"))
                || (rightName.contains("server") && !leftName.contains("server"))
                || (rightName.contains("project") && !leftName.contains("project"))
                || (rightName.contains("engine") && !leftName.contains("engine"))
                || (rightName.contains("akka-stream") && !leftName.contains("akka-stream"))
                || (rightName.contains("netty-transport") && !leftName.contains("netty-transport"))) {
            returnVal = false;
        } else if ((rightName.matches(".*\\.(tar|tgz|gz|zip|ear|war|rpm).+") && !leftName.matches(".*\\.(tar|tgz|gz|zip|ear|war|rpm).+"))
                || (!rightName.contains("core") && leftName.contains("core"))
                || (!rightName.contains("kernel") && leftName.contains("kernel"))
                || (!rightName.contains("server") && leftName.contains("server"))
                || (!rightName.contains("project") && leftName.contains("project"))
                || (!rightName.contains("engine") && leftName.contains("engine"))
                || (!rightName.contains("akka-stream") && leftName.contains("akka-stream"))
                || (!rightName.contains("netty-transport") && leftName.contains("netty-transport"))) {
            returnVal = true;
        } else {
            /*
             * considered splitting the names up and comparing the components,
             * but decided that the file name length should be sufficient as the
             * "core" component, if this follows a normal naming protocol should
             * be shorter:
             * axis2-saaj-1.4.1.jar
             * axis2-1.4.1.jar       <-----
             * axis2-kernel-1.4.1.jar
             */
            returnVal = leftName.length() <= rightName.length();
        }
        LOGGER.debug("IsCore={} ({}, {})", returnVal, left.getFileName(), right.getFileName());
        return returnVal;
    }

    /**
     * Compares the SHA1 hashes of two dependencies to determine if they are
     * equal.
     *
     * @param dependency1 a dependency object to compare
     * @param dependency2 a dependency object to compare
     * @return true if the sha1 hashes of the two dependencies match; otherwise
     * false
     */
    private boolean hashesMatch(Dependency dependency1, Dependency dependency2) {
        if (dependency1 == null || dependency2 == null || dependency1.getSha1sum() == null || dependency2.getSha1sum() == null) {
            return false;
        }
        return dependency1.getSha1sum().equals(dependency2.getSha1sum());
    }

    /**
     * Determines if a JS file is from a webjar dependency.
     *
     * @param dependency the first dependency to compare
     * @param nextDependency the second dependency to compare
     * @return <code>true</code> if the dependency is a web jar and the next
     * dependency is a JS file from the web jar; otherwise <code>false</code>
     */
    protected boolean isWebJar(Dependency dependency, Dependency nextDependency) {
        if (dependency == null || dependency.getFileName() == null
                || nextDependency == null || nextDependency.getFileName() == null
                || dependency.getSoftwareIdentifiers().isEmpty()
                || nextDependency.getSoftwareIdentifiers().isEmpty()) {
            return false;
        }
        final String mainName = dependency.getFileName().toLowerCase();
        final String nextName = nextDependency.getFileName().toLowerCase();
        if (mainName.endsWith(".jar") && nextName.endsWith(".js") && nextName.startsWith(mainName)) {
            return dependency.getSoftwareIdentifiers()
                    .stream().map(Identifier::getValue).collect(toSet())
                    .containsAll(nextDependency.getSoftwareIdentifiers().stream().map(this::identifierToWebJarForComparison).collect(toSet()));
        } else if (nextName.endsWith(".jar") && mainName.endsWith("js") && mainName.startsWith(nextName)) {
            return nextDependency.getSoftwareIdentifiers()
                    .stream().map(Identifier::getValue).collect(toSet())
                    .containsAll(dependency.getSoftwareIdentifiers().stream().map(this::identifierToWebJarForComparison).collect(toSet()));
        }
        return false;
    }

    /**
     * Attempts to convert a given JavaScript identifier to a web jar CPE.
     *
     * @param id a JavaScript CPE
     * @return a Maven CPE for a web jar if conversion is possible; otherwise
     * the original CPE is returned
     */
    private String identifierToWebJarForComparison(Identifier id) {
        if (id instanceof PurlIdentifier) {
            final PurlIdentifier pid = (PurlIdentifier) id;
            try {
                final Identifier nid = new PurlIdentifier("maven", "org.webjars", pid.getName(), pid.getVersion(), pid.getConfidence());
                return nid.getValue();
            } catch (MalformedPackageURLException ex) {
                LOGGER.debug("Unable to build webjar purl id", ex);
                return id.getValue();
            }
        } else {
            return id == null ? "" : id.getValue();
        }
    }

    /**
     * Determines if the jar is shaded and the created pom.xml identified the
     * same CPE as the jar - if so, the pom.xml dependency should be removed.
     *
     * @param dependency a dependency to check
     * @param nextDependency another dependency to check
     * @return true if on of the dependencies is a pom.xml and the identifiers
     * between the two collections match; otherwise false
     */
    protected boolean isShadedJar(Dependency dependency, Dependency nextDependency) {
        if (dependency == null || dependency.getFileName() == null
                || nextDependency == null || nextDependency.getFileName() == null
                || dependency.getSoftwareIdentifiers().isEmpty()
                || nextDependency.getSoftwareIdentifiers().isEmpty()) {
            return false;
        }
        final String mainName = dependency.getFileName().toLowerCase();
        final String nextName = nextDependency.getFileName().toLowerCase();
        if (mainName.endsWith(".jar") && nextName.endsWith("pom.xml")) {
            return dependency.getSoftwareIdentifiers().containsAll(nextDependency.getSoftwareIdentifiers());
        } else if (nextName.endsWith(".jar") && mainName.endsWith("pom.xml")) {
            return nextDependency.getSoftwareIdentifiers().containsAll(dependency.getSoftwareIdentifiers());
        }
        return false;
    }

    /**
     * Determines which path is shortest; if path lengths are equal then we use
     * compareTo of the string method to determine if the first path is smaller.
     *
     * @param left the first path to compare
     * @param right the second path to compare
     * @return <code>true</code> if the leftPath is the shortest; otherwise
     * <code>false</code>
     */
    public static boolean firstPathIsShortest(String left, String right) {
        if (left.contains("dctemp") && !right.contains("dctemp")) {
            return false;
        }
        final String leftPath = left.replace('\\', '/');
        final String rightPath = right.replace('\\', '/');

        final int leftCount = countChar(leftPath, '/');
        final int rightCount = countChar(rightPath, '/');
        if (leftCount == rightCount) {
            return leftPath.compareTo(rightPath) <= 0;
        } else {
            return leftCount < rightCount;
        }
    }

    /**
     * Counts the number of times the character is present in the string.
     *
     * @param string the string to count the characters in
     * @param c the character to count
     * @return the number of times the character is present in the string
     */
    private static int countChar(String string, char c) {
        int count = 0;
        final int max = string.length();
        for (int i = 0; i < max; i++) {
            if (c == string.charAt(i)) {
                count++;
            }
        }
        return count;
    }

    /**
     * Checks if the given file path is contained within a war or ear file.
     *
     * @param filePath the file path to check
     * @return true if the path contains '.war\' or '.ear\'.
     */
    private boolean containedInWar(String filePath) {
        return filePath != null && filePath.matches(".*\\.(ear|war)[\\\\/].*");
    }

    /**
     * Determine if the dependency ecosystem is equal in the given dependencies.
     *
     * @param ecoSystem the ecosystem to validate against
     * @param dependency a dependency to compare
     * @param nextDependency a dependency to compare
     * @return true if the ecosystem is equal in both dependencies; otherwise
     * false
     */
    private boolean ecosystemIs(String ecoSystem, Dependency dependency, Dependency nextDependency) {
        return ecoSystem.equals(dependency.getEcosystem()) && ecoSystem.equals(nextDependency.getEcosystem());
    }

    /**
     * Determine if the dependency name is equal in the given dependencies.
     *
     * @param dependency a dependency to compare
     * @param nextDependency a dependency to compare
     * @return true if the name is equal in both dependencies; otherwise false
     */
    private boolean namesAreEqual(Dependency dependency, Dependency nextDependency) {
        return dependency.getName() != null && dependency.getName().equals(nextDependency.getName());
    }

    /**
     * Determine if the dependency version is equal in the given dependencies.
     * This method attempts to evaluate version range checks.
     *
     * @param current a dependency version to compare
     * @param next a dependency version to compare
     * @return true if the version is equal in both dependencies; otherwise
     * false
     */
    public static boolean npmVersionsMatch(String current, String next) {
        String left = current;
        String right = next;
        if (left == null || right == null) {
            return false;
        }
        if (left.equals(right) || "*".equals(left) || "*".equals(right)) {
            return true;
        }
        if (left.contains(" ")) { // we have a version string from package.json
            if (right.contains(" ")) { // we can't evaluate this ">=1.5.4 <2.0.0" vs "2 || 3"
                return false;
            }
            if (!right.matches("^\\d.*$")) {
                right = stripLeadingNonNumeric(right);
                if (right == null) {
                    return false;
                }
            }
            try {
                final Semver v = new Semver(right);
                return v.satisfies(left);
            } catch (SemverException ex) {
                LOGGER.trace("ignore", ex);
            }
        } else {
            if (!left.matches("^\\d.*$")) {
                left = stripLeadingNonNumeric(left);
                if (left == null || left.isEmpty()) {
                    return false;
                }
            }
            try {
                Semver v = new Semver(left);
                if (!right.isEmpty() && v.satisfies(right)) {
                    return true;
                }
                if (!right.contains(" ")) {
                    left = current;
                    right = stripLeadingNonNumeric(right);
                    if (right != null) {
                        v = new Semver(right);
                        return v.satisfies(left);
                    }
                }
            } catch (SemverException ex) {
                LOGGER.trace("ignore", ex);
            } catch (NullPointerException ex) {
                LOGGER.error("SemVer comparison error: left:\"{}\", right:\"{}\"", left, right);
                LOGGER.debug("SemVer comparison resulted in NPE", ex);
            }
        }
        return false;
    }

    /**
     * Strips leading non-numeric values from the start of the string. If no
     * numbers are present this will return null.
     *
     * @param str the string to modify
     * @return the string without leading non-numeric characters
     */
    private static String stripLeadingNonNumeric(String str) {
        for (int x = 0; x < str.length(); x++) {
            if (Character.isDigit(str.codePointAt(x))) {
                return str.substring(x);
            }
        }
        return null;
    }

}