PEAnalyzer.java

  1. /*
  2.  * This file is part of dependency-check-core.
  3.  *
  4.  * Licensed under the Apache License, Version 2.0 (the "License");
  5.  * you may not use this file except in compliance with the License.
  6.  * You may obtain a copy of the License at
  7.  *
  8.  *     http://www.apache.org/licenses/LICENSE-2.0
  9.  *
  10.  * Unless required by applicable law or agreed to in writing, software
  11.  * distributed under the License is distributed on an "AS IS" BASIS,
  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13.  * See the License for the specific language governing permissions and
  14.  * limitations under the License.
  15.  *
  16.  * Copyright (c) 2020 Jeremy Long. All Rights Reserved.
  17.  */
  18. package org.owasp.dependencycheck.analyzer;

  20. import com.github.packageurl.MalformedPackageURLException;
  21. import java.io.File;
  22. import java.io.FileFilter;
  23. import java.io.IOException;

  25. import org.boris.pecoff4j.PE;
  26. import org.boris.pecoff4j.ResourceDirectory;
  27. import org.boris.pecoff4j.ResourceEntry;
  28. import org.boris.pecoff4j.constant.ResourceType;
  29. import org.owasp.dependencycheck.utils.PEParser;
  30. import org.boris.pecoff4j.io.ResourceParser;
  31. import org.boris.pecoff4j.resources.StringFileInfo;
  32. import org.boris.pecoff4j.resources.StringTable;
  33. import org.boris.pecoff4j.resources.VersionInfo;
  34. import org.boris.pecoff4j.util.ResourceHelper;

  36. import javax.annotation.concurrent.ThreadSafe;
  37. import org.apache.commons.lang3.StringUtils;

  39. import org.owasp.dependencycheck.Engine;
  40. import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
  41. import org.owasp.dependencycheck.data.nvd.ecosystem.Ecosystem;
  42. import org.owasp.dependencycheck.dependency.Confidence;
  43. import org.owasp.dependencycheck.dependency.Dependency;
  44. import org.owasp.dependencycheck.dependency.Evidence;
  45. import org.owasp.dependencycheck.dependency.EvidenceType;
  46. import org.owasp.dependencycheck.dependency.naming.GenericIdentifier;
  47. import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
  48. import org.owasp.dependencycheck.exception.InitializationException;
  49. import org.owasp.dependencycheck.utils.DependencyVersion;
  50. import org.owasp.dependencycheck.utils.DependencyVersionUtil;
  51. import org.owasp.dependencycheck.utils.FileFilterBuilder;
  52. import org.owasp.dependencycheck.utils.FileUtils;
  53. import org.owasp.dependencycheck.utils.Settings;
  54. import org.slf4j.Logger;
  55. import org.slf4j.LoggerFactory;

  57. /**
  58.  * Takes a dependency and analyze the PE header for meta data that can be used
  59.  * to identify the library.
  60.  *
  61.  * @author Amodio Pesce
  62.  */
  63. @ThreadSafe
  64. @Experimental
  65. public class PEAnalyzer extends AbstractFileTypeAnalyzer {

  67.     //<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
  68.     /**
  69.      * Logger
  70.      */
  71.     private static final Logger LOGGER = LoggerFactory.getLogger(AssemblyAnalyzer.class);
  72.     /**
  73.      * The name of the analyzer.
  74.      */
  75.     private static final String ANALYZER_NAME = "PE Analyzer";

  77.     /**
  78.      * The phase that this analyzer is intended to run in.
  79.      */
  80.     private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION2;
  81.     /**
  82.      * The set of file extensions supported by this analyzer.
  83.      */
  84.     private static final String[] EXTENSIONS = {"exe", "dll"};

  86.     /**
  87.      * The file filter used to determine which files this analyzer supports.
  88.      */
  89.     private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
  90.     /**
  91.      * A descriptor for the type of dependencies processed or added by this
  92.      * analyzer.
  93.      */
  94.     public static final String DEPENDENCY_ECOSYSTEM = Ecosystem.NATIVE;

  96.     /**
  97.      * Returns the name of the analyzer.
  98.      *
  99.      * @return the name of the analyzer.
  100.      */
  101.     @Override
  102.     public String getName() {
  103.         return ANALYZER_NAME;
  104.     }

  106.     /**
  107.      * Returns the phase that the analyzer is intended to run in.
  108.      *
  109.      * @return the phase that the analyzer is intended to run in.
  110.      */
  111.     @Override
  112.     public AnalysisPhase getAnalysisPhase() {
  113.         return ANALYSIS_PHASE;
  114.     }

  116.     /**
  117.      * <p>
  118.      * Returns the setting key to determine if the analyzer is enabled.</p>
  119.      *
  120.      * @return the key for the analyzer's enabled property
  121.      */
  122.     @Override
  123.     protected String getAnalyzerEnabledSettingKey() {
  124.         return Settings.KEYS.ANALYZER_PE_ENABLED;
  125.     }

  127.     /**
  128.      * Returns the FileFilter.
  129.      *
  130.      * @return the FileFilter
  131.      */
  132.     @Override
  133.     protected FileFilter getFileFilter() {
  134.         return FILTER;
  135.     }

  137.     @Override
  138.     protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException {
  139.         //nothing to prepare
  140.     }

  142.     /**
  143.      * Collects information about the file name.
  144.      *
  145.      * @param dependency the dependency to analyze.
  146.      * @param engine the engine that is scanning the dependencies
  147.      * @throws AnalysisException is thrown if there is an error analyzing the PE
  148.      * file.
  149.      */
  150.     @Override
  151.     protected void analyzeDependency(final Dependency dependency, final Engine engine) throws AnalysisException {
  152.         for (Evidence e : dependency.getEvidence()) {
  153.             if ("grokassembly".equals(e.getSource())) {
  154.                 LOGGER.debug("Skipping {} because it was already analyzed by the Assembly Analyzer", dependency.getFileName());
  155.                 return;
  156.             }
  157.         }
  158.         try {
  159.             final File fileToCheck = dependency.getActualFile();
  160.             final PE pe = PEParser.parse(fileToCheck.getPath());
  161.             final ResourceDirectory rd = pe.getImageData().getResourceTable();
  162.             final ResourceEntry[] entries = ResourceHelper.findResources(rd, ResourceType.VERSION_INFO);
  163.             for (ResourceEntry entrie : entries) {
  164.                 final byte[] data = entrie.getData();
  165.                 final VersionInfo version = ResourceParser.readVersionInfo(data);
  166.                 final StringFileInfo strings = version.getStringFileInfo();
  167.                 final StringTable table = strings.getTable(0);
  168.                 String pVersion = null;
  169.                 String fVersion = null;

  171.                 for (int j = 0; j < table.getCount(); j++) {
  172.                     final String key = table.getString(j).getKey();
  173.                     final String value = table.getString(j).getValue();
  174.                     switch (key) {
  175.                         case "ProductVersion":
  176.                             dependency.addEvidence(EvidenceType.VERSION, "PE Header", "ProductVersion", value, Confidence.HIGHEST);
  177.                             pVersion = value;
  178.                             break;
  179.                         case "CompanyName":
  180.                             dependency.addEvidence(EvidenceType.VENDOR, "PE Header", "CompanyName", value, Confidence.HIGHEST);
  181.                             break;
  182.                         case "FileVersion":
  183.                             dependency.addEvidence(EvidenceType.VERSION, "PE Header", "FileVersion", value, Confidence.HIGH);
  184.                             fVersion = value;
  185.                             break;
  186.                         case "InternalName":
  187.                             dependency.addEvidence(EvidenceType.PRODUCT, "PE Header", "InternalName", value, Confidence.MEDIUM);
  188.                             dependency.addEvidence(EvidenceType.VENDOR, "PE Header", "InternalName", value, Confidence.LOW);
  189.                             determineDependencyName(dependency, value);
  190.                             break;
  191.                         case "LegalCopyright":
  192.                             dependency.addEvidence(EvidenceType.VENDOR, "PE Header", "LegalCopyright", value, Confidence.HIGHEST);
  193.                             if (dependency.getLicense() != null && dependency.getLicense().length() > 0) {
  194.                                 dependency.setLicense(dependency.getLicense() + "/n/nLegal Copyright: " + value);
  195.                             } else {
  196.                                 dependency.setLicense("Legal Copyright: " + value);
  197.                             }
  198.                             break;
  199.                         case "OriginalFilename":
  200.                             dependency.addEvidence(EvidenceType.VERSION, "PE Header", "OriginalFilename", value, Confidence.MEDIUM);
  201.                             determineDependencyName(dependency, value);
  202.                             break;
  203.                         case "ProductName":
  204.                             dependency.addEvidence(EvidenceType.PRODUCT, "PE Header", "ProductName", value, Confidence.HIGHEST);
  205.                             dependency.addEvidence(EvidenceType.VENDOR, "PE Header", "ProductName", value, Confidence.MEDIUM);
  206.                             determineDependencyName(dependency, value);
  207.                             break;
  208.                         default:
  209.                             LOGGER.debug("PE Analyzer found `" + key + "` with a value:" + value);
  210.                     }
  211.                     if (fVersion != null && pVersion != null) {
  212.                         final int max = Math.min(fVersion.length(), pVersion.length());
  213.                         int pos;
  214.                         for (pos = 0; pos < max; pos++) {
  215.                             if (fVersion.charAt(pos) != pVersion.charAt(pos)) {
  216.                                 break;
  217.                             }
  218.                         }
  219.                         final DependencyVersion fileVersion = DependencyVersionUtil.parseVersion(fVersion, true);
  220.                         final DependencyVersion productVersion = DependencyVersionUtil.parseVersion(pVersion, true);
  221.                         if (pos > 0) {
  222.                             final DependencyVersion matchingVersion = DependencyVersionUtil.parseVersion(fVersion.substring(0, pos), true);
  223.                             if (fileVersion != null && fileVersion.toString().length() == fVersion.length()) {
  224.                                 if (matchingVersion != null && matchingVersion.getVersionParts().size() > 2) {
  225.                                     dependency.addEvidence(EvidenceType.VERSION, "PE Header", "FilteredVersion",
  226.                                             matchingVersion.toString(), Confidence.HIGHEST);
  227.                                     dependency.setVersion(matchingVersion.toString());
  228.                                 }
  229.                             }
  230.                         }
  231.                         if (dependency.getVersion() == null) {
  232.                             if (fVersion.length() >= pVersion.length()) {
  233.                                 if (fileVersion != null && fileVersion.toString().length() == fVersion.length()) {
  234.                                     dependency.setVersion(fileVersion.toString());
  235.                                 } else if (productVersion != null && productVersion.toString().length() == pVersion.length()) {
  236.                                     dependency.setVersion(productVersion.toString());
  237.                                 }
  238.                             } else {
  239.                                 if (productVersion != null && productVersion.toString().length() == pVersion.length()) {
  240.                                     dependency.setVersion(productVersion.toString());
  241.                                 } else if (fileVersion != null && fileVersion.toString().length() == fVersion.length()) {
  242.                                     dependency.setVersion(fileVersion.toString());
  243.                                 }
  244.                             }
  245.                         }
  246.                     } else if (pVersion != null) {
  247.                         final DependencyVersion productVersion = DependencyVersionUtil.parseVersion(pVersion, true);
  248.                         if (productVersion != null && dependency.getActualFile().getName().contains(productVersion.toString())) {
  249.                             dependency.setVersion(productVersion.toString());
  250.                         }
  251.                     } else if (fVersion != null) {
  252.                         final DependencyVersion fileVersion = DependencyVersionUtil.parseVersion(fVersion, true);
  253.                         if (fileVersion != null && dependency.getActualFile().getName().contains(fileVersion.toString())) {
  254.                             dependency.setVersion(fileVersion.toString());
  255.                         }
  256.                     }
  257.                     if (dependency.getName() != null && dependency.getVersion() != null) {
  258.                         try {
  259.                             dependency.addSoftwareIdentifier(new PurlIdentifier("generic", dependency.getName(),
  260.                                     dependency.getVersion(), Confidence.MEDIUM));
  261.                         } catch (MalformedPackageURLException ex) {
  262.                             LOGGER.debug("Unable to create Package URL Identifier for " + dependency.getName(), ex);
  263.                             dependency.addSoftwareIdentifier(new GenericIdentifier(
  264.                                     String.format("%s@%s", dependency.getName(), dependency.getVersion()),
  265.                                     Confidence.MEDIUM));
  266.                         }
  267.                     }
  268.                     if (dependency.getEcosystem() == null) {
  269.                         //this could be an assembly
  270.                         dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
  271.                     }
  272.                 }
  273.             }
  274.         } catch (IOException ex) {
  275.             throw new AnalysisException(ex);
  276.         }
  277.     }

  279.     private void determineDependencyName(final Dependency dependency, final String value) {
  280.         if (dependency.getName() == null && StringUtils.containsIgnoreCase(dependency.getActualFile().getName(), value)) {
  281.             final String ext = FileUtils.getFileExtension(value);
  282.             if (ext != null) {
  283.                 dependency.setName(value.substring(0, value.length() - ext.length() - 1));
  284.             } else {
  285.                 dependency.setName(value);
  286.             }
  287.         }
  288.     }
  289. }
Created with JaCoCo 0.8.12.202403310830