GrokParser

/*
 * This file is part of dependency-check-core.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Copyright (c) 2019 Jeremy Long. All Rights Reserved.
 */
package org.owasp.dependencycheck.xml.assembly;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.nio.charset.StandardCharsets;
import javax.annotation.concurrent.ThreadSafe;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;

import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.XmlUtils;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;

/**
 * A simple validating parser for XML Grok Assembly XML files.
 *
 * @author Jeremy Long
 */
@ThreadSafe
public class GrokParser {

    /**
     * The logger.
     */
    private static final Logger LOGGER = LoggerFactory.getLogger(GrokParser.class);
    /**
     * The grok assembly schema file location.
     */
    public static final String GROK_SCHEMA = "schema/grok-assembly.1.0.xsd";

    /**
     * Parses the given XML file and returns the assembly data.
     *
     * @param file an XML file containing assembly data
     * @return the assembly data
     * @throws GrokParseException thrown if the XML file cannot be parsed
     */
    @SuppressFBWarnings(justification = "try with resources will clean up the input stream", value = {"OBL_UNSATISFIED_OBLIGATION"})
    public AssemblyData parse(File file) throws GrokParseException {
        try (FileInputStream fis = new FileInputStream(file)) {
            return parse(fis);
        } catch (IOException ex) {
            LOGGER.debug("", ex);
            throw new GrokParseException(ex);
        }
    }

    /**
     * Parses the given XML stream and returns the contained assembly data.
     *
     * @param inputStream an InputStream containing assembly data
     * @return the assembly data
     * @throws GrokParseException thrown if the XML cannot be parsed
     */
    public AssemblyData parse(InputStream inputStream) throws GrokParseException {
        try (InputStream schema = FileUtils.getResourceAsStream(GROK_SCHEMA)) {
            final GrokHandler handler = new GrokHandler();
            final SAXParser saxParser = XmlUtils.buildSecureSaxParser(schema);
            final XMLReader xmlReader = saxParser.getXMLReader();
            xmlReader.setErrorHandler(new GrokErrorHandler());
            xmlReader.setContentHandler(handler);
            try (Reader reader = new InputStreamReader(inputStream, StandardCharsets.UTF_8)) {
                final InputSource in = new InputSource(reader);
                xmlReader.parse(in);
                return handler.getAssemblyData();
            }
        } catch (ParserConfigurationException | IOException ex) {
            LOGGER.debug("", ex);
            throw new GrokParseException(ex);
        } catch (SAXException ex) {
            if (ex.getMessage().contains("Cannot find the declaration of element 'assembly'.")) {
                throw new GrokParseException("Malformed grok xml?", ex);
            } else {
                LOGGER.debug("", ex);
                throw new GrokParseException(ex);
            }
        }
    }
}