Merge pull request #13 from blackducksoftware/sb_doNotFollowSymLinks

Sb do not follow sym links

detectable/src/main/java/com/synopsys/integration/detectable/detectable/file/impl/SimpleFileFinder.java

@@ -25,24 +25,29 @@
 
 import java.io.File;
 import java.io.FilenameFilter;
+import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.List;
 import java.util.stream.Collectors;
-
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.apache.commons.io.filefilter.WildcardFileFilter;
 
 import com.synopsys.integration.detectable.detectable.file.FileFinder;
 
 public class SimpleFileFinder implements FileFinder {
-    private List<File> findFiles(final File directoryToSearch, final FilenameFilter filenameFilter, final int depth) {
-        List<File> foundFiles = new ArrayList<>();
 
+    private List<File> findFiles(final File directoryToSearch, final FilenameFilter filenameFilter, final int depth) {
+        final List<File> foundFiles = new ArrayList<>();
+        if (Files.isSymbolicLink(directoryToSearch.toPath())) {
+            return foundFiles;
+        }
         final File[] allFiles = directoryToSearch.listFiles();
         if (allFiles != null && depth > 0) {
             final List<File> subFiles = Arrays.stream(allFiles)
                                             .filter(File::isDirectory)
+                                            .filter(file -> !Files.isSymbolicLink(file.toPath()))
                                             .flatMap(file -> findFiles(file, filenameFilter, depth - 1).stream())
                                             .collect(Collectors.toList());
             foundFiles.addAll(subFiles);

detectable/src/test/java/com/synopsys/integration/detectable/file/impl/SimpleFileFinderTest.java

@@ -0,0 +1,59 @@
+package com.synopsys.integration.detectable.file.impl;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.io.File;
+import java.io.FilenameFilter;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Arrays;
+import java.util.List;
+
+import org.apache.commons.io.filefilter.CanReadFileFilter;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+import com.synopsys.integration.detectable.detectable.file.impl.SimpleFileFinder;
+
+
+public class SimpleFileFinderTest {
+
+    private static Path initialDirectoryPath;
+
+    @BeforeAll
+    public static void setup() throws IOException {
+        initialDirectoryPath = Files.createTempDirectory("DetectorFinderTest");
+    }
+
+    @AfterAll
+    public static void cleanup() {
+        initialDirectoryPath.toFile().delete();
+    }
+
+    @Test
+    public void testSymlinksNotFollowed() throws IOException {
+        // Create a subDir with a symlink that loops back to its parent
+        final File initialDirectory = initialDirectoryPath.toFile();
+        final File subDir = new File(initialDirectory, "sub");
+        subDir.mkdirs();
+        final File link = new File(subDir, "linkToInitial");
+        final Path linkPath = link.toPath();
+        Files.createSymbolicLink(linkPath, initialDirectoryPath);
+
+        final File regularDir = new File(subDir, "regularDir");
+        regularDir.mkdir();
+        final File regularFile = new File(subDir, "regularFile");
+        regularFile.createNewFile();
+
+        final SimpleFileFinder finder = new SimpleFileFinder();
+        final List<String> filenamePatterns = Arrays.asList("sub", "linkToInitial", "regularDir", "regularFile");
+        final List<File> foundFiles = finder.findFiles(initialDirectoryPath.toFile(), filenamePatterns, 10);
+
+        // make sure symlink not followed during dir traversal
+        assertEquals(4, foundFiles.size());
+    }
+
+
+}

detector/src/main/java/com/synopsys/integration/detector/finder/DetectorFinder.java

@@ -57,7 +57,7 @@ private Optional<DetectorEvaluationTree> findDetectors(final File directory, fin
             return Optional.empty();
         }
 
-        if (null == directory || !directory.isDirectory()) {
+        if (null == directory || Files.isSymbolicLink(directory.toPath()) || !directory.isDirectory()) {
             logger.trace("Skipping file as it is not a directory: " + directory.toString());
             return Optional.empty();
         }

detector/src/test/java/com/synopsys/integration/detector/finder/DetectorFinderTest.java

@@ -0,0 +1,67 @@
+package com.synopsys.integration.detector.finder;
+
+import static com.sun.javafx.PlatformUtil.isWindows;
+import static org.junit.Assert.assertEquals;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Optional;
+import java.util.Set;
+import java.util.function.Predicate;
+
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+import com.synopsys.integration.detector.base.DetectorEvaluationTree;
+import com.synopsys.integration.detector.rule.DetectorRule;
+import com.synopsys.integration.detector.rule.DetectorRuleSet;
+
+public class DetectorFinderTest {
+    private static Path initialDirectoryPath;
+
+    @BeforeAll
+    public static void setup() throws IOException {
+        initialDirectoryPath = Files.createTempDirectory("DetectorFinderTest");
+    }
+
+    @AfterAll
+    public static void cleanup() {
+        initialDirectoryPath.toFile().delete();
+    }
+
+    @Test
+    public void testSymLinksNotFollowed() throws IOException, DetectorFinderDirectoryListException {
+        org.junit.Assume.assumeFalse(isWindows());
+
+        // Create a subDir with a symlink that loops back to its parent
+        final File initialDirectory = initialDirectoryPath.toFile();
+        final File subDir = new File(initialDirectory, "sub");
+        subDir.mkdirs();
+        final File link = new File(subDir, "linkToInitial");
+        final Path linkPath = link.toPath();
+        Files.createSymbolicLink(linkPath, initialDirectoryPath);
+
+        final File regularDir = new File(subDir, "regularDir");
+        regularDir.mkdir();
+
+        final DetectorRuleSet detectorRuleSet = new DetectorRuleSet(new ArrayList<DetectorRule>(0), new HashMap<DetectorRule, Set<DetectorRule>>(0));
+        final Predicate<File> fileFilter = f -> { return true; };
+        final int maximumDepth = 10;
+        final DetectorFinderOptions options = new DetectorFinderOptions(fileFilter, maximumDepth);
+
+        final DetectorFinder finder = new DetectorFinder();
+        final Optional<DetectorEvaluationTree> tree = finder.findDetectors(initialDirectory, detectorRuleSet, options);
+
+        // make sure the symlink was omitted from results
+        final Set<DetectorEvaluationTree> subDirResults = tree.get().getChildren().iterator().next().getChildren();
+        assertEquals(1, subDirResults.size());
+        String subDirContentsName = subDirResults.iterator().next().getDirectory().getName();
+        assertEquals("regularDir", subDirContentsName);
+    }
+
+}

src/main/groovy/com/synopsys/integration/detect/tool/signaturescanner/BlackDuckSignatureScanner.java

@@ -40,7 +40,6 @@
 import com.synopsys.integration.detect.workflow.codelocation.CodeLocationNameManager;
 import com.synopsys.integration.detect.workflow.event.Event;
 import com.synopsys.integration.detect.workflow.event.EventSystem;
-import com.synopsys.integration.detect.workflow.file.DetectFileFinder;
 import com.synopsys.integration.detect.workflow.file.DirectoryManager;
 import com.synopsys.integration.detect.workflow.hub.ExclusionPatternCreator;
 import com.synopsys.integration.detect.workflow.status.SignatureScanStatus;

src/main/groovy/com/synopsys/integration/detect/tool/signaturescanner/OfflineBlackDuckSignatureScanner.java

@@ -28,7 +28,6 @@
 
 import com.synopsys.integration.detect.workflow.codelocation.CodeLocationNameManager;
 import com.synopsys.integration.detect.workflow.event.EventSystem;
-import com.synopsys.integration.detect.workflow.file.DetectFileFinder;
 import com.synopsys.integration.detect.workflow.file.DirectoryManager;
 import com.synopsys.integration.blackduck.codelocation.signaturescanner.ScanBatch;
 import com.synopsys.integration.blackduck.codelocation.signaturescanner.ScanBatchBuilder;

src/main/groovy/com/synopsys/integration/detect/tool/signaturescanner/OnlineBlackDuckSignatureScanner.java

@@ -30,7 +30,6 @@
 import com.synopsys.integration.detect.exception.DetectUserFriendlyException;
 import com.synopsys.integration.detect.workflow.codelocation.CodeLocationNameManager;
 import com.synopsys.integration.detect.workflow.event.EventSystem;
-import com.synopsys.integration.detect.workflow.file.DetectFileFinder;
 import com.synopsys.integration.detect.workflow.file.DirectoryManager;
 import com.synopsys.integration.blackduck.codelocation.CodeLocationCreationData;
 import com.synopsys.integration.blackduck.codelocation.CodeLocationCreationService;

src/main/groovy/com/synopsys/integration/detect/workflow/codelocation/CodeLocationNameGenerator.java

@@ -32,10 +32,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.synopsys.integration.detect.workflow.file.DetectFileFinder;
 import com.synopsys.integration.bdio.model.externalid.ExternalId;
 import com.synopsys.integration.detect.workflow.file.DetectFileUtils;
-import com.synopsys.integration.detector.base.DetectorType;
 
 public class CodeLocationNameGenerator {
     private final Logger logger = LoggerFactory.getLogger(CodeLocationNameGenerator.class);