diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/SuppressionFile.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/SuppressionFile.java index 55f385986..b6d7d77a7 100644 --- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/SuppressionFile.java +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/SuppressionFile.java @@ -30,19 +30,10 @@ public class SuppressionFile { */ private String path; - /** - * Called by ant with the simple content of the suppressionFile xml element. - * - * @param text the simple content. - */ - //public final void addConfigured(String text) { - // this.path = text; - //} - /** * Sets the path to the suppression file. * - * @param path + * @param path the path to the suppression file */ public void setPath(String path) { this.path = path; @@ -51,7 +42,7 @@ public class SuppressionFile { /** * Gets the path to the suppression file. * - * @return the path. + * @return the path */ public String getPath() { return path; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index 5afc88720..326011543 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -42,8 +42,21 @@ import org.slf4j.LoggerFactory; import java.io.File; import java.io.FileFilter; import java.io.IOException; -import java.util.*; -import java.util.concurrent.*; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.CancellationException; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.Future; +import java.util.concurrent.TimeUnit; import static org.owasp.dependencycheck.analyzer.AnalysisPhase.*; @@ -97,20 +110,38 @@ public class Engine implements FileFilter, AutoCloseable { /** * Whether the database is required in this mode. */ - public final boolean requiresDatabase; + private final boolean databaseRequired; /** * The analysis phases included in the mode. */ - public final AnalysisPhase[] phases; + private final AnalysisPhase[] phases; + + /** + * Returns true if the database is required; otherwise false. + * + * @return whether or not the database is required + */ + public boolean isDatabseRequired() { + return databaseRequired; + } + + /** + * Returns the phases for this mode. + * + * @return the phases for this mode + */ + public AnalysisPhase[] getPhases() { + return phases; + } /** * Constructs a new mode. * - * @param requiresDatabase if the database is required for the mode + * @param databaseRequired if the database is required for the mode * @param phases the analysis phases to include in the mode */ - Mode(boolean requiresDatabase, AnalysisPhase... phases) { - this.requiresDatabase = requiresDatabase; + Mode(boolean databaseRequired, AnalysisPhase... phases) { + this.databaseRequired = databaseRequired; this.phases = phases; } } @@ -194,7 +225,7 @@ public class Engine implements FileFilter, AutoCloseable { * database */ protected final void initializeEngine() { - if (mode.requiresDatabase) { + if (mode.isDatabseRequired()) { ConnectionFactory.initialize(); } loadAnalyzers(); @@ -204,7 +235,7 @@ public class Engine implements FileFilter, AutoCloseable { * Properly cleans up resources allocated during analysis. */ public void cleanup() { - if (mode.requiresDatabase) { + if (mode.isDatabseRequired()) { if (database != null) { database.close(); database = null; @@ -226,12 +257,12 @@ public class Engine implements FileFilter, AutoCloseable { if (!analyzers.isEmpty()) { return; } - for (AnalysisPhase phase : mode.phases) { + for (AnalysisPhase phase : mode.getPhases()) { analyzers.put(phase, new ArrayList()); } final AnalyzerService service = new AnalyzerService(serviceClassLoader); - final List iterator = service.getAnalyzers(mode.phases); + final List iterator = service.getAnalyzers(mode.getPhases()); for (Analyzer a : iterator) { analyzers.get(a.getAnalysisPhase()).add(a); if (a instanceof FileTypeAnalyzer) { @@ -580,7 +611,7 @@ public class Engine implements FileFilter, AutoCloseable { final long analysisStart = System.currentTimeMillis(); // analysis phases - for (AnalysisPhase phase : mode.phases) { + for (AnalysisPhase phase : mode.getPhases()) { final List analyzerList = analyzers.get(phase); for (final Analyzer analyzer : analyzerList) { @@ -603,7 +634,7 @@ public class Engine implements FileFilter, AutoCloseable { } } } - for (AnalysisPhase phase : mode.phases) { + for (AnalysisPhase phase : mode.getPhases()) { final List analyzerList = analyzers.get(phase); for (Analyzer a : analyzerList) { @@ -626,7 +657,7 @@ public class Engine implements FileFilter, AutoCloseable { * @throws ExceptionCollection thrown if fatal exceptions occur */ private void initializeAndUpdateDatabase(final List exceptions) throws ExceptionCollection { - if (!mode.requiresDatabase) { + if (!mode.isDatabseRequired()) { return; } boolean autoUpdate = true; @@ -785,7 +816,7 @@ public class Engine implements FileFilter, AutoCloseable { * @throws UpdateException thrown if the operation fails */ public void doUpdates() throws UpdateException { - if (mode.requiresDatabase) { + if (mode.isDatabseRequired()) { LOGGER.info("Checking for updates"); final long updateStart = System.currentTimeMillis(); final UpdateService service = new UpdateService(serviceClassLoader); @@ -808,7 +839,7 @@ public class Engine implements FileFilter, AutoCloseable { */ public List getAnalyzers() { final List ret = new ArrayList<>(); - for (AnalysisPhase phase : mode.phases) { + for (AnalysisPhase phase : mode.getPhases()) { final List analyzerList = analyzers.get(phase); ret.addAll(analyzerList); } @@ -862,7 +893,7 @@ public class Engine implements FileFilter, AutoCloseable { * @throws NoDataException thrown if no data exists in the CPE Index */ private void ensureDataExists() throws NoDataException { - if (mode.requiresDatabase && (database == null || !database.dataExists())) { + if (mode.isDatabseRequired() && (database == null || !database.dataExists())) { throw new NoDataException("No documents exist"); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java index 6b05c7da9..4e136aa6f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java @@ -17,13 +17,15 @@ */ package org.owasp.dependencycheck.analyzer; +import java.util.ArrayList; import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.Settings; import org.slf4j.LoggerFactory; -import java.util.*; - import static java.util.Arrays.asList; +import java.util.Iterator; +import java.util.List; +import java.util.ServiceLoader; /** * The Analyzer Service Loader. This class loads all services that implement diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java index d0fc74227..dcc18c56d 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java @@ -41,10 +41,10 @@ public class EngineModeIT extends BaseTest { List dependencies; try (Engine engine = new Engine(Engine.Mode.EVIDENCE_COLLECTION)) { assertDatabase(false); - for (AnalysisPhase phase : Engine.Mode.EVIDENCE_COLLECTION.phases) { + for (AnalysisPhase phase : Engine.Mode.EVIDENCE_COLLECTION.getPhases()) { assertThat(engine.getAnalyzers(phase), is(notNullValue())); } - for (AnalysisPhase phase : Engine.Mode.EVIDENCE_PROCESSING.phases) { + for (AnalysisPhase phase : Engine.Mode.EVIDENCE_PROCESSING.getPhases()) { assertThat(engine.getAnalyzers(phase), is(nullValue())); } File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar"); @@ -60,10 +60,10 @@ public class EngineModeIT extends BaseTest { try (Engine engine = new Engine(Engine.Mode.EVIDENCE_PROCESSING)) { assertDatabase(true); - for (AnalysisPhase phase : Engine.Mode.EVIDENCE_PROCESSING.phases) { + for (AnalysisPhase phase : Engine.Mode.EVIDENCE_PROCESSING.getPhases()) { assertThat(engine.getAnalyzers(phase), is(notNullValue())); } - for (AnalysisPhase phase : Engine.Mode.EVIDENCE_COLLECTION.phases) { + for (AnalysisPhase phase : Engine.Mode.EVIDENCE_COLLECTION.getPhases()) { assertThat(engine.getAnalyzers(phase), is(nullValue())); } engine.setDependencies(dependencies); @@ -77,7 +77,7 @@ public class EngineModeIT extends BaseTest { public void testStandaloneMode() throws Exception { try (Engine engine = new Engine(Engine.Mode.STANDALONE)) { assertDatabase(true); - for (AnalysisPhase phase : Engine.Mode.STANDALONE.phases) { + for (AnalysisPhase phase : Engine.Mode.STANDALONE.getPhases()) { assertThat(engine.getAnalyzers(phase), is(notNullValue())); } File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar"); diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index 3e6cac416..49e7fb5af 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -763,9 +763,9 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma // Define the default FileSets if (scanSet == null || scanSet.length == 0) { - FileSet resourcesSet = new FileSet(); - FileSet filtersSet = new FileSet(); - FileSet webappSet = new FileSet(); + final FileSet resourcesSet = new FileSet(); + final FileSet filtersSet = new FileSet(); + final FileSet webappSet = new FileSet(); try { resourcesSet.setDirectory(new File(project.getBasedir(), "src/main/resources").getCanonicalPath()); filtersSet.setDirectory(new File(project.getBasedir(), "src/main/filters").getCanonicalPath()); @@ -779,14 +779,15 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma scanSet = new FileSet[] {resourcesSet, filtersSet, webappSet}; } // Iterate through FileSets and scan included files - FileSetManager fileSetManager = new FileSetManager(); + final FileSetManager fileSetManager = new FileSetManager(); for (FileSet fileSet: scanSet) { - String[] includedFiles = fileSetManager.getIncludedFiles(fileSet); + final String[] includedFiles = fileSetManager.getIncludedFiles(fileSet); for (String include: includedFiles) { - File includeFile = new File(fileSet.getDirectory(), include).getAbsoluteFile(); + final File includeFile = new File(fileSet.getDirectory(), include).getAbsoluteFile(); if (includeFile.exists()) { engine.scan(includeFile, project.getName()); } + //TODO - should we add an exception/error reporting for files that do not exist? } }