cleanup, checkstyle, etc.

dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/SuppressionFile.java

@@ -30,19 +30,10 @@ public class SuppressionFile {
      */
     private String path;
 
-    /**
-     * Called by ant with the simple content of the suppressionFile xml element.
-     *
-     * @param text the simple content.
-     */
-    //public final void addConfigured(String text) {
-    //    this.path = text;
-    //}
-
     /**
      * Sets the path to the suppression file.
      *
-     * @param path
+     * @param path the path to the suppression file
      */
     public void setPath(String path) {
         this.path = path;
@@ -51,7 +42,7 @@ public class SuppressionFile {
     /**
      * Gets the path to the suppression file.
      *
-     * @return the path.
+     * @return the path
      */
     public String getPath() {
         return path;

dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java

@@ -42,8 +42,21 @@ import org.slf4j.LoggerFactory;
 import java.io.File;
 import java.io.FileFilter;
 import java.io.IOException;
-import java.util.*;
+import java.util.ArrayList;
-import java.util.concurrent.*;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.EnumMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.CancellationException;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.TimeUnit;
 
 import static org.owasp.dependencycheck.analyzer.AnalysisPhase.*;
 
@@ -97,20 +110,38 @@ public class Engine implements FileFilter, AutoCloseable {
         /**
          * Whether the database is required in this mode.
          */
-        public final boolean requiresDatabase;
+        private final boolean databaseRequired;
         /**
          * The analysis phases included in the mode.
          */
-        public final AnalysisPhase[] phases;
+        private final AnalysisPhase[] phases;
+
+        /**
+         * Returns true if the database is required; otherwise false.
+         *
+         * @return whether or not the database is required
+         */
+        public boolean isDatabseRequired() {
+            return databaseRequired;
+        }
+
+        /**
+         * Returns the phases for this mode.
+         *
+         * @return the phases for this mode
+         */
+        public AnalysisPhase[] getPhases() {
+            return phases;
+        }
 
         /**
          * Constructs a new mode.
          *
-         * @param requiresDatabase if the database is required for the mode
+         * @param databaseRequired if the database is required for the mode
          * @param phases the analysis phases to include in the mode
          */
-        Mode(boolean requiresDatabase, AnalysisPhase... phases) {
+        Mode(boolean databaseRequired, AnalysisPhase... phases) {
-            this.requiresDatabase = requiresDatabase;
+            this.databaseRequired = databaseRequired;
             this.phases = phases;
         }
     }
@@ -194,7 +225,7 @@ public class Engine implements FileFilter, AutoCloseable {
      * database
      */
     protected final void initializeEngine() {
-        if (mode.requiresDatabase) {
+        if (mode.isDatabseRequired()) {
             ConnectionFactory.initialize();
         }
         loadAnalyzers();
@@ -204,7 +235,7 @@ public class Engine implements FileFilter, AutoCloseable {
      * Properly cleans up resources allocated during analysis.
      */
     public void cleanup() {
-        if (mode.requiresDatabase) {
+        if (mode.isDatabseRequired()) {
             if (database != null) {
                 database.close();
                 database = null;
@@ -226,12 +257,12 @@ public class Engine implements FileFilter, AutoCloseable {
         if (!analyzers.isEmpty()) {
             return;
         }
-        for (AnalysisPhase phase : mode.phases) {
+        for (AnalysisPhase phase : mode.getPhases()) {
             analyzers.put(phase, new ArrayList<Analyzer>());
         }
 
         final AnalyzerService service = new AnalyzerService(serviceClassLoader);
-        final List<Analyzer> iterator = service.getAnalyzers(mode.phases);
+        final List<Analyzer> iterator = service.getAnalyzers(mode.getPhases());
         for (Analyzer a : iterator) {
             analyzers.get(a.getAnalysisPhase()).add(a);
             if (a instanceof FileTypeAnalyzer) {
@@ -580,7 +611,7 @@ public class Engine implements FileFilter, AutoCloseable {
         final long analysisStart = System.currentTimeMillis();
 
         // analysis phases
-        for (AnalysisPhase phase : mode.phases) {
+        for (AnalysisPhase phase : mode.getPhases()) {
             final List<Analyzer> analyzerList = analyzers.get(phase);
 
             for (final Analyzer analyzer : analyzerList) {
@@ -603,7 +634,7 @@ public class Engine implements FileFilter, AutoCloseable {
                 }
             }
         }
-        for (AnalysisPhase phase : mode.phases) {
+        for (AnalysisPhase phase : mode.getPhases()) {
             final List<Analyzer> analyzerList = analyzers.get(phase);
 
             for (Analyzer a : analyzerList) {
@@ -626,7 +657,7 @@ public class Engine implements FileFilter, AutoCloseable {
      * @throws ExceptionCollection thrown if fatal exceptions occur
      */
     private void initializeAndUpdateDatabase(final List<Throwable> exceptions) throws ExceptionCollection {
-        if (!mode.requiresDatabase) {
+        if (!mode.isDatabseRequired()) {
             return;
         }
         boolean autoUpdate = true;
@@ -785,7 +816,7 @@ public class Engine implements FileFilter, AutoCloseable {
      * @throws UpdateException thrown if the operation fails
      */
     public void doUpdates() throws UpdateException {
-        if (mode.requiresDatabase) {
+        if (mode.isDatabseRequired()) {
             LOGGER.info("Checking for updates");
             final long updateStart = System.currentTimeMillis();
             final UpdateService service = new UpdateService(serviceClassLoader);
@@ -808,7 +839,7 @@ public class Engine implements FileFilter, AutoCloseable {
      */
     public List<Analyzer> getAnalyzers() {
         final List<Analyzer> ret = new ArrayList<>();
-        for (AnalysisPhase phase : mode.phases) {
+        for (AnalysisPhase phase : mode.getPhases()) {
             final List<Analyzer> analyzerList = analyzers.get(phase);
             ret.addAll(analyzerList);
         }
@@ -862,7 +893,7 @@ public class Engine implements FileFilter, AutoCloseable {
      * @throws NoDataException thrown if no data exists in the CPE Index
      */
     private void ensureDataExists() throws NoDataException {
-        if (mode.requiresDatabase && (database == null || !database.dataExists())) {
+        if (mode.isDatabseRequired() && (database == null || !database.dataExists())) {
             throw new NoDataException("No documents exist");
         }
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java

@@ -17,13 +17,15 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
+import java.util.ArrayList;
 import org.owasp.dependencycheck.utils.InvalidSettingException;
 import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.LoggerFactory;
 
-import java.util.*;
-
 import static java.util.Arrays.asList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.ServiceLoader;
 
 /**
  * The Analyzer Service Loader. This class loads all services that implement

dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java

@@ -41,10 +41,10 @@ public class EngineModeIT extends BaseTest {
         List<Dependency> dependencies;
         try (Engine engine = new Engine(Engine.Mode.EVIDENCE_COLLECTION)) {
             assertDatabase(false);
-            for (AnalysisPhase phase : Engine.Mode.EVIDENCE_COLLECTION.phases) {
+            for (AnalysisPhase phase : Engine.Mode.EVIDENCE_COLLECTION.getPhases()) {
                 assertThat(engine.getAnalyzers(phase), is(notNullValue()));
             }
-            for (AnalysisPhase phase : Engine.Mode.EVIDENCE_PROCESSING.phases) {
+            for (AnalysisPhase phase : Engine.Mode.EVIDENCE_PROCESSING.getPhases()) {
                 assertThat(engine.getAnalyzers(phase), is(nullValue()));
             }
             File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
@@ -60,10 +60,10 @@ public class EngineModeIT extends BaseTest {
 
         try (Engine engine = new Engine(Engine.Mode.EVIDENCE_PROCESSING)) {
             assertDatabase(true);
-            for (AnalysisPhase phase : Engine.Mode.EVIDENCE_PROCESSING.phases) {
+            for (AnalysisPhase phase : Engine.Mode.EVIDENCE_PROCESSING.getPhases()) {
                 assertThat(engine.getAnalyzers(phase), is(notNullValue()));
             }
-            for (AnalysisPhase phase : Engine.Mode.EVIDENCE_COLLECTION.phases) {
+            for (AnalysisPhase phase : Engine.Mode.EVIDENCE_COLLECTION.getPhases()) {
                 assertThat(engine.getAnalyzers(phase), is(nullValue()));
             }
             engine.setDependencies(dependencies);
@@ -77,7 +77,7 @@ public class EngineModeIT extends BaseTest {
     public void testStandaloneMode() throws Exception {
         try (Engine engine = new Engine(Engine.Mode.STANDALONE)) {
             assertDatabase(true);
-            for (AnalysisPhase phase : Engine.Mode.STANDALONE.phases) {
+            for (AnalysisPhase phase : Engine.Mode.STANDALONE.getPhases()) {
                 assertThat(engine.getAnalyzers(phase), is(notNullValue()));
             }
             File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java

@@ -763,9 +763,9 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
 
         // Define the default FileSets
         if (scanSet == null || scanSet.length == 0) {
-            FileSet resourcesSet = new FileSet();
+            final FileSet resourcesSet = new FileSet();
-            FileSet filtersSet = new FileSet();
+            final FileSet filtersSet = new FileSet();
-            FileSet webappSet = new FileSet();
+            final FileSet webappSet = new FileSet();
             try {
                 resourcesSet.setDirectory(new File(project.getBasedir(), "src/main/resources").getCanonicalPath());
                 filtersSet.setDirectory(new File(project.getBasedir(), "src/main/filters").getCanonicalPath());
@@ -779,14 +779,15 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
             scanSet = new FileSet[] {resourcesSet, filtersSet, webappSet};
         }
         // Iterate through FileSets and scan included files
-        FileSetManager fileSetManager = new FileSetManager();
+        final FileSetManager fileSetManager = new FileSetManager();
         for (FileSet fileSet: scanSet) {
-            String[] includedFiles = fileSetManager.getIncludedFiles(fileSet);
+            final String[] includedFiles = fileSetManager.getIncludedFiles(fileSet);
             for (String include: includedFiles) {
-                File includeFile = new File(fileSet.getDirectory(), include).getAbsoluteFile();
+                final File includeFile = new File(fileSet.getDirectory(), include).getAbsoluteFile();
                 if (includeFile.exists()) {
                     engine.scan(includeFile, project.getName());
                 }
+                //TODO - should we add an exception/error reporting for files that do not exist?
             }
         }