diff --git a/dependency-check-cli/src/site/markdown/index.md.vm b/dependency-check-cli/src/site/markdown/index.md.vm
index 671da940a..a0f9b5e84 100644
--- a/dependency-check-cli/src/site/markdown/index.md.vm
+++ b/dependency-check-cli/src/site/markdown/index.md.vm
@@ -25,10 +25,10 @@ your homebrew installation.
To scan a folder on the system you can run:
$H$H$H Windows
- dependency-check.bat --app "My App Name" --scan "c:\java\application\lib"
+ dependency-check.bat --project "My App Name" --scan "c:\java\application\lib"
$H$H$H *nix
- dependency-check.sh --app "My App Name" --scan "/java/application/lib"
+ dependency-check.sh --project "My App Name" --scan "/java/application/lib"
To view the command line arguments, see the arguments page, or you can run:
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
index 8e5e20a1c..984ea8a22 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
@@ -17,13 +17,13 @@
*/
package org.owasp.dependencycheck.analyzer;
-import java.io.BufferedReader;
import java.io.File;
import java.io.FileFilter;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.io.InputStreamReader;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.io.output.NullOutputStream;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
@@ -115,18 +115,15 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
final List args = buildArgumentList();
args.add(dependency.getActualFilePath());
final ProcessBuilder pb = new ProcessBuilder(args);
- BufferedReader rdr = null;
Document doc = null;
try {
final Process proc = pb.start();
// Try evacuating the error stream
- rdr = new BufferedReader(new InputStreamReader(proc.getErrorStream(), "UTF-8"));
- String line = null;
- // CHECKSTYLE:OFF
- while (rdr.ready() && (line = rdr.readLine()) != null) {
- LOGGER.warn("Error from GrokAssembly: {}", line);
+ final String errorStream = IOUtils.toString(proc.getErrorStream(), "UTF-8");
+ if (null != errorStream && !errorStream.isEmpty()) {
+ LOGGER.warn("Error from GrokAssembly: {}", errorStream);
}
- // CHECKSTYLE:ON
+
int rc = 0;
doc = builder.parse(proc.getInputStream());
@@ -176,14 +173,6 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
} catch (XPathExpressionException xpe) {
// This shouldn't happen
throw new AnalysisException(xpe);
- } finally {
- if (rdr != null) {
- try {
- rdr.close();
- } catch (IOException ex) {
- LOGGER.debug("ignore", ex);
- }
- }
}
}
@@ -200,11 +189,8 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
try {
fos = new FileOutputStream(tempFile);
is = AssemblyAnalyzer.class.getClassLoader().getResourceAsStream("GrokAssembly.exe");
- final byte[] buff = new byte[4096];
- int bread = -1;
- while ((bread = is.read(buff)) >= 0) {
- fos.write(buff, 0, bread);
- }
+ IOUtils.copy(is, fos);
+
grokAssemblyExe = tempFile;
// Set the temp file to get deleted when we're done
grokAssemblyExe.deleteOnExit();
@@ -232,17 +218,12 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
// Now, need to see if GrokAssembly actually runs from this location.
final List args = buildArgumentList();
- BufferedReader rdr = null;
try {
final ProcessBuilder pb = new ProcessBuilder(args);
final Process p = pb.start();
// Try evacuating the error stream
- rdr = new BufferedReader(new InputStreamReader(p.getErrorStream(), "UTF-8"));
- // CHECKSTYLE:OFF
- while (rdr.ready() && rdr.readLine() != null) {
- // We expect this to complain
- }
- // CHECKSTYLE:ON
+ IOUtils.copy(p.getErrorStream(), NullOutputStream.NULL_OUTPUT_STREAM);
+
final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream());
final XPath xpath = XPathFactory.newInstance().newXPath();
final String error = xpath.evaluate("/assembly/error", doc);
@@ -263,14 +244,6 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
this.setEnabled(false);
throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", e);
}
- } finally {
- if (rdr != null) {
- try {
- rdr.close();
- } catch (IOException ex) {
- LOGGER.trace("ignore", ex);
- }
- }
}
builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
index fabe1d149..02197a9ca 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
@@ -17,11 +17,9 @@
*/
package org.owasp.dependencycheck.data.nvdcve;
-import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
-import java.io.InputStreamReader;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.Driver;
@@ -30,6 +28,7 @@ import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.logging.Level;
+import org.apache.commons.io.IOUtils;
import org.owasp.dependencycheck.utils.DBUtils;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
@@ -250,22 +249,15 @@ public final class ConnectionFactory {
*/
private static void createTables(Connection conn) throws DatabaseException {
LOGGER.debug("Creating database structure");
- InputStream is;
- InputStreamReader reader;
- BufferedReader in = null;
+ InputStream is = null;
try {
is = ConnectionFactory.class.getClassLoader().getResourceAsStream(DB_STRUCTURE_RESOURCE);
- reader = new InputStreamReader(is, "UTF-8");
- in = new BufferedReader(reader);
- final StringBuilder sb = new StringBuilder(2110);
- String tmp;
- while ((tmp = in.readLine()) != null) {
- sb.append(tmp);
- }
+ final String dbStructure = IOUtils.toString(is, "UTF-8");
+
Statement statement = null;
try {
statement = conn.createStatement();
- statement.execute(sb.toString());
+ statement.execute(dbStructure);
} catch (SQLException ex) {
LOGGER.debug("", ex);
throw new DatabaseException("Unable to create database statement", ex);
@@ -275,13 +267,7 @@ public final class ConnectionFactory {
} catch (IOException ex) {
throw new DatabaseException("Unable to create database schema", ex);
} finally {
- if (in != null) {
- try {
- in.close();
- } catch (IOException ex) {
- LOGGER.trace("", ex);
- }
- }
+ IOUtils.closeQuietly(is);
}
}
@@ -303,9 +289,7 @@ public final class ConnectionFactory {
}
if ("h2".equalsIgnoreCase(databaseProductName)) {
LOGGER.debug("Updating database structure");
- InputStream is;
- InputStreamReader reader;
- BufferedReader in = null;
+ InputStream is = null;
String updateFile = null;
try {
updateFile = String.format(DB_STRUCTURE_UPDATE_RESOURCE, schema);
@@ -313,17 +297,12 @@ public final class ConnectionFactory {
if (is == null) {
throw new DatabaseException(String.format("Unable to load update file '%s'", updateFile));
}
- reader = new InputStreamReader(is, "UTF-8");
- in = new BufferedReader(reader);
- final StringBuilder sb = new StringBuilder(is.available());
- String tmp;
- while ((tmp = in.readLine()) != null) {
- sb.append(tmp);
- }
+ final String dbStructureUpdate = IOUtils.toString(is, "UTF-8");
+
Statement statement = null;
try {
statement = conn.createStatement();
- boolean success = statement.execute(sb.toString());
+ boolean success = statement.execute(dbStructureUpdate);
if (!success && statement.getUpdateCount() <= 0) {
throw new DatabaseException(String.format("Unable to upgrade the database schema to %s", schema));
}
@@ -337,13 +316,7 @@ public final class ConnectionFactory {
final String msg = String.format("Upgrade SQL file does not exist: %s", updateFile);
throw new DatabaseException(msg, ex);
} finally {
- if (in != null) {
- try {
- in.close();
- } catch (IOException ex) {
- LOGGER.trace("", ex);
- }
- }
+ IOUtils.closeQuietly(is);
}
} else {
LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.", UPGRADE_HELP_URL);
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/Model.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/Model.java
index 1af8f8512..9c0b8dee0 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/Model.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/Model.java
@@ -308,10 +308,7 @@ public class Model {
*/
public static String interpolateString(String text, Properties properties) {
final Properties props = properties;
- if (text == null) {
- return text;
- }
- if (props == null) {
+ if (text == null || props == null) {
return text;
}
@@ -319,7 +316,7 @@ public class Model {
if (pos < 0) {
return text;
}
- final int end = text.indexOf("}");
+ final int end = text.indexOf('}', pos + 2);
if (end < pos) {
return text;
}
@@ -330,10 +327,9 @@ public class Model {
propValue = "";
}
final StringBuilder sb = new StringBuilder(propValue.length() + text.length());
- sb.append(text.subSequence(0, pos));
- sb.append(propValue);
- sb.append(text.substring(end + 1));
+ sb.append(text.subSequence(0, pos))
+ .append(propValue)
+ .append(text.substring(end + 1));
return interpolateString(sb.toString(), props); //yes yes, this should be a loop...
}
-
}