mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-13 23:33:37 +01:00
Merging upstream/master
Former-commit-id: f77993de8ea6e0de68d4b5cd0da653692ffcbaa9
This commit is contained in:
Will Stranathan
@@ -140,7 +140,7 @@ public final class CliParser {
|
||||
throw new FileNotFoundException(msg);
|
||||
} else if (!path.contains("*") && !path.contains("?")) {
|
||||
File f = new File(path);
|
||||
if ("o".equals(argumentName.substring(0, 1).toLowerCase()) && !"ALL".equals(this.getReportFormat().toUpperCase())) {
|
||||
if ("o".equalsIgnoreCase(argumentName.substring(0, 1)) && !"ALL".equalsIgnoreCase(this.getReportFormat())) {
|
||||
final String checkPath = path.toLowerCase();
|
||||
if (checkPath.endsWith(".html") || checkPath.endsWith(".xml") || checkPath.endsWith(".htm")) {
|
||||
if (f.getParentFile() == null) {
|
||||
|
||||
@@ -354,7 +354,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
<dependency>
|
||||
<groupId>org.jmockit</groupId>
|
||||
<artifactId>jmockit</artifactId>
|
||||
<version>1.14</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -116,7 +116,7 @@ public class Engine {
|
||||
* Loads the analyzers specified in the configuration file (or system properties).
|
||||
*/
|
||||
private void loadAnalyzers() {
|
||||
if (analyzers.size() > 0) {
|
||||
if (!analyzers.isEmpty()) {
|
||||
return;
|
||||
}
|
||||
for (AnalysisPhase phase : AnalysisPhase.values()) {
|
||||
|
||||
@@ -110,7 +110,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
static {
|
||||
final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
|
||||
if (additionalZipExt != null) {
|
||||
final HashSet<String> ext = new HashSet<String>(Arrays.asList(additionalZipExt));
|
||||
final Set<String> ext = new HashSet<String>(Arrays.asList(additionalZipExt));
|
||||
ZIPPABLES.addAll(ext);
|
||||
}
|
||||
EXTENSIONS.addAll(ZIPPABLES);
|
||||
@@ -382,7 +382,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
fos = new FileOutputStream(file);
|
||||
bos = new BufferedOutputStream(fos, BUFFER_SIZE);
|
||||
int count;
|
||||
final byte data[] = new byte[BUFFER_SIZE];
|
||||
final byte[] data = new byte[BUFFER_SIZE];
|
||||
while ((count = input.read(data, 0, BUFFER_SIZE)) != -1) {
|
||||
bos.write(data, 0, count);
|
||||
}
|
||||
|
||||
@@ -255,7 +255,7 @@ public class CPEAnalyzer implements Analyzer {
|
||||
protected List<IndexEntry> searchCPE(String vendor, String product,
|
||||
Set<String> vendorWeightings, Set<String> productWeightings) {
|
||||
|
||||
final ArrayList<IndexEntry> ret = new ArrayList<IndexEntry>(MAX_QUERY_RESULTS);
|
||||
final List<IndexEntry> ret = new ArrayList<IndexEntry>(MAX_QUERY_RESULTS);
|
||||
|
||||
final String searchString = buildSearch(vendor, product, vendorWeightings, productWeightings);
|
||||
if (searchString == null) {
|
||||
|
||||
@@ -19,6 +19,7 @@ package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||
@@ -101,7 +102,7 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
|
||||
}
|
||||
final Iterator<Evidence> itr = dependency.getVendorEvidence().iterator();
|
||||
final ArrayList<Evidence> newEntries = new ArrayList<Evidence>();
|
||||
final List<Evidence> newEntries = new ArrayList<Evidence>();
|
||||
while (itr.hasNext()) {
|
||||
final Evidence e = itr.next();
|
||||
if ("sun".equalsIgnoreCase(e.getValue(false))) {
|
||||
|
||||
@@ -227,7 +227,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
@Override
|
||||
public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
|
||||
try {
|
||||
final ArrayList<ClassNameInformation> classNames = collectClassNames(dependency);
|
||||
final List<ClassNameInformation> classNames = collectClassNames(dependency);
|
||||
final String fileName = dependency.getFileName().toLowerCase();
|
||||
if (classNames.isEmpty()
|
||||
&& (fileName.endsWith("-sources.jar")
|
||||
@@ -255,7 +255,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* @throws AnalysisException is thrown if there is an exception parsing the pom
|
||||
* @return whether or not evidence was added to the dependency
|
||||
*/
|
||||
protected boolean analyzePOM(Dependency dependency, ArrayList<ClassNameInformation> classes, Engine engine) throws AnalysisException {
|
||||
protected boolean analyzePOM(Dependency dependency, List<ClassNameInformation> classes, Engine engine) throws AnalysisException {
|
||||
boolean foundSomething = false;
|
||||
final JarFile jar;
|
||||
try {
|
||||
@@ -408,7 +408,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
fos = new FileOutputStream(file);
|
||||
bos = new BufferedOutputStream(fos, BUFFER_SIZE);
|
||||
int count;
|
||||
final byte data[] = new byte[BUFFER_SIZE];
|
||||
final byte[] data = new byte[BUFFER_SIZE];
|
||||
while ((count = input.read(data, 0, BUFFER_SIZE)) != -1) {
|
||||
bos.write(data, 0, count);
|
||||
}
|
||||
@@ -531,7 +531,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* file being analyzed
|
||||
* @return true if there was evidence within the pom that we could use; otherwise false
|
||||
*/
|
||||
private boolean setPomEvidence(Dependency dependency, Model pom, Properties pomProperties, ArrayList<ClassNameInformation> classes) {
|
||||
private boolean setPomEvidence(Dependency dependency, Model pom, Properties pomProperties, List<ClassNameInformation> classes) {
|
||||
boolean foundSomething = false;
|
||||
boolean addAsIdentifier = true;
|
||||
if (pom == null) {
|
||||
@@ -659,10 +659,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* @param dependency a dependency to analyze
|
||||
* @param addPackagesAsEvidence a flag indicating whether or not package names should be added as evidence.
|
||||
*/
|
||||
protected void analyzePackageNames(ArrayList<ClassNameInformation> classNames,
|
||||
protected void analyzePackageNames(List<ClassNameInformation> classNames,
|
||||
Dependency dependency, boolean addPackagesAsEvidence) {
|
||||
final HashMap<String, Integer> vendorIdentifiers = new HashMap<String, Integer>();
|
||||
final HashMap<String, Integer> productIdentifiers = new HashMap<String, Integer>();
|
||||
final Map<String, Integer> vendorIdentifiers = new HashMap<String, Integer>();
|
||||
final Map<String, Integer> productIdentifiers = new HashMap<String, Integer>();
|
||||
analyzeFullyQualifiedClassNames(classNames, vendorIdentifiers, productIdentifiers);
|
||||
|
||||
final int classCount = classNames.size();
|
||||
@@ -704,7 +704,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* @return whether evidence was identified parsing the manifest
|
||||
* @throws IOException if there is an issue reading the JAR file
|
||||
*/
|
||||
protected boolean parseManifest(Dependency dependency, ArrayList<ClassNameInformation> classInformation) throws IOException {
|
||||
protected boolean parseManifest(Dependency dependency, List<ClassNameInformation> classInformation) throws IOException {
|
||||
boolean foundSomething = false;
|
||||
JarFile jar = null;
|
||||
try {
|
||||
@@ -1050,8 +1050,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* @param dependency the dependency being analyzed
|
||||
* @return an list of fully qualified class names
|
||||
*/
|
||||
private ArrayList<ClassNameInformation> collectClassNames(Dependency dependency) {
|
||||
final ArrayList<ClassNameInformation> classNames = new ArrayList<ClassNameInformation>();
|
||||
private List<ClassNameInformation> collectClassNames(Dependency dependency) {
|
||||
final List<ClassNameInformation> classNames = new ArrayList<ClassNameInformation>();
|
||||
JarFile jar = null;
|
||||
try {
|
||||
jar = new JarFile(dependency.getActualFilePath());
|
||||
@@ -1089,10 +1089,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* @param vendor HashMap of possible vendor names from package names (e.g. owasp)
|
||||
* @param product HashMap of possible product names from package names (e.g. dependencycheck)
|
||||
*/
|
||||
private void analyzeFullyQualifiedClassNames(ArrayList<ClassNameInformation> classNames,
|
||||
HashMap<String, Integer> vendor, HashMap<String, Integer> product) {
|
||||
private void analyzeFullyQualifiedClassNames(List<ClassNameInformation> classNames,
|
||||
Map<String, Integer> vendor, Map<String, Integer> product) {
|
||||
for (ClassNameInformation entry : classNames) {
|
||||
final ArrayList<String> list = entry.getPackageStructure();
|
||||
final List<String> list = entry.getPackageStructure();
|
||||
addEntry(vendor, list.get(0));
|
||||
|
||||
if (list.size() == 2) {
|
||||
@@ -1120,7 +1120,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* @param collection a collection of strings and their occurrence count
|
||||
* @param key the key to add to the collection
|
||||
*/
|
||||
private void addEntry(HashMap<String, Integer> collection, String key) {
|
||||
private void addEntry(Map<String, Integer> collection, String key) {
|
||||
if (collection.containsKey(key)) {
|
||||
collection.put(key, collection.get(key) + 1);
|
||||
} else {
|
||||
@@ -1137,7 +1137,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* @param value the value to check to see if it contains a package name
|
||||
* @param evidence the evidence collection to add new entries too
|
||||
*/
|
||||
private void addMatchingValues(ArrayList<ClassNameInformation> classes, String value, EvidenceCollection evidence) {
|
||||
private void addMatchingValues(List<ClassNameInformation> classes, String value, EvidenceCollection evidence) {
|
||||
if (value == null || value.isEmpty() || classes == null || classes.isEmpty()) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -72,7 +72,7 @@ public abstract class AbstractTokenizingFilter extends TokenFilter {
|
||||
* @return whether or not a new term was added
|
||||
*/
|
||||
protected boolean addTerm() {
|
||||
final boolean termAdded = tokens.size() > 0;
|
||||
final boolean termAdded = !tokens.isEmpty();
|
||||
if (termAdded) {
|
||||
final String term = tokens.pop();
|
||||
clearAttributes();
|
||||
|
||||
@@ -92,7 +92,7 @@ public final class TokenPairConcatenatingFilter extends TokenFilter {
|
||||
|
||||
//if we have a previousTerm - write it out as its own token concatenated
|
||||
// with the current word (if one is available).
|
||||
if (previousWord != null && words.size() > 0) {
|
||||
if (previousWord != null && !words.isEmpty()) {
|
||||
final String word = words.getFirst();
|
||||
clearAttributes();
|
||||
termAtt.append(previousWord).append(word);
|
||||
@@ -100,7 +100,7 @@ public final class TokenPairConcatenatingFilter extends TokenFilter {
|
||||
return true;
|
||||
}
|
||||
//if we have words, write it out as a single token
|
||||
if (words.size() > 0) {
|
||||
if (!words.isEmpty()) {
|
||||
final String word = words.removeFirst();
|
||||
clearAttributes();
|
||||
termAtt.append(word);
|
||||
|
||||
@@ -60,7 +60,7 @@ public final class UrlTokenizingFilter extends AbstractTokenizingFilter {
|
||||
public boolean incrementToken() throws IOException {
|
||||
final LinkedList<String> tokens = getTokens();
|
||||
final CharTermAttribute termAtt = getTermAtt();
|
||||
if (tokens.size() == 0 && input.incrementToken()) {
|
||||
if (tokens.isEmpty() && input.incrementToken()) {
|
||||
final String text = new String(termAtt.buffer(), 0, termAtt.length());
|
||||
if (UrlStringUtils.containsUrl(text)) {
|
||||
final String[] parts = text.split("\\s");
|
||||
|
||||
@@ -28,6 +28,7 @@ import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Map.Entry;
|
||||
import java.util.Properties;
|
||||
import java.util.Set;
|
||||
@@ -458,7 +459,8 @@ public class CveDB {
|
||||
final List<Vulnerability> vulnerabilities = new ArrayList<Vulnerability>();
|
||||
|
||||
PreparedStatement ps;
|
||||
final HashSet<String> cveEntries = new HashSet<String>();
|
||||
//TODO(code review): Looks like things are only added to this map, but never retrieved or checked
|
||||
final Set<String> cveEntries = new HashSet<String>();
|
||||
try {
|
||||
ps = getConnection().prepareStatement(SELECT_CVE_FROM_SOFTWARE);
|
||||
ps.setString(1, cpe.getVendor());
|
||||
@@ -466,7 +468,7 @@ public class CveDB {
|
||||
rs = ps.executeQuery();
|
||||
String currentCVE = "";
|
||||
|
||||
final HashMap<String, Boolean> vulnSoftware = new HashMap<String, Boolean>();
|
||||
final Map<String, Boolean> vulnSoftware = new HashMap<String, Boolean>();
|
||||
while (rs.next()) {
|
||||
final String cveId = rs.getString(1);
|
||||
if (!currentCVE.equals(cveId)) { //check for match and add
|
||||
@@ -787,12 +789,12 @@ public class CveDB {
|
||||
* @param identifiedVersion the identified version of the dependency being analyzed
|
||||
* @return true if the identified version is affected, otherwise false
|
||||
*/
|
||||
protected Entry<String, Boolean> getMatchingSoftware(HashMap<String, Boolean> vulnerableSoftware, String vendor, String product,
|
||||
protected Entry<String, Boolean> getMatchingSoftware(Map<String, Boolean> vulnerableSoftware, String vendor, String product,
|
||||
DependencyVersion identifiedVersion) {
|
||||
|
||||
final boolean isVersionTwoADifferentProduct = "apache".equals(vendor) && "struts".equals(product);
|
||||
|
||||
final HashSet<String> majorVersionsAffectingAllPrevious = new HashSet<String>();
|
||||
final Set<String> majorVersionsAffectingAllPrevious = new HashSet<String>();
|
||||
final boolean matchesAnyPrevious = identifiedVersion == null || "-".equals(identifiedVersion.toString());
|
||||
String majorVersionMatch = null;
|
||||
for (Entry<String, Boolean> entry : vulnerableSoftware.entrySet()) {
|
||||
@@ -875,9 +877,9 @@ public class CveDB {
|
||||
*/
|
||||
private DependencyVersion parseDependencyVersion(VulnerableSoftware cpe) {
|
||||
DependencyVersion cpeVersion;
|
||||
if (cpe.getVersion() != null && cpe.getVersion().length() > 0) {
|
||||
if (cpe.getVersion() != null && !cpe.getVersion().isEmpty()) {
|
||||
String versionText;
|
||||
if (cpe.getRevision() != null && cpe.getRevision().length() > 0) {
|
||||
if (cpe.getRevision() != null && !cpe.getRevision().isEmpty()) {
|
||||
versionText = String.format("%s.%s", cpe.getVersion(), cpe.getRevision());
|
||||
} else {
|
||||
versionText = cpe.getVersion();
|
||||
|
||||
@@ -154,7 +154,7 @@ public class DatabaseProperties {
|
||||
* @return a map of the database meta data
|
||||
*/
|
||||
public Map<String, String> getMetaData() {
|
||||
final TreeMap<String, String> map = new TreeMap<String, String>();
|
||||
final Map<String, String> map = new TreeMap<String, String>();
|
||||
for (Entry<Object, Object> entry : properties.entrySet()) {
|
||||
final String key = (String) entry.getKey();
|
||||
if (!"version".equals(key)) {
|
||||
|
||||
@@ -27,6 +27,7 @@ import java.sql.Driver;
|
||||
import java.sql.DriverManager;
|
||||
import java.sql.SQLException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
|
||||
@@ -75,7 +76,7 @@ public final class DriverLoader {
|
||||
*/
|
||||
public static Driver load(String className, String pathToDriver) throws DriverLoadException {
|
||||
final URLClassLoader parent = (URLClassLoader) ClassLoader.getSystemClassLoader();
|
||||
final ArrayList<URL> urls = new ArrayList<URL>();
|
||||
final List<URL> urls = new ArrayList<URL>();
|
||||
final String[] paths = pathToDriver.split(File.pathSeparator);
|
||||
for (String path : paths) {
|
||||
final File file = new File(path);
|
||||
|
||||
@@ -31,7 +31,7 @@ import javax.xml.namespace.QName;
|
||||
@XmlRegistry
|
||||
public class ObjectFactory {
|
||||
|
||||
private final static QName _Project_QNAME = new QName("http://maven.apache.org/POM/4.0.0", "project");
|
||||
private static final QName _Project_QNAME = new QName("http://maven.apache.org/POM/4.0.0", "project");
|
||||
|
||||
/**
|
||||
* Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: org.owasp.dependencycheck.analyzer.pom.generated
|
||||
|
||||
@@ -112,7 +112,7 @@ public class SuppressionRule {
|
||||
* @return whether or not this suppression rule as CPE entries
|
||||
*/
|
||||
public boolean hasCpe() {
|
||||
return cpe.size() > 0;
|
||||
return !cpe.isEmpty();
|
||||
}
|
||||
/**
|
||||
* The list of cvssBelow scores.
|
||||
@@ -152,7 +152,7 @@ public class SuppressionRule {
|
||||
* @return whether or not this suppression rule has cvss suppressions
|
||||
*/
|
||||
public boolean hasCvssBelow() {
|
||||
return cvssBelow.size() > 0;
|
||||
return !cvssBelow.isEmpty();
|
||||
}
|
||||
/**
|
||||
* The list of cwe entries to suppress.
|
||||
@@ -192,7 +192,7 @@ public class SuppressionRule {
|
||||
* @return whether this suppression rule has CWE entries
|
||||
*/
|
||||
public boolean hasCwe() {
|
||||
return cwe.size() > 0;
|
||||
return !cwe.isEmpty();
|
||||
}
|
||||
/**
|
||||
* The list of cve entries to suppress.
|
||||
@@ -232,7 +232,7 @@ public class SuppressionRule {
|
||||
* @return whether this suppression rule has CVE entries
|
||||
*/
|
||||
public boolean hasCve() {
|
||||
return cve.size() > 0;
|
||||
return !cve.isEmpty();
|
||||
}
|
||||
/**
|
||||
* A Maven GAV to suppression.
|
||||
@@ -450,28 +450,28 @@ public class SuppressionRule {
|
||||
if (gav != null) {
|
||||
sb.append("gav=").append(gav).append(",");
|
||||
}
|
||||
if (cpe != null && cpe.size() > 0) {
|
||||
if (cpe != null && !cpe.isEmpty()) {
|
||||
sb.append("cpe={");
|
||||
for (PropertyType pt : cpe) {
|
||||
sb.append(pt).append(",");
|
||||
}
|
||||
sb.append("}");
|
||||
}
|
||||
if (cwe != null && cwe.size() > 0) {
|
||||
if (cwe != null && !cwe.isEmpty()) {
|
||||
sb.append("cwe={");
|
||||
for (String s : cwe) {
|
||||
sb.append(s).append(",");
|
||||
}
|
||||
sb.append("}");
|
||||
}
|
||||
if (cve != null && cve.size() > 0) {
|
||||
if (cve != null && !cve.isEmpty()) {
|
||||
sb.append("cve={");
|
||||
for (String s : cve) {
|
||||
sb.append(s).append(",");
|
||||
}
|
||||
sb.append("}");
|
||||
}
|
||||
if (cvssBelow != null && cvssBelow.size() > 0) {
|
||||
if (cvssBelow != null && !cvssBelow.isEmpty()) {
|
||||
sb.append("cvssBelow={");
|
||||
for (Float s : cvssBelow) {
|
||||
sb.append(s).append(",");
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
package org.owasp.dependencycheck.utils;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
@@ -62,7 +63,7 @@ public final class DependencyVersionUtil {
|
||||
//'-' is a special case used within the CVE entries, just include it as the version.
|
||||
if ("-".equals(text)) {
|
||||
final DependencyVersion dv = new DependencyVersion();
|
||||
final ArrayList<String> list = new ArrayList<String>();
|
||||
final List<String> list = new ArrayList<String>();
|
||||
list.add(text);
|
||||
dv.setVersionParts(list);
|
||||
return dv;
|
||||
|
||||
@@ -107,7 +107,7 @@ public final class ExtractionUtil {
|
||||
fos = new FileOutputStream(file);
|
||||
bos = new BufferedOutputStream(fos, BUFFER_SIZE);
|
||||
int count;
|
||||
final byte data[] = new byte[BUFFER_SIZE];
|
||||
final byte[] data = new byte[BUFFER_SIZE];
|
||||
while ((count = zis.read(data, 0, BUFFER_SIZE)) != -1) {
|
||||
bos.write(data, 0, count);
|
||||
}
|
||||
|
||||
@@ -23,6 +23,7 @@ import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
/**
|
||||
@@ -68,7 +69,7 @@ public final class UrlStringUtils {
|
||||
/**
|
||||
* A listing of domain parts that should not be used as evidence. Yes, this is an incomplete list.
|
||||
*/
|
||||
private static final HashSet<String> IGNORE_LIST = new HashSet<String>(
|
||||
private static final Set<String> IGNORE_LIST = new HashSet<String>(
|
||||
Arrays.asList("www", "com", "org", "gov", "info", "name", "net", "pro", "tel", "mobi", "xxx"));
|
||||
|
||||
/**
|
||||
@@ -86,7 +87,7 @@ public final class UrlStringUtils {
|
||||
* @throws MalformedURLException thrown if the URL is malformed
|
||||
*/
|
||||
public static List<String> extractImportantUrlData(String text) throws MalformedURLException {
|
||||
final ArrayList<String> importantParts = new ArrayList<String>();
|
||||
final List<String> importantParts = new ArrayList<String>();
|
||||
final URL url = new URL(text);
|
||||
final String[] domain = url.getHost().split("\\.");
|
||||
//add the domain except www and the tld.
|
||||
|
||||
@@ -294,7 +294,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
|
||||
<dependency>
|
||||
<groupId>org.jmockit</groupId>
|
||||
<artifactId>jmockit</artifactId>
|
||||
<version>1.14</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -701,7 +701,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
|
||||
private Proxy getMavenProxy() {
|
||||
if (mavenSettings != null) {
|
||||
final List<Proxy> proxies = mavenSettings.getProxies();
|
||||
if (proxies != null && proxies.size() > 0) {
|
||||
if (proxies != null && !proxies.isEmpty()) {
|
||||
if (mavenSettingsProxyId != null) {
|
||||
for (Proxy proxy : proxies) {
|
||||
if (mavenSettingsProxyId.equalsIgnoreCase(proxy.getId())) {
|
||||
@@ -711,8 +711,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
|
||||
} else if (proxies.size() == 1) {
|
||||
return proxies.get(0);
|
||||
} else {
|
||||
LOGGER.warning("Multiple proxy defentiions exist in the Maven settings. In the dependency-check "
|
||||
+ "configuration set the maveSettingsProxyId so that the correct proxy will be used.");
|
||||
LOGGER.warning("Multiple proxy definitions exist in the Maven settings. In the dependency-check "
|
||||
+ "configuration set the mavenSettingsProxyId so that the correct proxy will be used.");
|
||||
throw new IllegalStateException("Ambiguous proxy definition");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -244,7 +244,7 @@ public final class Downloader {
|
||||
*/
|
||||
protected static void analyzeException(IOException ex) throws DownloadFailedException {
|
||||
Throwable cause = ex;
|
||||
do {
|
||||
while (cause != null) {
|
||||
if (cause instanceof InvalidAlgorithmParameterException) {
|
||||
final String keystore = System.getProperty("javax.net.ssl.keyStore");
|
||||
final String version = System.getProperty("java.version");
|
||||
@@ -257,6 +257,6 @@ public final class Downloader {
|
||||
throw new DownloadFailedException("Error making HTTPS request. Please see the log for more details.");
|
||||
}
|
||||
cause = cause.getCause();
|
||||
} while (cause.getCause() != null);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
21
pom.xml
21
pom.xml
@@ -370,17 +370,34 @@ Copyright (c) 2012 - Jeremy Long
|
||||
</plugin>
|
||||
</plugins>
|
||||
</reporting>
|
||||
<dependencyManagement>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
<version>4.12</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.hamcrest</groupId>
|
||||
<artifactId>hamcrest-core</artifactId>
|
||||
<version>1.3</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jmockit</groupId>
|
||||
<artifactId>jmockit</artifactId>
|
||||
<version>1.15</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
<version>4.12</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.hamcrest</groupId>
|
||||
<artifactId>hamcrest-core</artifactId>
|
||||
<version>1.3</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
Reference in New Issue
Block a user