diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
index 184a520df..77e26dfe6 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
@@ -140,7 +140,7 @@ public final class CliParser {
throw new FileNotFoundException(msg);
} else if (!path.contains("*") && !path.contains("?")) {
File f = new File(path);
- if ("o".equals(argumentName.substring(0, 1).toLowerCase()) && !"ALL".equals(this.getReportFormat().toUpperCase())) {
+ if ("o".equalsIgnoreCase(argumentName.substring(0, 1)) && !"ALL".equalsIgnoreCase(this.getReportFormat())) {
final String checkPath = path.toLowerCase();
if (checkPath.endsWith(".html") || checkPath.endsWith(".xml") || checkPath.endsWith(".htm")) {
if (f.getParentFile() == null) {
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index df16e546b..afe4144ad 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -354,7 +354,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
org.jmockit
jmockit
- 1.14
test
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
index 8f645b0c9..e2eeb9bc3 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -116,7 +116,7 @@ public class Engine {
* Loads the analyzers specified in the configuration file (or system properties).
*/
private void loadAnalyzers() {
- if (analyzers.size() > 0) {
+ if (!analyzers.isEmpty()) {
return;
}
for (AnalysisPhase phase : AnalysisPhase.values()) {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
index 32a1dff72..dc662b2c6 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -110,7 +110,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
static {
final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
if (additionalZipExt != null) {
- final HashSet ext = new HashSet(Arrays.asList(additionalZipExt));
+ final Set ext = new HashSet(Arrays.asList(additionalZipExt));
ZIPPABLES.addAll(ext);
}
EXTENSIONS.addAll(ZIPPABLES);
@@ -382,7 +382,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
fos = new FileOutputStream(file);
bos = new BufferedOutputStream(fos, BUFFER_SIZE);
int count;
- final byte data[] = new byte[BUFFER_SIZE];
+ final byte[] data = new byte[BUFFER_SIZE];
while ((count = input.read(data, 0, BUFFER_SIZE)) != -1) {
bos.write(data, 0, count);
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
index f6121b258..19d9c890d 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
@@ -255,7 +255,7 @@ public class CPEAnalyzer implements Analyzer {
protected List searchCPE(String vendor, String product,
Set vendorWeightings, Set productWeightings) {
- final ArrayList ret = new ArrayList(MAX_QUERY_RESULTS);
+ final List ret = new ArrayList(MAX_QUERY_RESULTS);
final String searchString = buildSearch(vendor, product, vendorWeightings, productWeightings);
if (searchString == null) {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
index 123f51f83..2cf2c87c9 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
@@ -19,6 +19,7 @@ package org.owasp.dependencycheck.analyzer;
import java.util.ArrayList;
import java.util.Iterator;
+import java.util.List;
import java.util.Set;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
@@ -101,7 +102,7 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
}
final Iterator itr = dependency.getVendorEvidence().iterator();
- final ArrayList newEntries = new ArrayList();
+ final List newEntries = new ArrayList();
while (itr.hasNext()) {
final Evidence e = itr.next();
if ("sun".equalsIgnoreCase(e.getValue(false))) {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
index 98831ae85..5adf7968f 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -227,7 +227,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
@Override
public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
try {
- final ArrayList classNames = collectClassNames(dependency);
+ final List classNames = collectClassNames(dependency);
final String fileName = dependency.getFileName().toLowerCase();
if (classNames.isEmpty()
&& (fileName.endsWith("-sources.jar")
@@ -255,7 +255,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @throws AnalysisException is thrown if there is an exception parsing the pom
* @return whether or not evidence was added to the dependency
*/
- protected boolean analyzePOM(Dependency dependency, ArrayList classes, Engine engine) throws AnalysisException {
+ protected boolean analyzePOM(Dependency dependency, List classes, Engine engine) throws AnalysisException {
boolean foundSomething = false;
final JarFile jar;
try {
@@ -408,7 +408,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
fos = new FileOutputStream(file);
bos = new BufferedOutputStream(fos, BUFFER_SIZE);
int count;
- final byte data[] = new byte[BUFFER_SIZE];
+ final byte[] data = new byte[BUFFER_SIZE];
while ((count = input.read(data, 0, BUFFER_SIZE)) != -1) {
bos.write(data, 0, count);
}
@@ -531,7 +531,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* file being analyzed
* @return true if there was evidence within the pom that we could use; otherwise false
*/
- private boolean setPomEvidence(Dependency dependency, Model pom, Properties pomProperties, ArrayList classes) {
+ private boolean setPomEvidence(Dependency dependency, Model pom, Properties pomProperties, List classes) {
boolean foundSomething = false;
boolean addAsIdentifier = true;
if (pom == null) {
@@ -659,10 +659,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @param dependency a dependency to analyze
* @param addPackagesAsEvidence a flag indicating whether or not package names should be added as evidence.
*/
- protected void analyzePackageNames(ArrayList classNames,
+ protected void analyzePackageNames(List classNames,
Dependency dependency, boolean addPackagesAsEvidence) {
- final HashMap vendorIdentifiers = new HashMap();
- final HashMap productIdentifiers = new HashMap();
+ final Map vendorIdentifiers = new HashMap();
+ final Map productIdentifiers = new HashMap();
analyzeFullyQualifiedClassNames(classNames, vendorIdentifiers, productIdentifiers);
final int classCount = classNames.size();
@@ -704,7 +704,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @return whether evidence was identified parsing the manifest
* @throws IOException if there is an issue reading the JAR file
*/
- protected boolean parseManifest(Dependency dependency, ArrayList classInformation) throws IOException {
+ protected boolean parseManifest(Dependency dependency, List classInformation) throws IOException {
boolean foundSomething = false;
JarFile jar = null;
try {
@@ -1050,8 +1050,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @param dependency the dependency being analyzed
* @return an list of fully qualified class names
*/
- private ArrayList collectClassNames(Dependency dependency) {
- final ArrayList classNames = new ArrayList();
+ private List collectClassNames(Dependency dependency) {
+ final List classNames = new ArrayList();
JarFile jar = null;
try {
jar = new JarFile(dependency.getActualFilePath());
@@ -1089,10 +1089,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @param vendor HashMap of possible vendor names from package names (e.g. owasp)
* @param product HashMap of possible product names from package names (e.g. dependencycheck)
*/
- private void analyzeFullyQualifiedClassNames(ArrayList classNames,
- HashMap vendor, HashMap product) {
+ private void analyzeFullyQualifiedClassNames(List classNames,
+ Map vendor, Map product) {
for (ClassNameInformation entry : classNames) {
- final ArrayList list = entry.getPackageStructure();
+ final List list = entry.getPackageStructure();
addEntry(vendor, list.get(0));
if (list.size() == 2) {
@@ -1120,7 +1120,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @param collection a collection of strings and their occurrence count
* @param key the key to add to the collection
*/
- private void addEntry(HashMap collection, String key) {
+ private void addEntry(Map collection, String key) {
if (collection.containsKey(key)) {
collection.put(key, collection.get(key) + 1);
} else {
@@ -1137,7 +1137,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @param value the value to check to see if it contains a package name
* @param evidence the evidence collection to add new entries too
*/
- private void addMatchingValues(ArrayList classes, String value, EvidenceCollection evidence) {
+ private void addMatchingValues(List classes, String value, EvidenceCollection evidence) {
if (value == null || value.isEmpty() || classes == null || classes.isEmpty()) {
return;
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractTokenizingFilter.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractTokenizingFilter.java
index a45b653fe..6d06d74c6 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractTokenizingFilter.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractTokenizingFilter.java
@@ -72,7 +72,7 @@ public abstract class AbstractTokenizingFilter extends TokenFilter {
* @return whether or not a new term was added
*/
protected boolean addTerm() {
- final boolean termAdded = tokens.size() > 0;
+ final boolean termAdded = !tokens.isEmpty();
if (termAdded) {
final String term = tokens.pop();
clearAttributes();
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java
index 3a5c52a8a..69c9c0769 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java
@@ -92,7 +92,7 @@ public final class TokenPairConcatenatingFilter extends TokenFilter {
//if we have a previousTerm - write it out as its own token concatenated
// with the current word (if one is available).
- if (previousWord != null && words.size() > 0) {
+ if (previousWord != null && !words.isEmpty()) {
final String word = words.getFirst();
clearAttributes();
termAtt.append(previousWord).append(word);
@@ -100,7 +100,7 @@ public final class TokenPairConcatenatingFilter extends TokenFilter {
return true;
}
//if we have words, write it out as a single token
- if (words.size() > 0) {
+ if (!words.isEmpty()) {
final String word = words.removeFirst();
clearAttributes();
termAtt.append(word);
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java
index e5f47221a..a02253123 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java
@@ -60,7 +60,7 @@ public final class UrlTokenizingFilter extends AbstractTokenizingFilter {
public boolean incrementToken() throws IOException {
final LinkedList tokens = getTokens();
final CharTermAttribute termAtt = getTermAtt();
- if (tokens.size() == 0 && input.incrementToken()) {
+ if (tokens.isEmpty() && input.incrementToken()) {
final String text = new String(termAtt.buffer(), 0, termAtt.length());
if (UrlStringUtils.containsUrl(text)) {
final String[] parts = text.split("\\s");
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
index 20473b646..08258d7c6 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -28,6 +28,7 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
+import java.util.Map;
import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;
@@ -458,7 +459,8 @@ public class CveDB {
final List vulnerabilities = new ArrayList();
PreparedStatement ps;
- final HashSet cveEntries = new HashSet();
+ //TODO(code review): Looks like things are only added to this map, but never retrieved or checked
+ final Set cveEntries = new HashSet();
try {
ps = getConnection().prepareStatement(SELECT_CVE_FROM_SOFTWARE);
ps.setString(1, cpe.getVendor());
@@ -466,7 +468,7 @@ public class CveDB {
rs = ps.executeQuery();
String currentCVE = "";
- final HashMap vulnSoftware = new HashMap();
+ final Map vulnSoftware = new HashMap();
while (rs.next()) {
final String cveId = rs.getString(1);
if (!currentCVE.equals(cveId)) { //check for match and add
@@ -787,12 +789,12 @@ public class CveDB {
* @param identifiedVersion the identified version of the dependency being analyzed
* @return true if the identified version is affected, otherwise false
*/
- protected Entry getMatchingSoftware(HashMap vulnerableSoftware, String vendor, String product,
+ protected Entry getMatchingSoftware(Map vulnerableSoftware, String vendor, String product,
DependencyVersion identifiedVersion) {
final boolean isVersionTwoADifferentProduct = "apache".equals(vendor) && "struts".equals(product);
- final HashSet majorVersionsAffectingAllPrevious = new HashSet();
+ final Set majorVersionsAffectingAllPrevious = new HashSet();
final boolean matchesAnyPrevious = identifiedVersion == null || "-".equals(identifiedVersion.toString());
String majorVersionMatch = null;
for (Entry entry : vulnerableSoftware.entrySet()) {
@@ -875,9 +877,9 @@ public class CveDB {
*/
private DependencyVersion parseDependencyVersion(VulnerableSoftware cpe) {
DependencyVersion cpeVersion;
- if (cpe.getVersion() != null && cpe.getVersion().length() > 0) {
+ if (cpe.getVersion() != null && !cpe.getVersion().isEmpty()) {
String versionText;
- if (cpe.getRevision() != null && cpe.getRevision().length() > 0) {
+ if (cpe.getRevision() != null && !cpe.getRevision().isEmpty()) {
versionText = String.format("%s.%s", cpe.getVersion(), cpe.getRevision());
} else {
versionText = cpe.getVersion();
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java
index a10fc1d30..8b90dd0fa 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java
@@ -154,7 +154,7 @@ public class DatabaseProperties {
* @return a map of the database meta data
*/
public Map getMetaData() {
- final TreeMap map = new TreeMap();
+ final Map map = new TreeMap();
for (Entry entry : properties.entrySet()) {
final String key = (String) entry.getKey();
if (!"version".equals(key)) {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverLoader.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverLoader.java
index fbce2e8a8..127b43673 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverLoader.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverLoader.java
@@ -27,6 +27,7 @@ import java.sql.Driver;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.util.ArrayList;
+import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -75,7 +76,7 @@ public final class DriverLoader {
*/
public static Driver load(String className, String pathToDriver) throws DriverLoadException {
final URLClassLoader parent = (URLClassLoader) ClassLoader.getSystemClassLoader();
- final ArrayList urls = new ArrayList();
+ final List urls = new ArrayList();
final String[] paths = pathToDriver.split(File.pathSeparator);
for (String path : paths) {
final File file = new File(path);
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/generated/ObjectFactory.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/generated/ObjectFactory.java
index e315aee91..e190ad93b 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/generated/ObjectFactory.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/generated/ObjectFactory.java
@@ -31,7 +31,7 @@ import javax.xml.namespace.QName;
@XmlRegistry
public class ObjectFactory {
- private final static QName _Project_QNAME = new QName("http://maven.apache.org/POM/4.0.0", "project");
+ private static final QName _Project_QNAME = new QName("http://maven.apache.org/POM/4.0.0", "project");
/**
* Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: org.owasp.dependencycheck.analyzer.pom.generated
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java
index 90abfdec0..7d75a79c3 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java
@@ -112,7 +112,7 @@ public class SuppressionRule {
* @return whether or not this suppression rule as CPE entries
*/
public boolean hasCpe() {
- return cpe.size() > 0;
+ return !cpe.isEmpty();
}
/**
* The list of cvssBelow scores.
@@ -152,7 +152,7 @@ public class SuppressionRule {
* @return whether or not this suppression rule has cvss suppressions
*/
public boolean hasCvssBelow() {
- return cvssBelow.size() > 0;
+ return !cvssBelow.isEmpty();
}
/**
* The list of cwe entries to suppress.
@@ -192,7 +192,7 @@ public class SuppressionRule {
* @return whether this suppression rule has CWE entries
*/
public boolean hasCwe() {
- return cwe.size() > 0;
+ return !cwe.isEmpty();
}
/**
* The list of cve entries to suppress.
@@ -232,7 +232,7 @@ public class SuppressionRule {
* @return whether this suppression rule has CVE entries
*/
public boolean hasCve() {
- return cve.size() > 0;
+ return !cve.isEmpty();
}
/**
* A Maven GAV to suppression.
@@ -450,28 +450,28 @@ public class SuppressionRule {
if (gav != null) {
sb.append("gav=").append(gav).append(",");
}
- if (cpe != null && cpe.size() > 0) {
+ if (cpe != null && !cpe.isEmpty()) {
sb.append("cpe={");
for (PropertyType pt : cpe) {
sb.append(pt).append(",");
}
sb.append("}");
}
- if (cwe != null && cwe.size() > 0) {
+ if (cwe != null && !cwe.isEmpty()) {
sb.append("cwe={");
for (String s : cwe) {
sb.append(s).append(",");
}
sb.append("}");
}
- if (cve != null && cve.size() > 0) {
+ if (cve != null && !cve.isEmpty()) {
sb.append("cve={");
for (String s : cve) {
sb.append(s).append(",");
}
sb.append("}");
}
- if (cvssBelow != null && cvssBelow.size() > 0) {
+ if (cvssBelow != null && !cvssBelow.isEmpty()) {
sb.append("cvssBelow={");
for (Float s : cvssBelow) {
sb.append(s).append(",");
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java
index a938434be..36991a93c 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java
@@ -18,6 +18,7 @@
package org.owasp.dependencycheck.utils;
import java.util.ArrayList;
+import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -62,7 +63,7 @@ public final class DependencyVersionUtil {
//'-' is a special case used within the CVE entries, just include it as the version.
if ("-".equals(text)) {
final DependencyVersion dv = new DependencyVersion();
- final ArrayList list = new ArrayList();
+ final List list = new ArrayList();
list.add(text);
dv.setVersionParts(list);
return dv;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java
index 3f0ae2b03..154e305aa 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java
@@ -107,7 +107,7 @@ public final class ExtractionUtil {
fos = new FileOutputStream(file);
bos = new BufferedOutputStream(fos, BUFFER_SIZE);
int count;
- final byte data[] = new byte[BUFFER_SIZE];
+ final byte[] data = new byte[BUFFER_SIZE];
while ((count = zis.read(data, 0, BUFFER_SIZE)) != -1) {
bos.write(data, 0, count);
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java
index bdec9b3e5..92f7ee71e 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java
@@ -23,6 +23,7 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import java.util.regex.Pattern;
/**
@@ -68,7 +69,7 @@ public final class UrlStringUtils {
/**
* A listing of domain parts that should not be used as evidence. Yes, this is an incomplete list.
*/
- private static final HashSet IGNORE_LIST = new HashSet(
+ private static final Set IGNORE_LIST = new HashSet(
Arrays.asList("www", "com", "org", "gov", "info", "name", "net", "pro", "tel", "mobi", "xxx"));
/**
@@ -86,7 +87,7 @@ public final class UrlStringUtils {
* @throws MalformedURLException thrown if the URL is malformed
*/
public static List extractImportantUrlData(String text) throws MalformedURLException {
- final ArrayList importantParts = new ArrayList();
+ final List importantParts = new ArrayList();
final URL url = new URL(text);
final String[] domain = url.getHost().split("\\.");
//add the domain except www and the tld.
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 2fead7d15..8854e6549 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -294,7 +294,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
org.jmockit
jmockit
- 1.14
test
diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index da32ae686..844ddbde6 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -701,7 +701,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
private Proxy getMavenProxy() {
if (mavenSettings != null) {
final List proxies = mavenSettings.getProxies();
- if (proxies != null && proxies.size() > 0) {
+ if (proxies != null && !proxies.isEmpty()) {
if (mavenSettingsProxyId != null) {
for (Proxy proxy : proxies) {
if (mavenSettingsProxyId.equalsIgnoreCase(proxy.getId())) {
@@ -711,8 +711,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
} else if (proxies.size() == 1) {
return proxies.get(0);
} else {
- LOGGER.warning("Multiple proxy defentiions exist in the Maven settings. In the dependency-check "
- + "configuration set the maveSettingsProxyId so that the correct proxy will be used.");
+ LOGGER.warning("Multiple proxy definitions exist in the Maven settings. In the dependency-check "
+ + "configuration set the mavenSettingsProxyId so that the correct proxy will be used.");
throw new IllegalStateException("Ambiguous proxy definition");
}
}
diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
index 3f27dfea3..48b65ba49 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
@@ -244,7 +244,7 @@ public final class Downloader {
*/
protected static void analyzeException(IOException ex) throws DownloadFailedException {
Throwable cause = ex;
- do {
+ while (cause != null) {
if (cause instanceof InvalidAlgorithmParameterException) {
final String keystore = System.getProperty("javax.net.ssl.keyStore");
final String version = System.getProperty("java.version");
@@ -257,6 +257,6 @@ public final class Downloader {
throw new DownloadFailedException("Error making HTTPS request. Please see the log for more details.");
}
cause = cause.getCause();
- } while (cause.getCause() != null);
+ }
}
}
diff --git a/pom.xml b/pom.xml
index 0a184a269..128f7219a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -370,17 +370,34 @@ Copyright (c) 2012 - Jeremy Long
+
+
+
+ junit
+ junit
+ 4.12
+
+
+ org.hamcrest
+ hamcrest-core
+ 1.3
+
+
+ org.jmockit
+ jmockit
+ 1.15
+
+
+
junit
junit
- 4.12
test
org.hamcrest
hamcrest-core
- 1.3
test