From 176363492ed5297aae487dd814ae7235afc283d4 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 22 Jul 2017 18:20:11 -0400 Subject: [PATCH] checkstyle updates --- .../org/owasp/dependencycheck/Engine.java | 59 ++++++++++++------- .../analyzer/AnalyzerService.java | 14 +++-- .../analyzer/AssemblyAnalyzer.java | 2 +- .../dependencycheck/analyzer/NspAnalyzer.java | 2 +- .../analyzer/RubyBundleAuditAnalyzer.java | 10 ++-- .../dependencycheck/data/nvdcve/CveDB.java | 3 + .../data/update/NvdCveUpdater.java | 2 +- .../dependency/EvidenceCollection.java | 2 +- .../dependencycheck/utils/Downloader.java | 2 +- 9 files changed, 61 insertions(+), 35 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index b4469dfc2..5afc88720 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -62,39 +62,53 @@ public class Engine implements FileFilter, AutoCloseable { */ public enum Mode { /** - * In evidence collection mode the {@link Engine} only collects evidence from the scan targets, - * and doesn't require a database. + * In evidence collection mode the {@link Engine} only collects evidence + * from the scan targets, and doesn't require a database. */ EVIDENCE_COLLECTION( - false, - INITIAL, - PRE_INFORMATION_COLLECTION, - INFORMATION_COLLECTION, - POST_INFORMATION_COLLECTION + false, + INITIAL, + PRE_INFORMATION_COLLECTION, + INFORMATION_COLLECTION, + POST_INFORMATION_COLLECTION ), /** - * In evidence processing mode the {@link Engine} processes the evidence collected using the - * {@link #EVIDENCE_COLLECTION} mode. Dependencies should be injected into the {@link Engine} - * using {@link Engine#setDependencies(List)}. + * In evidence processing mode the {@link Engine} processes the evidence + * collected using the {@link #EVIDENCE_COLLECTION} mode. Dependencies + * should be injected into the {@link Engine} using + * {@link Engine#setDependencies(List)}. */ EVIDENCE_PROCESSING( - true, - PRE_IDENTIFIER_ANALYSIS, - IDENTIFIER_ANALYSIS, - POST_IDENTIFIER_ANALYSIS, - PRE_FINDING_ANALYSIS, - FINDING_ANALYSIS, - POST_FINDING_ANALYSIS, - FINAL + true, + PRE_IDENTIFIER_ANALYSIS, + IDENTIFIER_ANALYSIS, + POST_IDENTIFIER_ANALYSIS, + PRE_FINDING_ANALYSIS, + FINDING_ANALYSIS, + POST_FINDING_ANALYSIS, + FINAL ), /** - * In standalone mode the {@link Engine} will collect and process evidence in a single execution. + * In standalone mode the {@link Engine} will collect and process + * evidence in a single execution. */ STANDALONE(true, AnalysisPhase.values()); + /** + * Whether the database is required in this mode. + */ public final boolean requiresDatabase; + /** + * The analysis phases included in the mode. + */ public final AnalysisPhase[] phases; + /** + * Constructs a new mode. + * + * @param requiresDatabase if the database is required for the mode + * @param phases the analysis phases to include in the mode + */ Mode(boolean requiresDatabase, AnalysisPhase... phases) { this.requiresDatabase = requiresDatabase; this.phases = phases; @@ -116,7 +130,8 @@ public class Engine implements FileFilter, AutoCloseable { private final Set fileTypeAnalyzers = new HashSet<>(); /** - * The engine execution mode indicating it will either collect evidence or process evidence or both. + * The engine execution mode indicating it will either collect evidence or + * process evidence or both. */ private final Mode mode; @@ -143,9 +158,11 @@ public class Engine implements FileFilter, AutoCloseable { /** * Creates a new Engine. + * + * @param mode the mode of operation */ public Engine(Mode mode) { - this(Thread.currentThread().getContextClassLoader(), mode); + this(Thread.currentThread().getContextClassLoader(), mode); } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java index e4274217a..6b05c7da9 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java @@ -32,6 +32,7 @@ import static java.util.Arrays.asList; * @author Jeremy Long */ public class AnalyzerService { + /** * The Logger for use throughout the class. */ @@ -45,7 +46,8 @@ public class AnalyzerService { /** * Creates a new instance of AnalyzerService. * - * @param classLoader the ClassLoader to use when dynamically loading Analyzer and Update services + * @param classLoader the ClassLoader to use when dynamically loading + * Analyzer and Update services */ public AnalyzerService(ClassLoader classLoader) { service = ServiceLoader.load(Analyzer.class, classLoader); @@ -61,8 +63,10 @@ public class AnalyzerService { } /** - * Returns a list of all instances of the Analyzer interface that are bound to one of the given phases. + * Returns a list of all instances of the Analyzer interface that are bound + * to one of the given phases. * + * @param phases the phases to obtain analyzers for * @return a list of Analyzers. */ public List getAnalyzers(AnalysisPhase... phases) { @@ -70,9 +74,11 @@ public class AnalyzerService { } /** - * Returns a list of all instances of the Analyzer interface that are bound to one of the given phases. + * Returns a list of all instances of the Analyzer interface that are bound + * to one of the given phases. * - * @return a list of Analyzers. + * @param phases the phases to obtain analyzers for + * @return a list of Analyzers */ private List getAnalyzers(List phases) { final List analyzers = new ArrayList<>(); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java index 4f57dd6a7..d0b53be6f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java @@ -114,7 +114,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { - File test = new File(dependency.getActualFilePath()); + final File test = new File(dependency.getActualFilePath()); if (!test.isFile()) { throw new AnalysisException(String.format("%s does not exist and cannot be analyzed by dependency-check", dependency.getActualFilePath())); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java index 40752bec6..54a4df555 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java @@ -150,7 +150,7 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer { try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) { // Do not scan the node_modules directory - if (file.getCanonicalPath().contains(File.separator + "node_modules" + File.separator )) { + if (file.getCanonicalPath().contains(File.separator + "node_modules" + File.separator)) { LOGGER.debug("Skipping analysis of node module: " + file.getCanonicalPath()); return; } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java index 1ee0ce491..45cfd7955 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java @@ -128,7 +128,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer { final ProcessBuilder builder = new ProcessBuilder(args); builder.directory(folder); try { - LOGGER.info("Launching: {} from {}",args, folder); + LOGGER.info("Launching: {} from {}", args, folder); return builder.start(); } catch (IOException ioe) { throw new AnalysisException("bundle-audit initialization failure; this error can be ignored if you are not analyzing Ruby. " @@ -204,7 +204,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer { if (isEnabled()) { LOGGER.info("{} is enabled. It is necessary to manually run \"bundle-audit update\" " - + "occasionally to keep its database up to date.",ANALYZER_NAME); + + "occasionally to keep its database up to date.", ANALYZER_NAME); } } @@ -273,15 +273,15 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer { for (FileTypeAnalyzer analyzer : engine.getFileTypeAnalyzers()) { if (analyzer instanceof RubyBundlerAnalyzer) { ((RubyBundlerAnalyzer) analyzer).setEnabled(false); - LOGGER.info("Disabled {} to avoid noisy duplicate results.",RubyBundlerAnalyzer.class.getName()); + LOGGER.info("Disabled {} to avoid noisy duplicate results.", RubyBundlerAnalyzer.class.getName()); } else if (analyzer instanceof RubyGemspecAnalyzer) { ((RubyGemspecAnalyzer) analyzer).setEnabled(false); - LOGGER.info("Disabled {} to avoid noisy duplicate results.",className); + LOGGER.info("Disabled {} to avoid noisy duplicate results.", className); failed = false; } } if (failed) { - LOGGER.warn("Did not find {}.",className); + LOGGER.warn("Did not find {}.", className); } needToDisableGemspecAnalyzer = false; } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index 6333e2864..093a7a761 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -300,6 +300,9 @@ public final class CveDB implements AutoCloseable { } } + /** + * Releases the resources used by CveDB. + */ private synchronized void releaseResources() { instance.statementBundle = null; instance.preparedStatements.clear(); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java index 3ab3c5c56..36014d139 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java @@ -172,7 +172,7 @@ public class NvdCveUpdater implements CachedWebDataSource { throw new UpdateException("Database Exception", ex); } finally { shutdownExecutorServices(); - if(cveDb != null) { + if (cveDb != null) { cveDb.close(); } if (lock != null) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java index b74062cbb..80283bd75 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java @@ -261,7 +261,7 @@ public class EvidenceCollection implements Serializable, Iterable { for (Evidence e : EvidenceCollection.EVIDENCE_USED.filter(this)) { //TODO consider changing the regex to only compare alpha-numeric (i.e. strip everything else) - String item = e.getValue(); + final String item = e.getValue(); if (item != null) { final String uc = urlCorrection(item.toLowerCase()); if (uc != null) { diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java index ce4f769f5..4f9bca2a9 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java @@ -174,7 +174,7 @@ public final class Downloader { } else { reader = conn.getInputStream(); } - + final byte[] buffer = new byte[4096]; int bytesRead; while ((bytesRead = reader.read(buffer)) > 0) {