From dfc6d952bd33adbc87c91bb68e8b3fad14e04b90 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 10 Mar 2017 15:38:00 -0500 Subject: [PATCH 1/5] codacy cleanup --- .../data/update/NvdCveUpdater.java | 1 - .../owasp/dependencycheck/BaseDBTestCase.java | 5 ----- .../data/nvdcve/CveDBMySQLTest.java | 17 ++--------------- .../update/NvdCveUpdaterIntegrationTest.java | 1 - 4 files changed, 2 insertions(+), 22 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java index d86583af1..caebce05f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java @@ -24,7 +24,6 @@ import java.util.HashSet; import java.util.Map; import java.util.Set; import java.net.URL; -import java.util.Properties; import java.util.concurrent.Callable; import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutorService; diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java index c09568194..1bb992197 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java @@ -26,7 +26,6 @@ import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; import org.junit.AfterClass; import org.junit.Before; -import org.junit.BeforeClass; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; @@ -44,10 +43,6 @@ public abstract class BaseDBTestCase extends BaseTest { private final static Logger LOGGER = LoggerFactory.getLogger(BaseDBTestCase.class); -// @BeforeClass -// public static void setUpClass() throws Exception { -// BaseTest.setUpClass(); -// } @Before public void setUpDb() throws Exception { ensureDBExists(); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBMySQLTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBMySQLTest.java index 99e2b3581..a27ef0191 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBMySQLTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBMySQLTest.java @@ -34,19 +34,6 @@ import org.owasp.dependencycheck.dependency.VulnerableSoftware; */ public class CveDBMySQLTest extends BaseTest { - /** - * Pretty useless tests of open, commit, and close methods, of class CveDB. - */ - @Test - public void testOpen() { - try { - CveDB instance = CveDB.getInstance(); - } catch (DatabaseException ex) { - System.out.println("Unable to connect to the My SQL database; verify that the db server is running and that the schema has been generated"); - fail(ex.getMessage()); - } - } - /** * Test of getCPEs method, of class CveDB. */ @@ -55,7 +42,7 @@ public class CveDBMySQLTest extends BaseTest { CveDB instance = CveDB.getInstance(); try { String vendor = "apache"; - String product = "struts"; + String product = "struts"; Set result = instance.getCPEs(vendor, product); assertTrue("Has data been loaded into the MySQL DB? if not consider using the CLI to populate it", result.size() > 5); } catch (Exception ex) { @@ -77,6 +64,6 @@ public class CveDBMySQLTest extends BaseTest { } catch (Exception ex) { System.out.println("Unable to access the My SQL database; verify that the db server is running and that the schema has been generated"); throw ex; - } + } } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java index 6cedb1858..d2305a956 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java @@ -21,7 +21,6 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.fail; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; -import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.update.exception.UpdateException; import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve; From a7b6f37503d4911c3e665b7e04530e4e00b42cc1 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 10 Mar 2017 16:52:32 -0500 Subject: [PATCH 2/5] suppressed another false positive --- .../main/resources/dependencycheck-base-suppression.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml b/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml index 4f3d88573..34e1d4118 100644 --- a/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml +++ b/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml @@ -538,4 +538,11 @@ ^org\.apache\.james:apache-mime4j-core:.*$ cpe:/a:jcore:jcore + + + ^javax\.servlet:servlet-api:.*$ + cpe:/a:sun:one_application_server + From 6825304100acee0ebdd97e7661344fc1b9eea683 Mon Sep 17 00:00:00 2001 From: Jakub Wilk Date: Thu, 23 Mar 2017 19:59:17 +0100 Subject: [PATCH 3/5] fix mailto URIs As per RFC 6068, there should be no slashes after "mailto:". --- src/site/markdown/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/site/markdown/index.md b/src/site/markdown/index.md index b7059a06c..ffc58dc39 100644 --- a/src/site/markdown/index.md +++ b/src/site/markdown/index.md @@ -38,6 +38,6 @@ OWASP dependency-check's core analysis engine can be used as: For help with dependency-check the following resource can be used: - Post to the [google group](https://groups.google.com/forum/#!forum/dependency-check): -[subscribe](mailto://dependency-check+subscribe@googlegroups.com), -[post](mailto://dependency-check@googlegroups.com), +[subscribe](mailto:dependency-check+subscribe@googlegroups.com), +[post](mailto:dependency-check@googlegroups.com), - Open a [github issue](https://github.com/jeremylong/DependencyCheck/issues) \ No newline at end of file From 8b764d5e175aec7ed2a22db19999c719e72c0852 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 31 Mar 2017 17:24:48 -0400 Subject: [PATCH 4/5] added bh arsenal badges --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 1745a736a..cf3e061a0 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ [![Build Status](https://travis-ci.org/jeremylong/DependencyCheck.svg?branch=master)](https://travis-ci.org/jeremylong/DependencyCheck) [![Coverity Scan Build Status](https://scan.coverity.com/projects/1654/badge.svg)](https://scan.coverity.com/projects/dependencycheck) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/6b6021d481dc41a888c5da0d9ecf9494)](https://www.codacy.com/app/jeremylong/DependencyCheck?utm_source=github.com&utm_medium=referral&utm_content=jeremylong/DependencyCheck&utm_campaign=Badge_Grade) [![Apache 2.0 License](https://img.shields.io/badge/license-Apache%202-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0.txt) +[![Black Hat Arsenal](https://github.com/toolswatch/badges/blob/master/arsenal/2015.svg)](https://www.toolswatch.org/2015/06/black-hat-arsenal-usa-2015-speakers-lineup/) [![Black Hat Arsenal](https://github.com/toolswatch/badges/blob/master/arsenal/2014.svg)](https://www.toolswatch.org/2014/06/black-hat-usa-2014-arsenal-tools-speaker-list/) [![Black Hat Arsenal](https://github.com/toolswatch/badges/blob/master/arsenal/2013.svg)](https://www.toolswatch.org/2013/06/announcement-blackhat-arsenal-usa-2013-selected-tools/) + Dependency-Check ================ From 832cbabc7d1f3668dfd9fe273fb8f05b0e090fcf Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 31 Mar 2017 17:28:20 -0400 Subject: [PATCH 5/5] added bh arsenal badges --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cf3e061a0..d7b1bfb58 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ [![Build Status](https://travis-ci.org/jeremylong/DependencyCheck.svg?branch=master)](https://travis-ci.org/jeremylong/DependencyCheck) [![Coverity Scan Build Status](https://scan.coverity.com/projects/1654/badge.svg)](https://scan.coverity.com/projects/dependencycheck) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/6b6021d481dc41a888c5da0d9ecf9494)](https://www.codacy.com/app/jeremylong/DependencyCheck?utm_source=github.com&utm_medium=referral&utm_content=jeremylong/DependencyCheck&utm_campaign=Badge_Grade) [![Apache 2.0 License](https://img.shields.io/badge/license-Apache%202-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0.txt) -[![Black Hat Arsenal](https://github.com/toolswatch/badges/blob/master/arsenal/2015.svg)](https://www.toolswatch.org/2015/06/black-hat-arsenal-usa-2015-speakers-lineup/) [![Black Hat Arsenal](https://github.com/toolswatch/badges/blob/master/arsenal/2014.svg)](https://www.toolswatch.org/2014/06/black-hat-usa-2014-arsenal-tools-speaker-list/) [![Black Hat Arsenal](https://github.com/toolswatch/badges/blob/master/arsenal/2013.svg)](https://www.toolswatch.org/2013/06/announcement-blackhat-arsenal-usa-2013-selected-tools/) +[![Black Hat Arsenal](https://www.toolswatch.org/badges/arsenal/2015.svg)](https://www.toolswatch.org/2015/06/black-hat-arsenal-usa-2015-speakers-lineup/) [![Black Hat Arsenal](https://www.toolswatch.org/badges/arsenal/2014.svg)](https://www.toolswatch.org/2014/06/black-hat-usa-2014-arsenal-tools-speaker-list/) [![Black Hat Arsenal](https://www.toolswatch.org/badges/arsenal/2013.svg)](https://www.toolswatch.org/2013/06/announcement-blackhat-arsenal-usa-2013-selected-tools/) Dependency-Check ================