diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index e50d625aa..6d7915e15 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -815,7 +815,7 @@ public class Engine implements FileFilter { public void writeReports(String applicationName, String groupId, String artifactId, String version, File outputDir, String format) throws ReportException { - DatabaseProperties prop = database.getDatabaseProperties(); + final DatabaseProperties prop = database.getDatabaseProperties(); final ReportGenerator r = new ReportGenerator(applicationName, groupId, artifactId, version, dependencies, getAnalyzers(), prop); try { r.write(outputDir.getAbsolutePath(), format); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java index c862d0fc1..e63c51214 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java @@ -18,12 +18,9 @@ package org.owasp.dependencycheck.agent; import java.io.File; -import java.io.IOException; import java.util.List; import org.owasp.dependencycheck.Engine; -import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; -import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Identifier; import org.owasp.dependencycheck.dependency.Vulnerability; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index 4fe5ad951..d88a25119 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -95,6 +95,9 @@ public final class CveDB implements AutoCloseable { */ private final EnumMap preparedStatements = new EnumMap<>(PreparedStatementCveDb.class); + /** + * Cache for CVE lookups; used to speed up the vulnerability search process. + */ @SuppressWarnings("unchecked") private final Map> vulnerabilitiesForCpeCache = Collections.synchronizedMap(new ReferenceMap(HARD, SOFT)); @@ -508,8 +511,9 @@ public final class CveDB implements AutoCloseable { } /** - * Clears cache. Should be called whenever something is modified. While this is not the optimal cache eviction - * strategy, this is good enough for typical usage (update DB and then only read) and it is easier to maintain + * Clears cache. Should be called whenever something is modified. While this + * is not the optimal cache eviction strategy, this is good enough for + * typical usage (update DB and then only read) and it is easier to maintain * the code. * * It should be also called when DB is closed. diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java index 48014183a..4eb456176 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java @@ -124,7 +124,7 @@ public class EscapeTool { return ""; } boolean addComma = false; - StringBuilder sb = new StringBuilder(); + final StringBuilder sb = new StringBuilder(); for (Identifier id : ids) { if (!"cpe".equals(id.getType())) { if (addComma) { @@ -150,7 +150,7 @@ public class EscapeTool { return ""; } boolean addComma = false; - StringBuilder sb = new StringBuilder(); + final StringBuilder sb = new StringBuilder(); for (Identifier id : ids) { if ("cpe".equals(id.getType())) { if (addComma) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java index 8b1229a98..d31705519 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java @@ -169,7 +169,7 @@ public class ReportGenerator { final String scanDate = dateFormat.print(dt); final String scanDateXML = dateFormatXML.print(dt); - VelocityContext ctxt = new VelocityContext(); + final VelocityContext ctxt = new VelocityContext(); ctxt.put("applicationName", applicationName); ctxt.put("dependencies", dependencies); ctxt.put("analyzers", analyzers); @@ -202,7 +202,7 @@ public class ReportGenerator { if (reportFormat != null) { write(outputLocation, reportFormat); } else { - File out = getReportFile(outputLocation, null); + final File out = getReportFile(outputLocation, null); if (out.isDirectory()) { throw new ReportException("Unable to write non-standard VSL output to a directory, please specify a file name"); }