mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 15:53:36 +01:00
pmd/checkstyle/findbugs corrections
This commit is contained in:
Jeremy Long
@@ -357,10 +357,13 @@ public class Update extends Purge {
|
||||
this.cveUrl20Base = cveUrl20Base;
|
||||
}
|
||||
|
||||
/**
|
||||
* The number of hours to wait before re-checking for updates.
|
||||
*/
|
||||
private Integer cveValidForHours;
|
||||
|
||||
/**
|
||||
* Get the value of cveValidForHours
|
||||
* Get the value of cveValidForHours.
|
||||
*
|
||||
* @return the value of cveValidForHours
|
||||
*/
|
||||
@@ -369,7 +372,7 @@ public class Update extends Purge {
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the value of cveValidForHours
|
||||
* Set the value of cveValidForHours.
|
||||
*
|
||||
* @param cveValidForHours new value of cveValidForHours
|
||||
*/
|
||||
|
||||
@@ -91,10 +91,10 @@ public final class CliParser {
|
||||
*/
|
||||
private void validateArgs() throws FileNotFoundException, ParseException {
|
||||
if (isUpdateOnly() || isRunScan()) {
|
||||
String value = line.getOptionValue(ARGUMENT.CVE_VALID_FOR_HOURS);
|
||||
final String value = line.getOptionValue(ARGUMENT.CVE_VALID_FOR_HOURS);
|
||||
if (value != null) {
|
||||
try {
|
||||
int i = Integer.parseInt(value);
|
||||
final int i = Integer.parseInt(value);
|
||||
if (i < 0) {
|
||||
throw new ParseException("Invalid Setting: cveValidForHours must be a number greater than or equal to 0.");
|
||||
}
|
||||
@@ -989,12 +989,12 @@ public final class CliParser {
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the value of cveValidForHours
|
||||
* Get the value of cveValidForHours.
|
||||
*
|
||||
* @return the value of cveValidForHours
|
||||
*/
|
||||
public Integer getCveValidForHours() {
|
||||
String v = line.getOptionValue(ARGUMENT.CVE_VALID_FOR_HOURS);
|
||||
final String v = line.getOptionValue(ARGUMENT.CVE_VALID_FOR_HOURS);
|
||||
if (v != null) {
|
||||
return Integer.parseInt(v);
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ package org.owasp.dependencycheck;
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
class InvalidScanPathException extends Exception {
|
||||
public class InvalidScanPathException extends Exception {
|
||||
|
||||
/**
|
||||
* The serial version UID for serialization.
|
||||
|
||||
@@ -114,7 +114,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
static {
|
||||
final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
|
||||
if (additionalZipExt != null) {
|
||||
String[] ext = additionalZipExt.split("\\s*,\\s*");
|
||||
final String[] ext = additionalZipExt.split("\\s*,\\s*");
|
||||
Collections.addAll(ZIPPABLES, ext);
|
||||
}
|
||||
EXTENSIONS.addAll(ZIPPABLES);
|
||||
@@ -195,8 +195,11 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
if (tempFileLocation != null && tempFileLocation.exists()) {
|
||||
LOGGER.debug("Attempting to delete temporary files");
|
||||
final boolean success = FileUtils.delete(tempFileLocation);
|
||||
if (!success && tempFileLocation.exists() && tempFileLocation.list().length > 0) {
|
||||
LOGGER.warn("Failed to delete some temporary files, see the log for more details");
|
||||
if (!success && tempFileLocation.exists()) {
|
||||
final String[] l = tempFileLocation.list();
|
||||
if (l != null && l.length > 0) {
|
||||
LOGGER.warn("Failed to delete some temporary files, see the log for more details");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -62,11 +62,19 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
private static final int REGEX_OPTIONS = Pattern.DOTALL
|
||||
| Pattern.CASE_INSENSITIVE | Pattern.MULTILINE;
|
||||
|
||||
/**
|
||||
* Regex to extract the product information.
|
||||
*/
|
||||
private static final Pattern PROJECT = Pattern.compile(
|
||||
"^ *project *\\([ \\n]*(\\w+)[ \\n]*.*?\\)", REGEX_OPTIONS);
|
||||
|
||||
// Group 1: Product
|
||||
// Group 2: Version
|
||||
/**
|
||||
* Regex to extract product and version information.
|
||||
*
|
||||
* Group 1: Product
|
||||
*
|
||||
* Group 2: Version
|
||||
*/
|
||||
private static final Pattern SET_VERSION = Pattern
|
||||
.compile(
|
||||
"^ *set\\s*\\(\\s*(\\w+)_version\\s+\"?(\\d+(?:\\.\\d+)+)[\\s\"]?\\)",
|
||||
@@ -172,8 +180,17 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Extracts the version information from the contents. If more then one version is found additional dependencies are added to
|
||||
* the dependency list.
|
||||
*
|
||||
* @param dependency the dependency being analyzed
|
||||
* @param engine the dependency-check engine
|
||||
* @param contents the version information
|
||||
*/
|
||||
private void analyzeSetVersionCommand(Dependency dependency, Engine engine, String contents) {
|
||||
final Dependency orig = dependency;
|
||||
Dependency currentDep = dependency;
|
||||
|
||||
final Matcher m = SET_VERSION.matcher(contents);
|
||||
int count = 0;
|
||||
while (m.find()) {
|
||||
@@ -190,19 +207,19 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
}
|
||||
if (count > 1) {
|
||||
//TODO - refactor so we do not assign to the parameter (checkstyle)
|
||||
dependency = new Dependency(orig.getActualFile());
|
||||
dependency.setDisplayFileName(String.format("%s:%s", orig.getDisplayFileName(), product));
|
||||
final String filePath = String.format("%s:%s", orig.getFilePath(), product);
|
||||
dependency.setFilePath(filePath);
|
||||
currentDep = new Dependency(dependency.getActualFile());
|
||||
currentDep.setDisplayFileName(String.format("%s:%s", dependency.getDisplayFileName(), product));
|
||||
final String filePath = String.format("%s:%s", dependency.getFilePath(), product);
|
||||
currentDep.setFilePath(filePath);
|
||||
|
||||
// prevents coalescing into the dependency provided by engine
|
||||
dependency.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes())));
|
||||
engine.getDependencies().add(dependency);
|
||||
currentDep.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes())));
|
||||
engine.getDependencies().add(currentDep);
|
||||
}
|
||||
final String source = dependency.getDisplayFileName();
|
||||
dependency.getProductEvidence().addEvidence(source, "Product",
|
||||
final String source = currentDep.getDisplayFileName();
|
||||
currentDep.getProductEvidence().addEvidence(source, "Product",
|
||||
product, Confidence.MEDIUM);
|
||||
dependency.getVersionEvidence().addEvidence(source, "Version",
|
||||
currentDep.getVersionEvidence().addEvidence(source, "Version",
|
||||
version, Confidence.MEDIUM);
|
||||
}
|
||||
LOGGER.debug(String.format("Found %d matches.", count));
|
||||
|
||||
@@ -213,10 +213,8 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
||||
//version check
|
||||
final DependencyVersion version1 = DependencyVersionUtil.parseVersion(fileName1);
|
||||
final DependencyVersion version2 = DependencyVersionUtil.parseVersion(fileName2);
|
||||
if (version1 != null && version2 != null) {
|
||||
if (!version1.equals(version2)) {
|
||||
return false;
|
||||
}
|
||||
if (version1 != null && version2 != null && !version1.equals(version2)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
//filename check
|
||||
|
||||
@@ -18,12 +18,11 @@
|
||||
package org.owasp.dependencycheck.data.nvdcve;
|
||||
|
||||
/**
|
||||
* An exception used to indicate the db4o database is corrupt. This could be due to invalid data or a complete failure
|
||||
* of the db.
|
||||
* An exception used to indicate the db4o database is corrupt. This could be due to invalid data or a complete failure of the db.
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
class CorruptDatabaseException extends DatabaseException {
|
||||
public class CorruptDatabaseException extends DatabaseException {
|
||||
|
||||
/**
|
||||
* the serial version uid.
|
||||
@@ -31,7 +30,7 @@ class CorruptDatabaseException extends DatabaseException {
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
* Creates an CorruptDatabaseException
|
||||
* Creates an CorruptDatabaseException.
|
||||
*
|
||||
* @param msg the exception message
|
||||
*/
|
||||
@@ -40,7 +39,7 @@ class CorruptDatabaseException extends DatabaseException {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates an CorruptDatabaseException
|
||||
* Creates an CorruptDatabaseException.
|
||||
*
|
||||
* @param msg the exception message
|
||||
* @param ex the cause of the exception
|
||||
|
||||
@@ -63,15 +63,13 @@ public final class DriverLoader {
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads the specified class by registering the supplied paths to the class loader and then registers the driver
|
||||
* with the driver manager. The pathToDriver argument is added to the class loader so that an external driver can be
|
||||
* loaded. Note, the pathToDriver can contain a semi-colon separated list of paths so any dependencies can be added
|
||||
* as needed. If a path in the pathToDriver argument is a directory all files in the directory are added to the
|
||||
* class path.
|
||||
* Loads the specified class by registering the supplied paths to the class loader and then registers the driver with the
|
||||
* driver manager. The pathToDriver argument is added to the class loader so that an external driver can be loaded. Note, the
|
||||
* pathToDriver can contain a semi-colon separated list of paths so any dependencies can be added as needed. If a path in the
|
||||
* pathToDriver argument is a directory all files in the directory are added to the class path.
|
||||
*
|
||||
* @param className the fully qualified name of the desired class
|
||||
* @param pathToDriver the path to the JAR file containing the driver; note, this can be a semi-colon separated list
|
||||
* of paths
|
||||
* @param pathToDriver the path to the JAR file containing the driver; note, this can be a semi-colon separated list of paths
|
||||
* @return the loaded Driver
|
||||
* @throws DriverLoadException thrown if the driver cannot be loaded
|
||||
*/
|
||||
@@ -83,14 +81,15 @@ public final class DriverLoader {
|
||||
final File file = new File(path);
|
||||
if (file.isDirectory()) {
|
||||
final File[] files = file.listFiles();
|
||||
|
||||
for (File f : files) {
|
||||
try {
|
||||
urls.add(f.toURI().toURL());
|
||||
} catch (MalformedURLException ex) {
|
||||
LOGGER.debug("Unable to load database driver '{}'; invalid path provided '{}'",
|
||||
className, f.getAbsoluteFile(), ex);
|
||||
throw new DriverLoadException("Unable to load database driver. Invalid path provided", ex);
|
||||
if (files != null) {
|
||||
for (File f : files) {
|
||||
try {
|
||||
urls.add(f.toURI().toURL());
|
||||
} catch (MalformedURLException ex) {
|
||||
LOGGER.debug("Unable to load database driver '{}'; invalid path provided '{}'",
|
||||
className, f.getAbsoluteFile(), ex);
|
||||
throw new DriverLoadException("Unable to load database driver. Invalid path provided", ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
} else if (file.exists()) {
|
||||
@@ -98,7 +97,7 @@ public final class DriverLoader {
|
||||
urls.add(file.toURI().toURL());
|
||||
} catch (MalformedURLException ex) {
|
||||
LOGGER.debug("Unable to load database driver '{}'; invalid path provided '{}'",
|
||||
className, file.getAbsoluteFile(), ex);
|
||||
className, file.getAbsoluteFile(), ex);
|
||||
throw new DriverLoadException("Unable to load database driver. Invalid path provided", ex);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -90,14 +90,14 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the NVD CVE XML files were last checked recently.
|
||||
* As an optimization, we can avoid repetitive checks against the NVD.
|
||||
* Setting CVE_CHECK_VALID_FOR_HOURS determines the duration since last check before checking again.
|
||||
* A database property stores the timestamp of the last check.
|
||||
* Checks if the NVD CVE XML files were last checked recently. As an optimization, we can avoid repetitive checks against the
|
||||
* NVD. Setting CVE_CHECK_VALID_FOR_HOURS determines the duration since last check before checking again. A database property
|
||||
* stores the timestamp of the last check.
|
||||
*
|
||||
* @return true to proceed with the check, or false to skip.
|
||||
* @throws UpdateException thrown when there is an issue checking for updates.
|
||||
*/
|
||||
private boolean checkUpdate () throws UpdateException {
|
||||
private boolean checkUpdate() throws UpdateException {
|
||||
boolean proceed = true;
|
||||
// If the valid setting has not been specified, then we proceed to check...
|
||||
final int validForHours = Settings.getInt(Settings.KEYS.CVE_CHECK_VALID_FOR_HOURS, 0);
|
||||
@@ -112,7 +112,7 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
|
||||
} else {
|
||||
LOGGER.info("Skipping NVD check since last check was within {} hours.", validForHours);
|
||||
LOGGER.debug("Last NVD was at {}, and now {} is within {} ms.",
|
||||
lastChecked, now, msValid);
|
||||
lastChecked, now, msValid);
|
||||
}
|
||||
}
|
||||
return proceed;
|
||||
|
||||
@@ -322,12 +322,26 @@ public class Model {
|
||||
*/
|
||||
private static class PropertyLookup extends StrLookup {
|
||||
|
||||
/**
|
||||
* Reference to the properties to lookup.
|
||||
*/
|
||||
private final Properties props;
|
||||
|
||||
public PropertyLookup(Properties props) {
|
||||
/**
|
||||
* Constructs a new property lookup.
|
||||
*
|
||||
* @param props the properties to wrap.
|
||||
*/
|
||||
PropertyLookup(Properties props) {
|
||||
this.props = props;
|
||||
}
|
||||
|
||||
/**
|
||||
* Looks up the given property.
|
||||
*
|
||||
* @param key the key to the property
|
||||
* @return the value of the property specified by the key
|
||||
*/
|
||||
@Override
|
||||
public String lookup(String key) {
|
||||
return props.getProperty(key);
|
||||
|
||||
@@ -144,10 +144,10 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
|
||||
try {
|
||||
File mpp = new File(project.getBasedir(), m);
|
||||
mpp = mpp.getCanonicalFile();
|
||||
if (mpp.compareTo(mod.getBasedir()) == 0 && descendants.add(mod)) {
|
||||
if (getLog().isDebugEnabled()) {
|
||||
getLog().debug(String.format("Decendent module %s added", mod.getName()));
|
||||
}
|
||||
if (mpp.compareTo(mod.getBasedir()) == 0 && descendants.add(mod)
|
||||
&& getLog().isDebugEnabled()) {
|
||||
getLog().debug(String.format("Decendent module %s added", mod.getName()));
|
||||
|
||||
}
|
||||
} catch (IOException ex) {
|
||||
if (getLog().isDebugEnabled()) {
|
||||
@@ -160,17 +160,15 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
|
||||
size = descendants.size();
|
||||
for (MavenProject p : getReactorProjects()) {
|
||||
if (project.equals(p.getParent()) || descendants.contains(p.getParent())) {
|
||||
if (descendants.add(p)) {
|
||||
if (getLog().isDebugEnabled()) {
|
||||
getLog().debug(String.format("Decendent %s added", p.getName()));
|
||||
}
|
||||
if (descendants.add(p) && getLog().isDebugEnabled()) {
|
||||
getLog().debug(String.format("Decendent %s added", p.getName()));
|
||||
|
||||
}
|
||||
for (MavenProject modTest : getReactorProjects()) {
|
||||
if (p.getModules() != null && p.getModules().contains(modTest.getName())
|
||||
&& descendants.add(modTest)) {
|
||||
if (getLog().isDebugEnabled()) {
|
||||
getLog().debug(String.format("Decendent %s added", modTest.getName()));
|
||||
}
|
||||
&& descendants.add(modTest)
|
||||
&& getLog().isDebugEnabled()) {
|
||||
getLog().debug(String.format("Decendent %s added", modTest.getName()));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user