mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-29 13:22:12 +02:00
pmd/checkstyle/findbugs corrections
This commit is contained in:
Jeremy Long
@@ -357,10 +357,13 @@ public class Update extends Purge {
|
|||||||
this.cveUrl20Base = cveUrl20Base;
|
this.cveUrl20Base = cveUrl20Base;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The number of hours to wait before re-checking for updates.
|
||||||
|
*/
|
||||||
private Integer cveValidForHours;
|
private Integer cveValidForHours;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the value of cveValidForHours
|
* Get the value of cveValidForHours.
|
||||||
*
|
*
|
||||||
* @return the value of cveValidForHours
|
* @return the value of cveValidForHours
|
||||||
*/
|
*/
|
||||||
@@ -369,7 +372,7 @@ public class Update extends Purge {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the value of cveValidForHours
|
* Set the value of cveValidForHours.
|
||||||
*
|
*
|
||||||
* @param cveValidForHours new value of cveValidForHours
|
* @param cveValidForHours new value of cveValidForHours
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -91,10 +91,10 @@ public final class CliParser {
|
|||||||
*/
|
*/
|
||||||
private void validateArgs() throws FileNotFoundException, ParseException {
|
private void validateArgs() throws FileNotFoundException, ParseException {
|
||||||
if (isUpdateOnly() || isRunScan()) {
|
if (isUpdateOnly() || isRunScan()) {
|
||||||
String value = line.getOptionValue(ARGUMENT.CVE_VALID_FOR_HOURS);
|
final String value = line.getOptionValue(ARGUMENT.CVE_VALID_FOR_HOURS);
|
||||||
if (value != null) {
|
if (value != null) {
|
||||||
try {
|
try {
|
||||||
int i = Integer.parseInt(value);
|
final int i = Integer.parseInt(value);
|
||||||
if (i < 0) {
|
if (i < 0) {
|
||||||
throw new ParseException("Invalid Setting: cveValidForHours must be a number greater than or equal to 0.");
|
throw new ParseException("Invalid Setting: cveValidForHours must be a number greater than or equal to 0.");
|
||||||
}
|
}
|
||||||
@@ -989,12 +989,12 @@ public final class CliParser {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the value of cveValidForHours
|
* Get the value of cveValidForHours.
|
||||||
*
|
*
|
||||||
* @return the value of cveValidForHours
|
* @return the value of cveValidForHours
|
||||||
*/
|
*/
|
||||||
public Integer getCveValidForHours() {
|
public Integer getCveValidForHours() {
|
||||||
String v = line.getOptionValue(ARGUMENT.CVE_VALID_FOR_HOURS);
|
final String v = line.getOptionValue(ARGUMENT.CVE_VALID_FOR_HOURS);
|
||||||
if (v != null) {
|
if (v != null) {
|
||||||
return Integer.parseInt(v);
|
return Integer.parseInt(v);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -22,7 +22,7 @@ package org.owasp.dependencycheck;
|
|||||||
*
|
*
|
||||||
* @author Jeremy Long
|
* @author Jeremy Long
|
||||||
*/
|
*/
|
||||||
class InvalidScanPathException extends Exception {
|
public class InvalidScanPathException extends Exception {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The serial version UID for serialization.
|
* The serial version UID for serialization.
|
||||||
|
|||||||
@@ -114,7 +114,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
static {
|
static {
|
||||||
final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
|
final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
|
||||||
if (additionalZipExt != null) {
|
if (additionalZipExt != null) {
|
||||||
String[] ext = additionalZipExt.split("\\s*,\\s*");
|
final String[] ext = additionalZipExt.split("\\s*,\\s*");
|
||||||
Collections.addAll(ZIPPABLES, ext);
|
Collections.addAll(ZIPPABLES, ext);
|
||||||
}
|
}
|
||||||
EXTENSIONS.addAll(ZIPPABLES);
|
EXTENSIONS.addAll(ZIPPABLES);
|
||||||
@@ -195,8 +195,11 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
if (tempFileLocation != null && tempFileLocation.exists()) {
|
if (tempFileLocation != null && tempFileLocation.exists()) {
|
||||||
LOGGER.debug("Attempting to delete temporary files");
|
LOGGER.debug("Attempting to delete temporary files");
|
||||||
final boolean success = FileUtils.delete(tempFileLocation);
|
final boolean success = FileUtils.delete(tempFileLocation);
|
||||||
if (!success && tempFileLocation.exists() && tempFileLocation.list().length > 0) {
|
if (!success && tempFileLocation.exists()) {
|
||||||
LOGGER.warn("Failed to delete some temporary files, see the log for more details");
|
final String[] l = tempFileLocation.list();
|
||||||
|
if (l != null && l.length > 0) {
|
||||||
|
LOGGER.warn("Failed to delete some temporary files, see the log for more details");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -62,11 +62,19 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
private static final int REGEX_OPTIONS = Pattern.DOTALL
|
private static final int REGEX_OPTIONS = Pattern.DOTALL
|
||||||
| Pattern.CASE_INSENSITIVE | Pattern.MULTILINE;
|
| Pattern.CASE_INSENSITIVE | Pattern.MULTILINE;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Regex to extract the product information.
|
||||||
|
*/
|
||||||
private static final Pattern PROJECT = Pattern.compile(
|
private static final Pattern PROJECT = Pattern.compile(
|
||||||
"^ *project *\\([ \\n]*(\\w+)[ \\n]*.*?\\)", REGEX_OPTIONS);
|
"^ *project *\\([ \\n]*(\\w+)[ \\n]*.*?\\)", REGEX_OPTIONS);
|
||||||
|
|
||||||
// Group 1: Product
|
/**
|
||||||
// Group 2: Version
|
* Regex to extract product and version information.
|
||||||
|
*
|
||||||
|
* Group 1: Product
|
||||||
|
*
|
||||||
|
* Group 2: Version
|
||||||
|
*/
|
||||||
private static final Pattern SET_VERSION = Pattern
|
private static final Pattern SET_VERSION = Pattern
|
||||||
.compile(
|
.compile(
|
||||||
"^ *set\\s*\\(\\s*(\\w+)_version\\s+\"?(\\d+(?:\\.\\d+)+)[\\s\"]?\\)",
|
"^ *set\\s*\\(\\s*(\\w+)_version\\s+\"?(\\d+(?:\\.\\d+)+)[\\s\"]?\\)",
|
||||||
@@ -172,8 +180,17 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extracts the version information from the contents. If more then one version is found additional dependencies are added to
|
||||||
|
* the dependency list.
|
||||||
|
*
|
||||||
|
* @param dependency the dependency being analyzed
|
||||||
|
* @param engine the dependency-check engine
|
||||||
|
* @param contents the version information
|
||||||
|
*/
|
||||||
private void analyzeSetVersionCommand(Dependency dependency, Engine engine, String contents) {
|
private void analyzeSetVersionCommand(Dependency dependency, Engine engine, String contents) {
|
||||||
final Dependency orig = dependency;
|
Dependency currentDep = dependency;
|
||||||
|
|
||||||
final Matcher m = SET_VERSION.matcher(contents);
|
final Matcher m = SET_VERSION.matcher(contents);
|
||||||
int count = 0;
|
int count = 0;
|
||||||
while (m.find()) {
|
while (m.find()) {
|
||||||
@@ -190,19 +207,19 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
}
|
}
|
||||||
if (count > 1) {
|
if (count > 1) {
|
||||||
//TODO - refactor so we do not assign to the parameter (checkstyle)
|
//TODO - refactor so we do not assign to the parameter (checkstyle)
|
||||||
dependency = new Dependency(orig.getActualFile());
|
currentDep = new Dependency(dependency.getActualFile());
|
||||||
dependency.setDisplayFileName(String.format("%s:%s", orig.getDisplayFileName(), product));
|
currentDep.setDisplayFileName(String.format("%s:%s", dependency.getDisplayFileName(), product));
|
||||||
final String filePath = String.format("%s:%s", orig.getFilePath(), product);
|
final String filePath = String.format("%s:%s", dependency.getFilePath(), product);
|
||||||
dependency.setFilePath(filePath);
|
currentDep.setFilePath(filePath);
|
||||||
|
|
||||||
// prevents coalescing into the dependency provided by engine
|
// prevents coalescing into the dependency provided by engine
|
||||||
dependency.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes())));
|
currentDep.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes())));
|
||||||
engine.getDependencies().add(dependency);
|
engine.getDependencies().add(currentDep);
|
||||||
}
|
}
|
||||||
final String source = dependency.getDisplayFileName();
|
final String source = currentDep.getDisplayFileName();
|
||||||
dependency.getProductEvidence().addEvidence(source, "Product",
|
currentDep.getProductEvidence().addEvidence(source, "Product",
|
||||||
product, Confidence.MEDIUM);
|
product, Confidence.MEDIUM);
|
||||||
dependency.getVersionEvidence().addEvidence(source, "Version",
|
currentDep.getVersionEvidence().addEvidence(source, "Version",
|
||||||
version, Confidence.MEDIUM);
|
version, Confidence.MEDIUM);
|
||||||
}
|
}
|
||||||
LOGGER.debug(String.format("Found %d matches.", count));
|
LOGGER.debug(String.format("Found %d matches.", count));
|
||||||
|
|||||||
@@ -213,10 +213,8 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
|||||||
//version check
|
//version check
|
||||||
final DependencyVersion version1 = DependencyVersionUtil.parseVersion(fileName1);
|
final DependencyVersion version1 = DependencyVersionUtil.parseVersion(fileName1);
|
||||||
final DependencyVersion version2 = DependencyVersionUtil.parseVersion(fileName2);
|
final DependencyVersion version2 = DependencyVersionUtil.parseVersion(fileName2);
|
||||||
if (version1 != null && version2 != null) {
|
if (version1 != null && version2 != null && !version1.equals(version2)) {
|
||||||
if (!version1.equals(version2)) {
|
return false;
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
//filename check
|
//filename check
|
||||||
|
|||||||
@@ -18,12 +18,11 @@
|
|||||||
package org.owasp.dependencycheck.data.nvdcve;
|
package org.owasp.dependencycheck.data.nvdcve;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* An exception used to indicate the db4o database is corrupt. This could be due to invalid data or a complete failure
|
* An exception used to indicate the db4o database is corrupt. This could be due to invalid data or a complete failure of the db.
|
||||||
* of the db.
|
|
||||||
*
|
*
|
||||||
* @author Jeremy Long
|
* @author Jeremy Long
|
||||||
*/
|
*/
|
||||||
class CorruptDatabaseException extends DatabaseException {
|
public class CorruptDatabaseException extends DatabaseException {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* the serial version uid.
|
* the serial version uid.
|
||||||
@@ -31,7 +30,7 @@ class CorruptDatabaseException extends DatabaseException {
|
|||||||
private static final long serialVersionUID = 1L;
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates an CorruptDatabaseException
|
* Creates an CorruptDatabaseException.
|
||||||
*
|
*
|
||||||
* @param msg the exception message
|
* @param msg the exception message
|
||||||
*/
|
*/
|
||||||
@@ -40,7 +39,7 @@ class CorruptDatabaseException extends DatabaseException {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates an CorruptDatabaseException
|
* Creates an CorruptDatabaseException.
|
||||||
*
|
*
|
||||||
* @param msg the exception message
|
* @param msg the exception message
|
||||||
* @param ex the cause of the exception
|
* @param ex the cause of the exception
|
||||||
|
|||||||
@@ -63,15 +63,13 @@ public final class DriverLoader {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Loads the specified class by registering the supplied paths to the class loader and then registers the driver
|
* Loads the specified class by registering the supplied paths to the class loader and then registers the driver with the
|
||||||
* with the driver manager. The pathToDriver argument is added to the class loader so that an external driver can be
|
* driver manager. The pathToDriver argument is added to the class loader so that an external driver can be loaded. Note, the
|
||||||
* loaded. Note, the pathToDriver can contain a semi-colon separated list of paths so any dependencies can be added
|
* pathToDriver can contain a semi-colon separated list of paths so any dependencies can be added as needed. If a path in the
|
||||||
* as needed. If a path in the pathToDriver argument is a directory all files in the directory are added to the
|
* pathToDriver argument is a directory all files in the directory are added to the class path.
|
||||||
* class path.
|
|
||||||
*
|
*
|
||||||
* @param className the fully qualified name of the desired class
|
* @param className the fully qualified name of the desired class
|
||||||
* @param pathToDriver the path to the JAR file containing the driver; note, this can be a semi-colon separated list
|
* @param pathToDriver the path to the JAR file containing the driver; note, this can be a semi-colon separated list of paths
|
||||||
* of paths
|
|
||||||
* @return the loaded Driver
|
* @return the loaded Driver
|
||||||
* @throws DriverLoadException thrown if the driver cannot be loaded
|
* @throws DriverLoadException thrown if the driver cannot be loaded
|
||||||
*/
|
*/
|
||||||
@@ -83,14 +81,15 @@ public final class DriverLoader {
|
|||||||
final File file = new File(path);
|
final File file = new File(path);
|
||||||
if (file.isDirectory()) {
|
if (file.isDirectory()) {
|
||||||
final File[] files = file.listFiles();
|
final File[] files = file.listFiles();
|
||||||
|
if (files != null) {
|
||||||
for (File f : files) {
|
for (File f : files) {
|
||||||
try {
|
try {
|
||||||
urls.add(f.toURI().toURL());
|
urls.add(f.toURI().toURL());
|
||||||
} catch (MalformedURLException ex) {
|
} catch (MalformedURLException ex) {
|
||||||
LOGGER.debug("Unable to load database driver '{}'; invalid path provided '{}'",
|
LOGGER.debug("Unable to load database driver '{}'; invalid path provided '{}'",
|
||||||
className, f.getAbsoluteFile(), ex);
|
className, f.getAbsoluteFile(), ex);
|
||||||
throw new DriverLoadException("Unable to load database driver. Invalid path provided", ex);
|
throw new DriverLoadException("Unable to load database driver. Invalid path provided", ex);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else if (file.exists()) {
|
} else if (file.exists()) {
|
||||||
@@ -98,7 +97,7 @@ public final class DriverLoader {
|
|||||||
urls.add(file.toURI().toURL());
|
urls.add(file.toURI().toURL());
|
||||||
} catch (MalformedURLException ex) {
|
} catch (MalformedURLException ex) {
|
||||||
LOGGER.debug("Unable to load database driver '{}'; invalid path provided '{}'",
|
LOGGER.debug("Unable to load database driver '{}'; invalid path provided '{}'",
|
||||||
className, file.getAbsoluteFile(), ex);
|
className, file.getAbsoluteFile(), ex);
|
||||||
throw new DriverLoadException("Unable to load database driver. Invalid path provided", ex);
|
throw new DriverLoadException("Unable to load database driver. Invalid path provided", ex);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -90,14 +90,14 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Checks if the NVD CVE XML files were last checked recently.
|
* Checks if the NVD CVE XML files were last checked recently. As an optimization, we can avoid repetitive checks against the
|
||||||
* As an optimization, we can avoid repetitive checks against the NVD.
|
* NVD. Setting CVE_CHECK_VALID_FOR_HOURS determines the duration since last check before checking again. A database property
|
||||||
* Setting CVE_CHECK_VALID_FOR_HOURS determines the duration since last check before checking again.
|
* stores the timestamp of the last check.
|
||||||
* A database property stores the timestamp of the last check.
|
|
||||||
*
|
*
|
||||||
* @return true to proceed with the check, or false to skip.
|
* @return true to proceed with the check, or false to skip.
|
||||||
|
* @throws UpdateException thrown when there is an issue checking for updates.
|
||||||
*/
|
*/
|
||||||
private boolean checkUpdate () throws UpdateException {
|
private boolean checkUpdate() throws UpdateException {
|
||||||
boolean proceed = true;
|
boolean proceed = true;
|
||||||
// If the valid setting has not been specified, then we proceed to check...
|
// If the valid setting has not been specified, then we proceed to check...
|
||||||
final int validForHours = Settings.getInt(Settings.KEYS.CVE_CHECK_VALID_FOR_HOURS, 0);
|
final int validForHours = Settings.getInt(Settings.KEYS.CVE_CHECK_VALID_FOR_HOURS, 0);
|
||||||
@@ -112,7 +112,7 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
|
|||||||
} else {
|
} else {
|
||||||
LOGGER.info("Skipping NVD check since last check was within {} hours.", validForHours);
|
LOGGER.info("Skipping NVD check since last check was within {} hours.", validForHours);
|
||||||
LOGGER.debug("Last NVD was at {}, and now {} is within {} ms.",
|
LOGGER.debug("Last NVD was at {}, and now {} is within {} ms.",
|
||||||
lastChecked, now, msValid);
|
lastChecked, now, msValid);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return proceed;
|
return proceed;
|
||||||
|
|||||||
@@ -322,12 +322,26 @@ public class Model {
|
|||||||
*/
|
*/
|
||||||
private static class PropertyLookup extends StrLookup {
|
private static class PropertyLookup extends StrLookup {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reference to the properties to lookup.
|
||||||
|
*/
|
||||||
private final Properties props;
|
private final Properties props;
|
||||||
|
|
||||||
public PropertyLookup(Properties props) {
|
/**
|
||||||
|
* Constructs a new property lookup.
|
||||||
|
*
|
||||||
|
* @param props the properties to wrap.
|
||||||
|
*/
|
||||||
|
PropertyLookup(Properties props) {
|
||||||
this.props = props;
|
this.props = props;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Looks up the given property.
|
||||||
|
*
|
||||||
|
* @param key the key to the property
|
||||||
|
* @return the value of the property specified by the key
|
||||||
|
*/
|
||||||
@Override
|
@Override
|
||||||
public String lookup(String key) {
|
public String lookup(String key) {
|
||||||
return props.getProperty(key);
|
return props.getProperty(key);
|
||||||
|
|||||||
@@ -144,10 +144,10 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
|
|||||||
try {
|
try {
|
||||||
File mpp = new File(project.getBasedir(), m);
|
File mpp = new File(project.getBasedir(), m);
|
||||||
mpp = mpp.getCanonicalFile();
|
mpp = mpp.getCanonicalFile();
|
||||||
if (mpp.compareTo(mod.getBasedir()) == 0 && descendants.add(mod)) {
|
if (mpp.compareTo(mod.getBasedir()) == 0 && descendants.add(mod)
|
||||||
if (getLog().isDebugEnabled()) {
|
&& getLog().isDebugEnabled()) {
|
||||||
getLog().debug(String.format("Decendent module %s added", mod.getName()));
|
getLog().debug(String.format("Decendent module %s added", mod.getName()));
|
||||||
}
|
|
||||||
}
|
}
|
||||||
} catch (IOException ex) {
|
} catch (IOException ex) {
|
||||||
if (getLog().isDebugEnabled()) {
|
if (getLog().isDebugEnabled()) {
|
||||||
@@ -160,17 +160,15 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
|
|||||||
size = descendants.size();
|
size = descendants.size();
|
||||||
for (MavenProject p : getReactorProjects()) {
|
for (MavenProject p : getReactorProjects()) {
|
||||||
if (project.equals(p.getParent()) || descendants.contains(p.getParent())) {
|
if (project.equals(p.getParent()) || descendants.contains(p.getParent())) {
|
||||||
if (descendants.add(p)) {
|
if (descendants.add(p) && getLog().isDebugEnabled()) {
|
||||||
if (getLog().isDebugEnabled()) {
|
getLog().debug(String.format("Decendent %s added", p.getName()));
|
||||||
getLog().debug(String.format("Decendent %s added", p.getName()));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
for (MavenProject modTest : getReactorProjects()) {
|
for (MavenProject modTest : getReactorProjects()) {
|
||||||
if (p.getModules() != null && p.getModules().contains(modTest.getName())
|
if (p.getModules() != null && p.getModules().contains(modTest.getName())
|
||||||
&& descendants.add(modTest)) {
|
&& descendants.add(modTest)
|
||||||
if (getLog().isDebugEnabled()) {
|
&& getLog().isDebugEnabled()) {
|
||||||
getLog().debug(String.format("Decendent %s added", modTest.getName()));
|
getLog().debug(String.format("Decendent %s added", modTest.getName()));
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user