From 1c51655ce3c1ef6dc0135a31f2653e12016bf2b3 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Wed, 5 Nov 2014 21:08:34 -0500 Subject: [PATCH] checkstyle corrections Former-commit-id: b7acf0b29d86a17f03f996d8d4b7a47e3a9f5eb9 --- .../owasp/dependencycheck/analyzer/CPEAnalyzer.java | 4 +++- .../analyzer/DependencyBundlingAnalyzer.java | 12 ++++++------ .../analyzer/FalsePositiveAnalyzer.java | 12 ++++++++---- .../org/owasp/dependencycheck/data/cwe/CweDB.java | 2 +- .../dependencycheck/suppression/SuppressionRule.java | 4 ++-- .../dependencycheck/utils/DependencyVersion.java | 4 ++-- 6 files changed, 22 insertions(+), 16 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java index c75d428d2..f89c08fdb 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java @@ -500,10 +500,12 @@ public class CPEAnalyzer implements Analyzer { * @param dependency the Dependency being analyzed * @param vendor the vendor for the CPE being analyzed * @param product the product for the CPE being analyzed + * @param currentConfidence the current confidence being used during analysis * @return true if an identifier was added to the dependency; otherwise false * @throws UnsupportedEncodingException is thrown if UTF-8 is not supported */ - private boolean determineIdentifiers(Dependency dependency, String vendor, String product, Confidence currentConfidence) throws UnsupportedEncodingException { + private boolean determineIdentifiers(Dependency dependency, String vendor, String product, + Confidence currentConfidence) throws UnsupportedEncodingException { final Set cpes = cve.getCPEs(vendor, product); DependencyVersion bestGuess = new DependencyVersion("-"); Confidence bestGuessConf = null; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java index 3cf7d6c0c..d51c9588c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java @@ -395,13 +395,13 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal * Determines which path is shortest; if path lengths are equal then we use compareTo of the string method to * determine if the first path is smaller. * - * @param leftPath the first path to compare - * @param rightPath the second path to compare + * @param left the first path to compare + * @param right the second path to compare * @return true if the leftPath is the shortest; otherwise false */ - protected boolean firstPathIsShortest(String leftPath, String rightPath) { - leftPath = leftPath.replace('\\', '/'); - rightPath = rightPath.replace('\\', '/'); + protected boolean firstPathIsShortest(String left, String right) { + final String leftPath = right.replace('\\', '/'); + final String rightPath = right.replace('\\', '/'); int leftCount = countChar(leftPath, '/'); int rightCount = countChar(rightPath, '/'); @@ -421,7 +421,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal */ private int countChar(String string, char c) { int count = 0; - int max = string.length(); + final int max = string.length(); for (int i = 0; i < max; i++) { if (c == string.charAt(i)) { count++; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java index 3eb5d46c3..725e32ede 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java @@ -93,12 +93,17 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { addFalseNegativeCPEs(dependency); } + /** + * Removes inaccurate matches on springframework CPEs. + * + * @param dependency the dependency to test for and remove known inaccurate CPE matches + */ private void removeBadSpringMatches(Dependency dependency) { String mustContain = null; for (Identifier i : dependency.getIdentifiers()) { if ("maven".contains(i.getType())) { if (i.getValue() != null && i.getValue().startsWith("org.springframework.")) { - int endPoint = i.getValue().indexOf(":", 19); + final int endPoint = i.getValue().indexOf(":", 19); if (endPoint >= 0) { mustContain = i.getValue().substring(19, endPoint).toLowerCase(); break; @@ -107,9 +112,9 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { } } if (mustContain != null) { - Iterator itr = dependency.getIdentifiers().iterator(); + final Iterator itr = dependency.getIdentifiers().iterator(); while (itr.hasNext()) { - Identifier i = itr.next(); + final Identifier i = itr.next(); if ("cpe".contains(i.getType()) && i.getValue() != null && i.getValue().startsWith("cpe:/a:springsource:") @@ -117,7 +122,6 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { itr.remove(); //dependency.getIdentifiers().remove(i); } - } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cwe/CweDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cwe/CweDB.java index 5e81ea4fa..ca67107f3 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cwe/CweDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cwe/CweDB.java @@ -58,7 +58,7 @@ public final class CweDB { final InputStream input = CweDB.class.getClassLoader().getResourceAsStream(filePath); oin = new ObjectInputStream(input); @SuppressWarnings("unchecked") - HashMap ret = (HashMap) oin.readObject(); + final HashMap ret = (HashMap) oin.readObject(); return ret; } catch (ClassNotFoundException ex) { LOGGER.log(Level.WARNING, "Unable to load CWE data. This should not be an issue."); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java index 1254d5ea5..16c998a9e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java @@ -269,7 +269,7 @@ public class SuppressionRule { private boolean base; /** - * Get the value of base + * Get the value of base. * * @return the value of base */ @@ -278,7 +278,7 @@ public class SuppressionRule { } /** - * Set the value of base + * Set the value of base. * * @param base new value of base */ diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java index b0ba88311..e868ee6b6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java @@ -198,8 +198,8 @@ public class DependencyVersion implements Iterable, Comparable= 3) { if (thisVersion.compareToIgnoreCase(otherVersion) >= 0) { ret = false;