checkstyle corrections

dependency-check-core/src/main/java/org/owasp/dependencycheck/AnalysisTask.java

@@ -1,3 +1,20 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2016 Stefan Neuhaus. All Rights Reserved.
+ */
 package org.owasp.dependencycheck;
 
 import org.owasp.dependencycheck.analyzer.Analyzer;
@@ -11,15 +28,44 @@ import org.slf4j.LoggerFactory;
 import java.util.List;
 import java.util.concurrent.Callable;
 
+/**
+ * Task to support parallelism of dependency-check analysis.
+ *
+ * @author Stefan Neuhaus
+ */
 class AnalysisTask implements Callable<Void> {
 
+    /**
+     * Instance of the logger.
+     */
     private static final Logger LOGGER = LoggerFactory.getLogger(AnalysisTask.class);
 
+    /**
+     * A reference to the analyzer.
+     */
     private final Analyzer analyzer;
+    /**
+     * The dependency to analyze.
+     */
     private final Dependency dependency;
+    /**
+     * A reference to the dependency-check engine.
+     */
     private final Engine engine;
+    /**
+     * The list of exceptions that may occur during analysis.
+     */
     private final List<Throwable> exceptions;
 
+    /**
+     * Creates a new analysis task.
+     *
+     * @param analyzer a reference of the analyzer to execute
+     * @param dependency the dependency to analyze
+     * @param engine the dependency-check engine
+     * @param exceptions exceptions that occur during analysis will be added to
+     * this collection of exceptions
+     */
     AnalysisTask(Analyzer analyzer, Dependency dependency, Engine engine, List<Throwable> exceptions) {
         this.analyzer = analyzer;
         this.dependency = dependency;
@@ -27,6 +73,12 @@ class AnalysisTask implements Callable<Void> {
         this.exceptions = exceptions;
     }
 
+    /**
+     * Executes the analysis task.
+     *
+     * @return null
+     * @throws Exception thrown if unable to execute the analysis task
+     */
     @Override
     public Void call() throws Exception {
         Settings.initialize();
@@ -50,6 +102,11 @@ class AnalysisTask implements Callable<Void> {
         return null;
     }
 
+    /**
+     * Determines if the analyzer can analyze the given dependency.
+     *
+     * @return whether or not the analyzer can analyze the dependency
+     */
     private boolean shouldAnalyze() {
         if (analyzer instanceof FileTypeAnalyzer) {
             final FileTypeAnalyzer fAnalyzer = (FileTypeAnalyzer) analyzer;

dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java

@@ -161,10 +161,10 @@ public class Engine implements FileFilter {
     }
 
     /**
-     * Get the dependencies identified.
+     * Get the dependencies identified. The returned list is a reference to the
-     * The returned list is a reference to the engine's synchronized list. You must synchronize on it, when you modify
+     * engine's synchronized list. You must synchronize on it, when you modify
-     * and iterate over it from multiple threads. E.g. this holds for analyzers supporting parallel processing during
+     * and iterate over it from multiple threads. E.g. this holds for analyzers
-     * their analysis phase.
+     * supporting parallel processing during their analysis phase.
      *
      * @return the dependencies identified
      * @see Collections#synchronizedList(List)
@@ -322,7 +322,7 @@ public class Engine implements FileFilter {
         if (file.isFile()) {
             if (accept(file)) {
                 dependency = new Dependency(file);
-                String sha1 = dependency.getSha1sum();
+                final String sha1 = dependency.getSha1sum();
                 boolean found = false;
                 synchronized (dependencies) {
                     if (sha1 != null) {
@@ -427,13 +427,19 @@ public class Engine implements FileFilter {
         }
     }
 
+    /**
+     * Executes executes the analyzer using multiple threads.
+     * @param exceptions a collection of exceptions that occurred during analysis
+     * @param analyzer the analyzer to execute
+     * @throws ExceptionCollection thrown if exceptions occurred during analysis
+     */
     private void executeAnalysisTasks(List<Throwable> exceptions, Analyzer analyzer) throws ExceptionCollection {
         LOGGER.debug("Starting {}", analyzer.getName());
         final List<AnalysisTask> analysisTasks = getAnalysisTasks(analyzer, exceptions);
         final ExecutorService executorService = getExecutorService(analyzer);
 
         try {
-            List<Future<Void>> results = executorService.invokeAll(analysisTasks, 10, TimeUnit.MINUTES);
+            final List<Future<Void>> results = executorService.invokeAll(analysisTasks, 10, TimeUnit.MINUTES);
 
             // ensure there was no exception during execution
             for (Future<Void> result : results) {
@@ -448,21 +454,32 @@ public class Engine implements FileFilter {
         }
     }
 
+    /**
+     * Returns the analysis tasks for the dependencies.
+     * @param analyzer the analyzer to create tasks for
+     * @param exceptions the collection of exceptions to collect
+     * @return a collection of analysis tasks
+     */
     private List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) {
         final List<AnalysisTask> result = new ArrayList<AnalysisTask>();
         synchronized (dependencies) {
             for (final Dependency dependency : dependencies) {
-                AnalysisTask task = new AnalysisTask(analyzer, dependency, this, exceptions);
+                final AnalysisTask task = new AnalysisTask(analyzer, dependency, this, exceptions);
                 result.add(task);
             }
         }
         return result;
     }
 
+    /**
+     * Returns the executor service for a given analyzer.
+     * @param analyzer the analyzer to obtain an executor
+     * @return the executor service
+     */
     private ExecutorService getExecutorService(Analyzer analyzer) {
         if (analyzer.supportsParallelProcessing()) {
             // just a fair trade-off that should be reasonable for all analyzer types
-            int maximumNumberOfThreads = 4 * Runtime.getRuntime().availableProcessors();
+            final int maximumNumberOfThreads = 4 * Runtime.getRuntime().availableProcessors();
 
             LOGGER.debug("Parallel processing with up to {} threads: {}.", maximumNumberOfThreads, analyzer.getName());
             return Executors.newFixedThreadPool(maximumNumberOfThreads);
@@ -615,6 +632,15 @@ public class Engine implements FileFilter {
         }
     }
 
+    /**
+     * Constructs and throws a fatal exception collection.
+     *
+     * @param message the exception message
+     * @param throwable the cause
+     * @param exceptions a collection of exception to include
+     * @throws ExceptionCollection a collection of exceptions that occurred
+     * during analysis
+     */
     private void throwFatalExceptionCollection(String message, Throwable throwable, List<Throwable> exceptions) throws ExceptionCollection {
         LOGGER.error("{}\n\n{}", throwable.getMessage(), message);
         LOGGER.debug("", throwable);

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java

@@ -221,7 +221,8 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
     }
 
     /**
-     * Does not support parallel processing as it both modifies and iterates over the engine's list of dependencies.
+     * Does not support parallel processing as it both modifies and iterates
+     * over the engine's list of dependencies.
      *
      * @see #analyzeFileType(Dependency, Engine)
      * @see #findMoreDependencies(Engine, File)
@@ -421,7 +422,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
                 LOGGER.warn("Exception reading archive '{}'.", archive.getName());
                 LOGGER.debug("", ex);
             } finally {
-                //overly verbose and not needed... but keeping it anyway due to 
+                //overly verbose and not needed... but keeping it anyway due to
                 //having issue with file handles being left open
                 close(fis);
                 close(in);

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java

@@ -124,7 +124,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
         try {
             final Process proc = pb.start();
 
-            DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+            final DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
             doc = builder.parse(proc.getInputStream());
 
             // Try evacuating the error stream
@@ -254,9 +254,9 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
             // Try evacuating the error stream
             IOUtils.copy(p.getErrorStream(), NullOutputStream.NULL_OUTPUT_STREAM);
 
-            DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+            final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-        	factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);	
+            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-    		final DocumentBuilder builder = factory.newDocumentBuilder();       
+            final DocumentBuilder builder = factory.newDocumentBuilder();
             final Document doc = builder.parse(p.getInputStream());
             final XPath xpath = XPathFactory.newInstance().newXPath();
             final String error = xpath.evaluate("/assembly/error", doc);

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java

@@ -31,8 +31,6 @@ import java.io.File;
 import java.io.FileFilter;
 import java.io.IOException;
 import java.nio.charset.Charset;
-import java.util.ArrayList;
-import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.owasp.dependencycheck.exception.InitializationException;

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java

@@ -221,7 +221,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
                 } catch (UnsupportedEncodingException ex) {
                     path = filePath.getBytes();
                 }
-                MessageDigest sha1 = getSha1MessageDigest();
+                final MessageDigest sha1 = getSha1MessageDigest();
                 currentDep.setSha1sum(Checksum.getHex(sha1.digest(path)));
                 engine.getDependencies().add(currentDep);
             }
@@ -239,6 +239,11 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
         return Settings.KEYS.ANALYZER_CMAKE_ENABLED;
     }
 
+    /**
+     * Returns the sha1 message digest.
+     *
+     * @return the sha1 message digest
+     */
     private MessageDigest getSha1MessageDigest() {
         try {
             return MessageDigest.getInstance("SHA1");

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java

@@ -111,7 +111,7 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
                 final Dependency d = new Dependency(dependency.getActualFile());
                 d.setDisplayFileName(String.format("%s:%s/%s", dependency.getDisplayFileName(), dep.getGroup(), dep.getProject()));
                 final String filePath = String.format("%s:%s/%s", dependency.getFilePath(), dep.getGroup(), dep.getProject());
-                MessageDigest sha1 = getSha1MessageDigest();
+                final MessageDigest sha1 = getSha1MessageDigest();
                 d.setFilePath(filePath);
                 d.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes(Charset.defaultCharset()))));
                 d.getVendorEvidence().addEvidence(COMPOSER_LOCK, "vendor", dep.getGroup(), Confidence.HIGHEST);
@@ -165,6 +165,11 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
         return AnalysisPhase.INFORMATION_COLLECTION;
     }
 
+    /**
+     * Returns the sha1 message digest.
+     *
+     * @return the sha1 message digest
+     */
     private MessageDigest getSha1MessageDigest() {
         try {
             return MessageDigest.getInstance("SHA1");

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java

@@ -33,8 +33,6 @@ import java.io.File;
 import java.io.FileFilter;
 import java.io.IOException;
 import java.nio.charset.Charset;
-import java.util.ArrayList;
-import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.owasp.dependencycheck.exception.InitializationException;

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java

@@ -110,9 +110,9 @@ public class CentralSearch {
         if (conn.getResponseCode() == 200) {
             boolean missing = false;
             try {
-            	DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+                final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-            	factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);	
+                factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-        		final DocumentBuilder builder = factory.newDocumentBuilder();
+                final DocumentBuilder builder = factory.newDocumentBuilder();
                 final Document doc = builder.parse(conn.getInputStream());
                 final XPath xpath = XPathFactory.newInstance().newXPath();
                 final String numFound = xpath.evaluate("/response/result/@numFound", doc);

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java

@@ -57,8 +57,9 @@ public class NexusSearch {
     /**
      * Creates a NexusSearch for the given repository URL.
      *
-     * @param rootURL the root URL of the repository on which searches should execute. full URL's are calculated relative to this
+     * @param rootURL the root URL of the repository on which searches should
-     * URL, so it should end with a /
+     * execute. full URL's are calculated relative to this URL, so it should end
+     * with a /
      */
     public NexusSearch(URL rootURL) {
         this.rootURL = rootURL;
@@ -66,6 +67,11 @@ public class NexusSearch {
         LOGGER.debug("Using proxy: {}", useProxy);
     }
 
+    /**
+     * Determine if a proxy should be used.
+     *
+     * @return {@code true} if a proxy should be used
+     */
     private boolean useProxy() {
         try {
             return Settings.getString(Settings.KEYS.PROXY_SERVER) != null
@@ -77,12 +83,14 @@ public class NexusSearch {
     }
 
     /**
-     * Searches the configured Nexus repository for the given sha1 hash. If the artifact is found, a <code>MavenArtifact</code> is
+     * Searches the configured Nexus repository for the given sha1 hash. If the
-     * populated with the coordinate information.
+     * artifact is found, a <code>MavenArtifact</code> is populated with the
+     * coordinate information.
      *
      * @param sha1 The SHA-1 hash string for which to search
      * @return the populated Maven coordinates
-     * @throws IOException if it's unable to connect to the specified repository or if the specified artifact is not found.
+     * @throws IOException if it's unable to connect to the specified repository
+     * or if the specified artifact is not found.
      */
     public MavenArtifact searchSha1(String sha1) throws IOException {
         if (null == sha1 || !sha1.matches("^[0-9A-Fa-f]{40}$")) {
@@ -107,58 +115,60 @@ public class NexusSearch {
         conn.addRequestProperty("Accept", "application/xml");
         conn.connect();
 
-        if (conn.getResponseCode() == 200) {
+        switch (conn.getResponseCode()) {
-            try {
+            case 200:
-            	DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+                try {
-            	factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);	
+                    final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-        		final DocumentBuilder builder = factory.newDocumentBuilder();
+                    factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-                final Document doc = builder.parse(conn.getInputStream());
+                    final DocumentBuilder builder = factory.newDocumentBuilder();
-                final XPath xpath = XPathFactory.newInstance().newXPath();
+                    final Document doc = builder.parse(conn.getInputStream());
-                final String groupId = xpath
+                    final XPath xpath = XPathFactory.newInstance().newXPath();
-                        .evaluate(
+                    final String groupId = xpath
-                                "/org.sonatype.nexus.rest.model.NexusArtifact/groupId",
+                            .evaluate(
-                                doc);
+                                    "/org.sonatype.nexus.rest.model.NexusArtifact/groupId",
-                final String artifactId = xpath.evaluate(
+                                    doc);
-                        "/org.sonatype.nexus.rest.model.NexusArtifact/artifactId",
+                    final String artifactId = xpath.evaluate(
-                        doc);
+                            "/org.sonatype.nexus.rest.model.NexusArtifact/artifactId",
-                final String version = xpath
+                            doc);
-                        .evaluate(
+                    final String version = xpath
-                                "/org.sonatype.nexus.rest.model.NexusArtifact/version",
+                            .evaluate(
-                                doc);
+                                    "/org.sonatype.nexus.rest.model.NexusArtifact/version",
-                final String link = xpath
+                                    doc);
-                        .evaluate(
+                    final String link = xpath
-                                "/org.sonatype.nexus.rest.model.NexusArtifact/artifactLink",
+                            .evaluate(
-                                doc);
+                                    "/org.sonatype.nexus.rest.model.NexusArtifact/artifactLink",
-                final String pomLink = xpath
+                                    doc);
-                        .evaluate(
+                    final String pomLink = xpath
-                                "/org.sonatype.nexus.rest.model.NexusArtifact/pomLink",
+                            .evaluate(
-                                doc);
+                                    "/org.sonatype.nexus.rest.model.NexusArtifact/pomLink",
-                final MavenArtifact ma = new MavenArtifact(groupId, artifactId, version);
+                                    doc);
-                if (link != null && !link.isEmpty()) {
+                    final MavenArtifact ma = new MavenArtifact(groupId, artifactId, version);
-                    ma.setArtifactUrl(link);
+                    if (link != null && !link.isEmpty()) {
+                        ma.setArtifactUrl(link);
+                    }
+                    if (pomLink != null && !pomLink.isEmpty()) {
+                        ma.setPomUrl(pomLink);
+                    }
+                    return ma;
+                } catch (Throwable e) {
+                    // Anything else is jacked-up XML stuff that we really can't recover
+                    // from well
+                    throw new IOException(e.getMessage(), e);
                 }
-                if (pomLink != null && !pomLink.isEmpty()) {
+            case 404:
-                    ma.setPomUrl(pomLink);
+                throw new FileNotFoundException("Artifact not found in Nexus");
-                }
+            default:
-                return ma;
+                LOGGER.debug("Could not connect to Nexus received response code: {} {}",
-            } catch (Throwable e) {
+                        conn.getResponseCode(), conn.getResponseMessage());
-                // Anything else is jacked-up XML stuff that we really can't recover
+                throw new IOException("Could not connect to Nexus");
-                // from well
-                throw new IOException(e.getMessage(), e);
-            }
-        } else if (conn.getResponseCode() == 404) {
-            throw new FileNotFoundException("Artifact not found in Nexus");
-        } else {
-            LOGGER.debug("Could not connect to Nexus received response code: {} {}",
-                    conn.getResponseCode(), conn.getResponseMessage());
-            throw new IOException("Could not connect to Nexus");
         }
     }
 
     /**
      * Do a preflight request to see if the repository is actually working.
      *
-     * @return whether the repository is listening and returns the /status URL correctly
+     * @return whether the repository is listening and returns the /status URL
+     * correctly
      */
     public boolean preflightRequest() {
         HttpURLConnection conn;

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParser.java

@@ -36,7 +36,8 @@ public class XPathNuspecParser implements NuspecParser {
      * Gets the string value of a node or null if it's not present
      *
      * @param n the node to test
-     * @return the string content of the node, or null if the node itself is null
+     * @return the string content of the node, or null if the node itself is
+     * null
      */
     private String getOrNull(Node n) {
         if (n != null) {
@@ -56,10 +57,10 @@ public class XPathNuspecParser implements NuspecParser {
     @Override
     public NugetPackage parse(InputStream stream) throws NuspecParseException {
         try {
-            DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+            final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);	
+            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
             final Document d = factory.newDocumentBuilder().parse(stream);
-            
+
             final XPath xpath = XPathFactory.newInstance().newXPath();
             final NugetPackage nuspec = new NugetPackage();
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java

@@ -119,7 +119,7 @@ public class CveDB {
      * @throws DatabaseException thrown if there is an error opening the
      * database connection
      */
-    public synchronized final void open() throws DatabaseException {
+    public final synchronized void open() throws DatabaseException {
         if (!isOpen()) {
             conn = ConnectionFactory.getConnection();
         }

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java

@@ -117,7 +117,7 @@ public class CpeUpdater extends BaseUpdater implements CachedWebDataSource {
     private List<Cpe> processXML(final File xml) throws UpdateException {
         try {
             final SAXParserFactory factory = SAXParserFactory.newInstance();
-            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);	
+            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
     		final SAXParser saxParser = factory.newSAXParser();
             final CPEHandler handler = new CPEHandler();
             saxParser.parse(xml, handler);

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java

@@ -38,7 +38,8 @@ import org.slf4j.LoggerFactory;
 import org.xml.sax.SAXException;
 
 /**
- * A callable task that will process a given set of NVD CVE xml files and update the Cve Database accordingly.
+ * A callable task that will process a given set of NVD CVE xml files and update
+ * the Cve Database accordingly.
  *
  * @author Jeremy Long
  */
@@ -91,9 +92,11 @@ public class ProcessTask implements Callable<ProcessTask> {
      * Constructs a new ProcessTask used to process an NVD CVE update.
      *
      * @param cveDB the data store object
-     * @param filePair the download task that contains the URL references to download
+     * @param filePair the download task that contains the URL references to
-     * @param settings a reference to the global settings object; this is necessary so that when the thread is started the
+     * download
-     * dependencies have a correct reference to the global settings.
+     * @param settings a reference to the global settings object; this is
+     * necessary so that when the thread is started the dependencies have a
+     * correct reference to the global settings.
      */
     public ProcessTask(final CveDB cveDB, final DownloadTask filePair, Settings settings) {
         this.cveDB = cveDB;
@@ -106,8 +109,8 @@ public class ProcessTask implements Callable<ProcessTask> {
      * Implements the callable interface.
      *
      * @return this object
-     * @throws Exception thrown if there is an exception; note that any UpdateExceptions are simply added to the tasks exception
+     * @throws Exception thrown if there is an exception; note that any
-     * collection
+     * UpdateExceptions are simply added to the tasks exception collection
      */
     @Override
     public ProcessTask call() throws Exception {
@@ -127,18 +130,20 @@ public class ProcessTask implements Callable<ProcessTask> {
      *
      * @param file the file containing the NVD CVE XML
      * @param oldVersion contains the file containing the NVD CVE XML 1.2
-     * @throws ParserConfigurationException is thrown if there is a parser configuration exception
+     * @throws ParserConfigurationException is thrown if there is a parser
+     * configuration exception
      * @throws SAXException is thrown if there is a SAXException
      * @throws IOException is thrown if there is a IO Exception
      * @throws SQLException is thrown if there is a SQL exception
      * @throws DatabaseException is thrown if there is a database exception
-     * @throws ClassNotFoundException thrown if the h2 database driver cannot be loaded
+     * @throws ClassNotFoundException thrown if the h2 database driver cannot be
+     * loaded
      */
     protected void importXML(File file, File oldVersion) throws ParserConfigurationException,
             SAXException, IOException, SQLException, DatabaseException, ClassNotFoundException {
 
         final SAXParserFactory factory = SAXParserFactory.newInstance();
-        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);	
+        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
         final SAXParser saxParser = factory.newSAXParser();
 
         final NvdCve12Handler cve12Handler = new NvdCve12Handler();
@@ -154,7 +159,8 @@ public class ProcessTask implements Callable<ProcessTask> {
     /**
      * Processes the NVD CVE XML file and imports the data into the DB.
      *
-     * @throws UpdateException thrown if there is an error loading the data into the database
+     * @throws UpdateException thrown if there is an error loading the data into
+     * the database
      */
     private void processFiles() throws UpdateException {
         LOGGER.info("Processing Started for NVD CVE - {}", filePair.getNvdCveInfo().getId());
@@ -181,6 +187,6 @@ public class ProcessTask implements Callable<ProcessTask> {
             filePair.cleanup();
         }
         LOGGER.info("Processing Complete for NVD CVE - {}  ({} ms)", filePair.getNvdCveInfo().getId(),
-            System.currentTimeMillis() - startProcessing);
+                System.currentTimeMillis() - startProcessing);
     }
 }

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java

@@ -140,11 +140,11 @@ public class DependencyVersion implements Iterable<String>, Comparable<Dependenc
                 ? this.versionParts.size() : other.versionParts.size();
         final int maxVersionMatchLength = (this.versionParts.size() > other.versionParts.size())
                 ? this.versionParts.size() : other.versionParts.size();
-        
+
-        if (minVersionMatchLength==1 && maxVersionMatchLength>=3) {
+        if (minVersionMatchLength == 1 && maxVersionMatchLength >= 3) {
             return false;
         }
-        
+
         //TODO steal better version of code from compareTo
         for (int i = 0; i < minVersionMatchLength; i++) {
             final String thisPart = this.versionParts.get(i);

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintParser.java

@@ -109,8 +109,8 @@ public class HintParser {
             schemaStream = this.getClass().getClassLoader().getResourceAsStream(HINT_SCHEMA);
             final HintHandler handler = new HintHandler();
             final SAXParserFactory factory = SAXParserFactory.newInstance();
-            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);	
+            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-    		factory.setNamespaceAware(true);
+            factory.setNamespaceAware(true);
             factory.setValidating(true);
             final SAXParser saxParser = factory.newSAXParser();
             saxParser.setProperty(HintParser.JAXP_SCHEMA_LANGUAGE, HintParser.W3C_XML_SCHEMA);

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomParser.java

@@ -47,10 +47,12 @@ public class PomParser {
     private static final Logger LOGGER = LoggerFactory.getLogger(PomParser.class);
 
     /**
-     * Parses the given xml file and returns a Model object containing only the fields dependency-check requires.
+     * Parses the given xml file and returns a Model object containing only the
+     * fields dependency-check requires.
      *
      * @param file a pom.xml
-     * @return a Model object containing only the fields dependency-check requires
+     * @return a Model object containing only the fields dependency-check
+     * requires
      * @throws PomParseException thrown if the xml file cannot be parsed
      */
     public Model parse(File file) throws PomParseException {
@@ -73,7 +75,8 @@ public class PomParser {
     }
 
     /**
-     * Parses the given XML file and returns a Model object containing only the fields dependency-check requires.
+     * Parses the given XML file and returns a Model object containing only the
+     * fields dependency-check requires.
      *
      * @param inputStream an InputStream containing suppression rues
      * @return a list of suppression rules
@@ -85,7 +88,7 @@ public class PomParser {
             final SAXParserFactory factory = SAXParserFactory.newInstance();
 //            factory.setNamespaceAware(true);
 //            factory.setValidating(true);
-            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);	
+            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
             final SAXParser saxParser = factory.newSAXParser();
             final XMLReader xmlReader = saxParser.getXMLReader();
             xmlReader.setContentHandler(handler);

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionParser.java

@@ -128,7 +128,7 @@ public class SuppressionParser {
             final SAXParserFactory factory = SAXParserFactory.newInstance();
             factory.setNamespaceAware(true);
             factory.setValidating(true);
-            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);	
+            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
             final SAXParser saxParser = factory.newSAXParser();
             saxParser.setProperty(SuppressionParser.JAXP_SCHEMA_LANGUAGE, SuppressionParser.W3C_XML_SCHEMA);
             saxParser.setProperty(SuppressionParser.JAXP_SCHEMA_SOURCE, new InputSource(schemaStream));

dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Checksum.java

@@ -24,7 +24,6 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.nio.ByteBuffer;
-import java.nio.MappedByteBuffer;
 import java.nio.channels.FileChannel;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -61,17 +60,17 @@ public final class Checksum {
      * not exist
      */
     public static byte[] getChecksum(String algorithm, File file) throws NoSuchAlgorithmException, IOException {
-        MessageDigest md = MessageDigest.getInstance(algorithm);
+        final MessageDigest md = MessageDigest.getInstance(algorithm);
         FileInputStream fis = null;
         FileChannel ch = null;
         try {
             fis = new FileInputStream(file);
             ch = fis.getChannel();
-            ByteBuffer buf = ByteBuffer.allocateDirect(8192);
+            final ByteBuffer buf = ByteBuffer.allocateDirect(8192);
             int b = ch.read(buf);
             while ((b != -1) && (b != 0)) {
                 buf.flip();
-                byte[] bytes = new byte[b];
+                final byte[] bytes = new byte[b];
                 buf.get(bytes);
                 md.update(bytes, 0, b);
                 buf.clear();
@@ -94,50 +93,6 @@ public final class Checksum {
                 }
             }
         }
-        /*  
-        // while the following is likely faster, it does not work as we need to
-        // be able to delete the file, see
-        // http://stackoverflow.com/questions/24589488/why-does-this-utility-method-leaves-files-locked
-        //
-        final MessageDigest digest = MessageDigest.getInstance(algorithm);
-        FileInputStream fis = null;
-        FileChannel ch = null;
-        try {
-            fis = new FileInputStream(file);
-            ch = fis.getChannel();
-            long remainingToRead = file.length();
-            long start = 0;
-            while (remainingToRead > 0) {
-                long amountToRead;
-                if (remainingToRead > Integer.MAX_VALUE) {
-                    remainingToRead -= Integer.MAX_VALUE;
-                    amountToRead = Integer.MAX_VALUE;
-                } else {
-                    amountToRead = remainingToRead;
-                    remainingToRead = 0;
-                }
-                final MappedByteBuffer byteBuffer = ch.map(FileChannel.MapMode.READ_ONLY, start, amountToRead);
-                digest.update(byteBuffer);
-                start += amountToRead;
-            }
-        } finally {
-            if (ch != null) {
-                try {
-                    ch.close();
-                } catch (IOException ex) {
-                    LOGGER.trace("Error closing channel '{}'.", file.getName(), ex);
-                }
-            }
-            if (fis != null) {
-                try {
-                    fis.close();
-                } catch (IOException ex) {
-                    LOGGER.trace("Error closing file '{}'.", file.getName(), ex);
-                }
-            }
-        }
-        return digest.digest();
-        */
     }
 
     /**

src/main/config/checkstyle-header.txt

@@ -13,6 +13,6 @@
 ^ \* See the License for the specific language governing permissions and\s*$
 ^ \* limitations under the License\.\s*$
 ^ \*\s*$
-^ \* Copyright \(c\) 201[0-9] (Jeremy Long|Steve Springett|Bianca Jiang|IBM Corporation|The OWASP Foundation|Institute for Defense Analyses)\. All Rights Reserved\.\s*$
+^ \* Copyright \(c\) 201[0-9] (Jeremy Long|Steve Springett|Stefan Neuhaus|Bianca Jiang|IBM Corporation|The OWASP Foundation|Institute for Defense Analyses)\. All Rights Reserved\.\s*$
 ^ \*/\s*$
 ^package