github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

checkstyle/findbugs/pmd corrections

Browse Source 
Former-commit-id: 7e1758362e3e3da13678e5e2a8bffa28b8ad5a87
This commit is contained in:
Jeremy Long
2015-06-22 05:53:11 -04:00
parent 13db27854b
commit 2494fec2a7
14 changed files with 314 additions and 262 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
View File

@@ -351,22 +351,27 @@ public class App {
}
}
/**
* Creates a file appender and adds it to logback.
*
* @param verboseLog the path to the verbose log file
*/
private void prepareLogger(String verboseLog) {
StaticLoggerBinder loggerBinder = StaticLoggerBinder.getSingleton();
LoggerContext context = (LoggerContext) loggerBinder.getLoggerFactory();
final StaticLoggerBinder loggerBinder = StaticLoggerBinder.getSingleton();
final LoggerContext context = (LoggerContext) loggerBinder.getLoggerFactory();
final PatternLayoutEncoder encoder = new PatternLayoutEncoder();
encoder.setPattern("%d %C:%L%n%-5level - %msg%n");
encoder.setContext(context);
encoder.start();
FileAppender fa = new FileAppender();
final FileAppender fa = new FileAppender();
fa.setAppend(true);
fa.setEncoder(encoder);
fa.setContext(context);
fa.setFile(verboseLog);
final File f = new File(verboseLog);
String name = f.getName();
int i = name.lastIndexOf('.');
final int i = name.lastIndexOf('.');
if (i > 1) {
name = name.substring(0, i);
}

4
dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
View File

@@ -497,9 +497,9 @@ public final class CliParser {
*
* @return true if the disableAutoconf command line argument was specified; otherwise false
*/
public boolean isAutoconfDisabled() {
public boolean isAutoconfDisabled() {
return (line != null) && line.hasOption(ARGUMENT.DISABLE_AUTOCONF);
}
}
/**
* Returns true if the disableNexus command line argument was specified.

7
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
View File

@@ -42,7 +42,6 @@ import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.utils.DCResources;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.cal10n.LocLogger;
import org.slf4j.cal10n.LocLoggerFactory;
import org.w3c.dom.Document;
@@ -79,15 +78,15 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Message Conveyer
*/
private IMessageConveyor messageConveyer = new MessageConveyor(Locale.getDefault());
private final IMessageConveyor MESSAGE_CONVERYOR = new MessageConveyor(Locale.getDefault());
/**
* LocLoggerFactory for localized logger
*/
private LocLoggerFactory llFactory = new LocLoggerFactory(messageConveyer);
private final LocLoggerFactory LLFACTORY = new LocLoggerFactory(MESSAGE_CONVERYOR);
/**
* Logger
*/
private LocLogger LOGGER = llFactory.getLocLogger(AssemblyAnalyzer.class);
private final LocLogger LOGGER = LLFACTORY.getLocLogger(AssemblyAnalyzer.class);
/**
* Builds the beginnings of a List for ProcessBuilder

407
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
View File

@@ -35,219 +35,238 @@ import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.UrlStringUtils;
/**
* Used to analyze Autoconf input files named configure.ac or configure.in.
* Files simply named "configure" are also analyzed, assuming they are generated
* by Autoconf, and contain certain special package descriptor variables.
* Used to analyze Autoconf input files named configure.ac or configure.in. Files simply named "configure" are also analyzed,
* assuming they are generated by Autoconf, and contain certain special package descriptor variables.
*
* @author Dale Visser <dvisser@ida.org>
* @see <a href="https://www.gnu.org/software/autoconf/">Autoconf - GNU Project - Free Software Foundation (FSF)</a>
*/
public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Autoconf output filename.
*/
private static final String CONFIGURE = "configure";
/**
* Autoconf output filename.
*/
private static final String CONFIGURE = "configure";
/**
* Autoconf input filename.
*/
private static final String CONFIGURE_IN = "configure.in";
/**
* Autoconf input filename.
*/
private static final String CONFIGURE_IN = "configure.in";
/**
* Autoconf input filename.
*/
private static final String CONFIGURE_AC = "configure.ac";
/**
* Autoconf input filename.
*/
private static final String CONFIGURE_AC = "configure.ac";
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Autoconf Analyzer";
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Autoconf Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = newHashSet("ac", "in",
CONFIGURE);
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = newHashSet("ac", "in",
CONFIGURE);
/**
* Matches AC_INIT variables in the output configure script.
*/
private static final Pattern PACKAGE_VAR = Pattern.compile(
"PACKAGE_(.+?)='(.*?)'", Pattern.DOTALL | Pattern.CASE_INSENSITIVE);
/**
* Matches AC_INIT variables in the output configure script.
*/
private static final Pattern PACKAGE_VAR = Pattern.compile(
"PACKAGE_(.+?)='(.*?)'", Pattern.DOTALL | Pattern.CASE_INSENSITIVE);
/**
* Matches AC_INIT statement in configure.ac file.
*/
private static final Pattern AC_INIT_PATTERN;
static {
// each instance of param or sep_param has a capture group
final String param = "\\[{0,2}(.+?)\\]{0,2}";
final String sep_param = "\\s*,\\s*" + param;
// Group 1: Package
// Group 2: Version
// Group 3: optional
// Group 4: Bug report address (if it exists)
// Group 5: optional
// Group 6: Tarname (if it exists)
// Group 7: optional
// Group 8: URL (if it exists)
AC_INIT_PATTERN = Pattern.compile(String.format(
"AC_INIT\\(%s%s(%s)?(%s)?(%s)?\\s*\\)", param, sep_param,
sep_param, sep_param, sep_param), Pattern.DOTALL
| Pattern.CASE_INSENSITIVE);
}
/**
* Matches AC_INIT statement in configure.ac file.
*/
private static final Pattern AC_INIT_PATTERN;
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
@Override
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
static {
// each instance of param or sep_param has a capture group
final String param = "\\[{0,2}(.+?)\\]{0,2}";
final String sepParam = "\\s*,\\s*" + param;
// Group 1: Package
// Group 2: Version
// Group 3: optional
// Group 4: Bug report address (if it exists)
// Group 5: optional
// Group 6: Tarname (if it exists)
// Group 7: optional
// Group 8: URL (if it exists)
AC_INIT_PATTERN = Pattern.compile(String.format(
"AC_INIT\\(%s%s(%s)?(%s)?(%s)?\\s*\\)", param, sepParam,
sepParam, sepParam, sepParam), Pattern.DOTALL
| Pattern.CASE_INSENSITIVE);
}
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
@Override
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
@Override
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
@Override
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns the key used in the properties file to reference the analyzer's
* enabled property.
*
* @return the analyzer's enabled property setting key
*/
@Override
protected String getAnalyzerEnabledSettingKey() {
return Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED;
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
@Override
protected void analyzeFileType(Dependency dependency, Engine engine)
throws AnalysisException {
final File actualFile = dependency.getActualFile();
final String name = actualFile.getName();
if (name.startsWith(CONFIGURE)) {
final File parent = actualFile.getParentFile();
final String parentName = parent.getName();
dependency.setDisplayFileName(parentName + "/" + name);
final boolean isOutputScript = CONFIGURE.equals(name);
if (isOutputScript || CONFIGURE_AC.equals(name)
|| CONFIGURE_IN.equals(name)) {
final String contents = getFileContents(actualFile);
if (!contents.isEmpty()) {
if (isOutputScript) {
extractConfigureScriptEvidence(dependency, name,
contents);
} else {
gatherEvidence(dependency, name, contents);
}
}
}
} else {
// copy, alter and set in case some other thread is iterating over
final List<Dependency> deps = new ArrayList<Dependency>(
engine.getDependencies());
deps.remove(dependency);
engine.setDependencies(deps);
}
}
/**
* Returns the key used in the properties file to reference the analyzer's enabled property.
*
* @return the analyzer's enabled property setting key
*/
@Override
protected String getAnalyzerEnabledSettingKey() {
return Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED;
}
private void extractConfigureScriptEvidence(Dependency dependency,
final String name, final String contents) {
final Matcher matcher = PACKAGE_VAR.matcher(contents);
while (matcher.find()) {
final String variable = matcher.group(1);
final String value = matcher.group(2);
if (!value.isEmpty()) {
if (variable.endsWith("NAME")) {
dependency.getProductEvidence().addEvidence(name, variable,
value, Confidence.HIGHEST);
} else if ("VERSION".equals(variable)) {
dependency.getVersionEvidence().addEvidence(name, variable,
value, Confidence.HIGHEST);
} else if ("BUGREPORT".equals(variable)) {
dependency.getVendorEvidence().addEvidence(name, variable,
value, Confidence.HIGH);
} else if ("URL".equals(variable)) {
dependency.getVendorEvidence().addEvidence(name, variable,
value, Confidence.HIGH);
}
}
}
}
@Override
protected void analyzeFileType(Dependency dependency, Engine engine)
throws AnalysisException {
final File actualFile = dependency.getActualFile();
final String name = actualFile.getName();
if (name.startsWith(CONFIGURE)) {
final File parent = actualFile.getParentFile();
final String parentName = parent.getName();
dependency.setDisplayFileName(parentName + "/" + name);
final boolean isOutputScript = CONFIGURE.equals(name);
if (isOutputScript || CONFIGURE_AC.equals(name)
|| CONFIGURE_IN.equals(name)) {
final String contents = getFileContents(actualFile);
if (!contents.isEmpty()) {
if (isOutputScript) {
extractConfigureScriptEvidence(dependency, name,
contents);
} else {
gatherEvidence(dependency, name, contents);
}
}
}
} else {
// copy, alter and set in case some other thread is iterating over
final List<Dependency> deps = new ArrayList<Dependency>(
engine.getDependencies());
deps.remove(dependency);
engine.setDependencies(deps);
}
}
private String getFileContents(final File actualFile)
throws AnalysisException {
String contents = "";
try {
contents = FileUtils.readFileToString(actualFile).trim();
} catch (IOException e) {
throw new AnalysisException(
"Problem occured while reading dependency file.", e);
}
return contents;
}
/**
* Extracts evidence from the configuration.
*
* @param dependency the dependency being analyzed
* @param name the name of the source of evidence
* @param contents the contents to analyze for evidence
*/
private void extractConfigureScriptEvidence(Dependency dependency,
final String name, final String contents) {
final Matcher matcher = PACKAGE_VAR.matcher(contents);
while (matcher.find()) {
final String variable = matcher.group(1);
final String value = matcher.group(2);
if (!value.isEmpty()) {
if (variable.endsWith("NAME")) {
dependency.getProductEvidence().addEvidence(name, variable,
value, Confidence.HIGHEST);
} else if ("VERSION".equals(variable)) {
dependency.getVersionEvidence().addEvidence(name, variable,
value, Confidence.HIGHEST);
} else if ("BUGREPORT".equals(variable)) {
dependency.getVendorEvidence().addEvidence(name, variable,
value, Confidence.HIGH);
} else if ("URL".equals(variable)) {
dependency.getVendorEvidence().addEvidence(name, variable,
value, Confidence.HIGH);
}
}
}
}
private void gatherEvidence(Dependency dependency, final String name,
String contents) {
final Matcher matcher = AC_INIT_PATTERN.matcher(contents);
if (matcher.find()) {
final EvidenceCollection productEvidence = dependency
.getProductEvidence();
productEvidence.addEvidence(name, "Package", matcher.group(1),
Confidence.HIGHEST);
dependency.getVersionEvidence().addEvidence(name,
"Package Version", matcher.group(2), Confidence.HIGHEST);
final EvidenceCollection vendorEvidence = dependency
.getVendorEvidence();
if (null != matcher.group(3)) {
vendorEvidence.addEvidence(name, "Bug report address",
matcher.group(4), Confidence.HIGH);
}
if (null != matcher.group(5)) {
productEvidence.addEvidence(name, "Tarname", matcher.group(6),
Confidence.HIGH);
}
if (null != matcher.group(7)) {
final String url = matcher.group(8);
if (UrlStringUtils.isUrl(url)) {
vendorEvidence.addEvidence(name, "URL", url,
Confidence.HIGH);
}
}
}
}
/**
* Retrieves the contents of a given file.
*
* @param actualFile the file to read
* @return the contents of the file
* @throws AnalysisException thrown if there is an IO Exception
*/
private String getFileContents(final File actualFile)
throws AnalysisException {
String contents = "";
try {
contents = FileUtils.readFileToString(actualFile).trim();
} catch (IOException e) {
throw new AnalysisException(
"Problem occured while reading dependency file.", e);
}
return contents;
}
/**
* Initializes the file type analyzer.
*
* @throws Exception
* thrown if there is an exception during initialization
*/
@Override
protected void initializeFileTypeAnalyzer() throws Exception {
// No initialization needed.
}
}
/**
* Gathers evidence from a given file
*
* @param dependency the dependency to add evidence to
* @param name the source of the evidence
* @param contents the evidence to analyze
*/
private void gatherEvidence(Dependency dependency, final String name,
String contents) {
final Matcher matcher = AC_INIT_PATTERN.matcher(contents);
if (matcher.find()) {
final EvidenceCollection productEvidence = dependency
.getProductEvidence();
productEvidence.addEvidence(name, "Package", matcher.group(1),
Confidence.HIGHEST);
dependency.getVersionEvidence().addEvidence(name,
"Package Version", matcher.group(2), Confidence.HIGHEST);
final EvidenceCollection vendorEvidence = dependency
.getVendorEvidence();
if (null != matcher.group(3)) {
vendorEvidence.addEvidence(name, "Bug report address",
matcher.group(4), Confidence.HIGH);
}
if (null != matcher.group(5)) {
productEvidence.addEvidence(name, "Tarname", matcher.group(6),
Confidence.HIGH);
}
if (null != matcher.group(7)) {
final String url = matcher.group(8);
if (UrlStringUtils.isUrl(url)) {
vendorEvidence.addEvidence(name, "URL", url,
Confidence.HIGH);
}
}
}
}
/**
* Initializes the file type analyzer.
*
* @throws Exception thrown if there is an exception during initialization
*/
@Override
protected void initializeFileTypeAnalyzer() throws Exception {
// No initialization needed.
}
}

10
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java
View File

@@ -48,14 +48,6 @@ public class NexusSearch {
* Whether to use the Proxy when making requests.
*/
private boolean useProxy;
/**
* The username to use if the Nexus requires authentication.
*/
private String userName = null;
/**
* The password to use if the Nexus requires authentication.
*/
private char[] password;
/**
* Used for logging.
*/
@@ -156,7 +148,7 @@ public class NexusSearch {
throw new FileNotFoundException("Artifact not found in Nexus");
} else {
LOGGER.debug("Could not connect to Nexus received response code: {} {}",
conn.getResponseCode(), conn.getResponseMessage());
conn.getResponseCode(), conn.getResponseMessage());
throw new IOException("Could not connect to Nexus");
}
}

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -73,7 +73,7 @@ public class CveDB {
*/
public CveDB() throws DatabaseException {
super();
statementBundle = java.util.ResourceBundle.getBundle("data/dbStatements");
statementBundle = ResourceBundle.getBundle("data/dbStatements");
try {
open();
databaseProperties = new DatabaseProperties(this);
@@ -638,7 +638,7 @@ public class CveDB {
+ "If the problem persist try deleting the files in '{}' and running {} again. If the problem continues, please "
+ "create a log file (see documentation at http://jeremylong.github.io/DependencyCheck/) and open a ticket at "
+ "https://github.com/jeremylong/DependencyCheck/issues and include the log file.\n\n",
dd, dd, Settings.getString(Settings.KEYS.APPLICATION_VAME));
dd, dd, Settings.getString(Settings.KEYS.APPLICATION_VAME));
LOGGER.debug("", ex);
} finally {
DBUtils.closeResultSet(rs);

9
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java
View File

@@ -189,9 +189,8 @@ public class StandardUpdate {
}
/**
* Determines if the index needs to be updated. This is done by fetching the NVD CVE meta data and checking the last
* update date. If the data needs to be refreshed this method will return the NvdCveUrl for the files that need to
* be updated.
* Determines if the index needs to be updated. This is done by fetching the NVD CVE meta data and checking the last update
* date. If the data needs to be refreshed this method will return the NvdCveUrl for the files that need to be updated.
*
* @return the collection of files that need to be updated
* @throws MalformedURLException is thrown if the URL for the NVD CVE Meta data is incorrect
@@ -239,7 +238,7 @@ public class StandardUpdate {
currentTimestamp = Long.parseLong(properties.getProperty(DatabaseProperties.LAST_UPDATED_BASE + entry.getId(), "0"));
} catch (NumberFormatException ex) {
LOGGER.debug("Error parsing '{}' '{}' from nvdcve.lastupdated",
DatabaseProperties.LAST_UPDATED_BASE, entry.getId(), ex);
DatabaseProperties.LAST_UPDATED_BASE, entry.getId(), ex);
}
if (currentTimestamp == entry.getTimestamp()) {
entry.setNeedsUpdate(false);
@@ -249,7 +248,7 @@ public class StandardUpdate {
}
} catch (NumberFormatException ex) {
LOGGER.warn("An invalid schema version or timestamp exists in the data.properties file.");
LOGGER.debug( "", ex);
LOGGER.debug("", ex);
}
}
return updates;

60
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View File

@@ -306,9 +306,9 @@ public class Dependency implements Serializable, Comparable<Dependency> {
/**
* Adds an entry to the list of detected Identifiers for the dependency file.
*
* @param type the type of identifier (such as CPE)
* @param type the type of identifier (such as CPE)
* @param value the value of the identifier
* @param url the URL of the identifier
* @param url the URL of the identifier
*/
public void addIdentifier(String type, String value, String url) {
final Identifier i = new Identifier(type, value, url);
@@ -318,9 +318,9 @@ public class Dependency implements Serializable, Comparable<Dependency> {
/**
* Adds an entry to the list of detected Identifiers for the dependency file.
*
* @param type the type of identifier (such as CPE)
* @param value the value of the identifier
* @param url the URL of the identifier
* @param type the type of identifier (such as CPE)
* @param value the value of the identifier
* @param url the URL of the identifier
* @param confidence the confidence in the Identifier being accurate
*/
public void addIdentifier(String type, String value, String url, Confidence confidence) {
@@ -332,9 +332,9 @@ public class Dependency implements Serializable, Comparable<Dependency> {
/**
* Adds the maven artifact as evidence.
*
* @param source The source of the evidence
* @param source The source of the evidence
* @param mavenArtifact The maven artifact
* @param confidence The confidence level of this evidence
* @param confidence The confidence level of this evidence
*/
public void addAsEvidence(String source, MavenArtifact mavenArtifact, Confidence confidence) {
if (mavenArtifact.getGroupId() != null && !mavenArtifact.getGroupId().isEmpty()) {
@@ -599,8 +599,8 @@ public class Dependency implements Serializable, Comparable<Dependency> {
private Set<Dependency> relatedDependencies = new TreeSet<Dependency>();
/**
* Get the value of {@link #relatedDependencies}. This field is used to collect other dependencies which really
* represent the same dependency, and may be presented as one item in reports.
* Get the value of {@link #relatedDependencies}. This field is used to collect other dependencies which really represent the
* same dependency, and may be presented as one item in reports.
*
* @return the value of relatedDependencies
*/
@@ -660,8 +660,8 @@ public class Dependency implements Serializable, Comparable<Dependency> {
/**
* Adds a related dependency. The internal collection is normally a {@link java.util.TreeSet}, which relies on
* {@link #compareTo(Dependency)}. A consequence of this is that if you attempt to add a dependency with the
* same file path (modulo character case) as one that is already in the collection, it won't get added.
* {@link #compareTo(Dependency)}. A consequence of this is that if you attempt to add a dependency with the same file path
* (modulo character case) as one that is already in the collection, it won't get added.
*
* @param dependency a reference to the related dependency
*/
@@ -735,22 +735,22 @@ public class Dependency implements Serializable, Comparable<Dependency> {
return false;
}
final Dependency other = (Dependency) obj;
return ObjectUtils.equals(this.actualFilePath, other.actualFilePath) &&
ObjectUtils.equals(this.filePath, other.filePath) &&
ObjectUtils.equals(this.fileName, other.fileName) &&
ObjectUtils.equals(this.fileExtension, other.fileExtension) &&
ObjectUtils.equals(this.md5sum, other.md5sum) &&
ObjectUtils.equals(this.sha1sum, other.sha1sum) &&
ObjectUtils.equals(this.identifiers, other.identifiers) &&
ObjectUtils.equals(this.vendorEvidence, other.vendorEvidence) &&
ObjectUtils.equals(this.productEvidence, other.productEvidence) &&
ObjectUtils.equals(this.versionEvidence, other.versionEvidence) &&
ObjectUtils.equals(this.description, other.description) &&
ObjectUtils.equals(this.license, other.license) &&
ObjectUtils.equals(this.vulnerabilities, other.vulnerabilities) &&
ObjectUtils.equals(this.relatedDependencies, other.relatedDependencies) &&
ObjectUtils.equals(this.projectReferences, other.projectReferences) &&
ObjectUtils.equals(this.availableVersions, other.availableVersions);
return ObjectUtils.equals(this.actualFilePath, other.actualFilePath)
&& ObjectUtils.equals(this.filePath, other.filePath)
&& ObjectUtils.equals(this.fileName, other.fileName)
&& ObjectUtils.equals(this.fileExtension, other.fileExtension)
&& ObjectUtils.equals(this.md5sum, other.md5sum)
&& ObjectUtils.equals(this.sha1sum, other.sha1sum)
&& ObjectUtils.equals(this.identifiers, other.identifiers)
&& ObjectUtils.equals(this.vendorEvidence, other.vendorEvidence)
&& ObjectUtils.equals(this.productEvidence, other.productEvidence)
&& ObjectUtils.equals(this.versionEvidence, other.versionEvidence)
&& ObjectUtils.equals(this.description, other.description)
&& ObjectUtils.equals(this.license, other.license)
&& ObjectUtils.equals(this.vulnerabilities, other.vulnerabilities)
&& ObjectUtils.equals(this.relatedDependencies, other.relatedDependencies)
&& ObjectUtils.equals(this.projectReferences, other.projectReferences)
&& ObjectUtils.equals(this.availableVersions, other.availableVersions);
}
/**
@@ -762,9 +762,9 @@ public class Dependency implements Serializable, Comparable<Dependency> {
public int hashCode() {
int hash = MAGIC_HASH_INIT_VALUE;
for (Object field : new Object[]{this.actualFilePath, this.filePath, this.fileName, this.fileExtension, this.md5sum,
this.sha1sum, this.identifiers, this.vendorEvidence, this.productEvidence, this.versionEvidence,
this.description, this.license, this.vulnerabilities, this.relatedDependencies, this.projectReferences,
this.availableVersions}) {
this.sha1sum, this.identifiers, this.vendorEvidence, this.productEvidence, this.versionEvidence,
this.description, this.license, this.vulnerabilities, this.relatedDependencies, this.projectReferences,
this.availableVersions}) {
hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(field);
}
return hash;

27
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DCResources.java
View File

@@ -32,13 +32,40 @@ import ch.qos.cal10n.LocaleData;
)
public enum DCResources {
/**
* Not deployed.
*/
NOTDEPLOYED,
/**
* grok error.
*/
GROKERROR,
/**
* The dependency is not an assembly.
*/
NOTASSEMBLY,
/**
* GROK Return Code.
*/
GROKRC,
/**
* Grok assembly was extracted.
*/
GROKDEPLOYED,
/**
* Grok assembly was not extracted.
*/
GROKNOTDEPLOYED,
/**
* Grok failed to initialize.
*/
GROKINITFAIL,
/**
* Grok initialized.
*/
GROKINITMSG,
/**
* Grok assembly was not deleted.
*/
GROKNOTDELETED
}

2
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
View File

@@ -149,7 +149,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
if (mpp.compareTo(mod.getBasedir()) == 0 && descendants.add(mod)) {
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Decendent module %s added", mod.getName()));
};
}
}
} catch (IOException ex) {
if (getLog().isDebugEnabled()) {

9
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -67,10 +67,6 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* The properties file location.
*/
private static final String PROPERTIES_FILE = "mojo.properties";
/**
* Name of the logging properties file.
*/
private static final String LOG_PROPERTIES_FILE = "log.properties";
/**
* System specific new line character.
*/
@@ -949,10 +945,11 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
} else {
file = new File(writeTo, dataFileName);
}
File parent = file.getParentFile();
final File parent = file.getParentFile();
if (!parent.isDirectory()) {
if (parent.mkdirs()) {
getLog().error(String.format("Directory '%s' does not exist and cannot be created; unable to write data file.", parent.getAbsolutePath()));
getLog().error(String.format("Directory '%s' does not exist and cannot be created; unable to write data file.",
parent.getAbsolutePath()));
}
}

14
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/slf4j/MavenLoggerAdapter.java
View File

@@ -18,22 +18,32 @@
package org.owasp.dependencycheck.maven.slf4j;
import org.apache.maven.plugin.logging.Log;
import org.slf4j.helpers.FormattingTuple;
import org.slf4j.helpers.MarkerIgnoringBase;
import org.slf4j.helpers.MessageFormatter;
/**
* Created by colezlaw on 6/14/15.
* Created on 6/14/15.
*
* @author colezlaw
*/
public class MavenLoggerAdapter extends MarkerIgnoringBase {
private Log log;
/**
* Creates a new Maven Logger Adapter.
*
* @param log the maven log
*/
public MavenLoggerAdapter(Log log) {
super();
this.log = log;
}
/**
*
* @return
*/
@Override
public boolean isTraceEnabled() {
if (log != null) {

4
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/slf4j/MavenLoggerFactory.java
View File

@@ -22,7 +22,9 @@ import org.slf4j.ILoggerFactory;
import org.slf4j.Logger;
/**
* Created by colezlaw on 6/14/15.
* Created on 6/14/15.
*
* @author colezlaw
*/
public class MavenLoggerFactory implements ILoggerFactory {

6
dependency-check-maven/src/main/java/org/slf4j/impl/StaticLoggerBinder.java
View File

@@ -48,7 +48,7 @@ public class StaticLoggerBinder implements LoggerFactoryBinder {
/**
* Maven mojos have their own logger, so we'll use one of those
*/
private Log log;
private Log log = null;
/**
* Set the Task which will this is to log through.
@@ -70,7 +70,7 @@ public class StaticLoggerBinder implements LoggerFactoryBinder {
private static final String loggerFactoryClassStr = MavenLoggerFactory.class.getName();
/**
* The ILoggerFactory instance returned by the {@link #getLoggerFactory} method should always be the smae object
* The ILoggerFactory instance returned by the {@link #getLoggerFactory} method should always be the same object
*/
private ILoggerFactory loggerFactory;
@@ -83,6 +83,7 @@ public class StaticLoggerBinder implements LoggerFactoryBinder {
*
* @return the logger factory
*/
@Override
public ILoggerFactory getLoggerFactory() {
return loggerFactory;
}
@@ -92,6 +93,7 @@ public class StaticLoggerBinder implements LoggerFactoryBinder {
*
* @return the logger factory class string
*/
@Override
public String getLoggerFactoryClassStr() {
return loggerFactoryClassStr;
}