diff --git a/src/main/java/org/owasp/dependencycheck/Engine.java b/src/main/java/org/owasp/dependencycheck/Engine.java index 82b7824fb..23a4bc241 100644 --- a/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/src/main/java/org/owasp/dependencycheck/Engine.java @@ -67,13 +67,13 @@ public class Engine { * Creates a new Engine. */ public Engine() { - boolean autoupdate = true; + boolean autoUpdate = true; try { - autoupdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE); + autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE); } catch (InvalidSettingException ex) { Logger.getLogger(Engine.class.getName()).log(Level.WARNING, "Invalid setting for auto-update."); } - if (autoupdate) { + if (autoUpdate) { doUpdates(); } loadAnalyzers(); diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java index a29bc7548..38c5216fb 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java @@ -155,7 +155,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal /** * Attempts to trim a maven repo to a common base path. This is typically - * [drive]\[repolocation\repository\[path1]\[path2]. + * [drive]\[repo_location]\repository\[path1]\[path2]. * * @param path the path to trim * @return a string representing the base path. diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index c2deed3be..c1299bf2a 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -718,7 +718,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { final java.util.jar.JarEntry entry = (java.util.jar.JarEntry) en.nextElement(); if (entry.getName().endsWith(".class")) { hasClasses = true; - String[] path = null; + String[] path; if (entry.getName().contains("/")) { path = entry.getName().toLowerCase().split("/"); if ("java".equals(path[0]) diff --git a/src/main/java/org/owasp/dependencycheck/data/cpe/Entry.java b/src/main/java/org/owasp/dependencycheck/data/cpe/Entry.java index 950783709..06e749148 100644 --- a/src/main/java/org/owasp/dependencycheck/data/cpe/Entry.java +++ b/src/main/java/org/owasp/dependencycheck/data/cpe/Entry.java @@ -228,10 +228,7 @@ public class Entry implements Serializable { return false; } final Entry other = (Entry) obj; - if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) { - return false; - } - return true; + return !((this.name == null) ? (other.name != null) : !this.name.equals(other.name)); } @Override diff --git a/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java b/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java index af1ef754b..1040cc68b 100644 --- a/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java +++ b/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java @@ -58,8 +58,7 @@ public class Index extends AbstractIndex { */ public Directory getDirectory() throws IOException { final File path = getDataDirectory(); - final Directory dir = FSDirectory.open(path); - return dir; + return FSDirectory.open(path); } /** @@ -102,10 +101,7 @@ public class Index extends AbstractIndex { fieldAnalyzers.put(Fields.VERSION, new VersionAnalyzer(Version.LUCENE_40)); fieldAnalyzers.put(Fields.NAME, new KeywordAnalyzer()); - final PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper( - new FieldAnalyzer(Version.LUCENE_40), fieldAnalyzers); - - return wrapper; + return new PerFieldAnalyzerWrapper(new FieldAnalyzer(Version.LUCENE_40), fieldAnalyzers); } /** * The search field analyzer for the product field. @@ -133,10 +129,7 @@ public class Index extends AbstractIndex { fieldAnalyzers.put(Fields.PRODUCT, productSearchFieldAnalyzer); fieldAnalyzers.put(Fields.VENDOR, vendorSearchFieldAnalyzer); - final PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper( - new FieldAnalyzer(Version.LUCENE_40), fieldAnalyzers); - - return wrapper; + return new PerFieldAnalyzerWrapper(new FieldAnalyzer(Version.LUCENE_40), fieldAnalyzers); } /** @@ -169,7 +162,6 @@ public class Index extends AbstractIndex { */ public void saveEntry(Entry entry) throws CorruptIndexException, IOException { final Document doc = convertEntryToDoc(entry); - //Term term = new Term(Fields.NVDID, LuceneUtils.escapeLuceneQuery(entry.getNvdId())); final Term term = new Term(Fields.NAME, entry.getName()); getIndexWriter().updateDocument(term, doc); } @@ -196,7 +188,7 @@ public class Index extends AbstractIndex { //TODO revision should likely be its own field if (entry.getVersion() != null) { - Field version = null; + Field version; if (entry.getRevision() != null) { version = new TextField(Fields.VERSION, entry.getVersion() + " " + entry.getRevision(), Field.Store.NO); diff --git a/src/main/java/org/owasp/dependencycheck/data/cwe/CweDB.java b/src/main/java/org/owasp/dependencycheck/data/cwe/CweDB.java index c9a6e792c..9ed68fa3a 100644 --- a/src/main/java/org/owasp/dependencycheck/data/cwe/CweDB.java +++ b/src/main/java/org/owasp/dependencycheck/data/cwe/CweDB.java @@ -53,9 +53,7 @@ public final class CweDB { final String filePath = "data/cwe.hashmap.serialized"; final InputStream input = CweDB.class.getClassLoader().getResourceAsStream(filePath); oin = new ObjectInputStream(input); - @SuppressWarnings("unchecked") - final HashMap data = (HashMap) oin.readObject(); - return data; + return (HashMap) oin.readObject(); } catch (ClassNotFoundException ex) { Logger.getLogger(CweDB.class.getName()).log(Level.SEVERE, null, ex); } catch (IOException ex) { diff --git a/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractIndex.java b/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractIndex.java index 4e17f7cde..03857d042 100644 --- a/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractIndex.java +++ b/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractIndex.java @@ -250,14 +250,11 @@ public abstract class AbstractIndex { * @throws IOException is thrown if there is an issue with the underlying Index */ public TopDocs search(String searchString, int maxQueryResults) throws ParseException, IOException { - final QueryParser parser = getQueryParser(); final Query query = parser.parse(searchString); resetSearchingAnalyzer(); final IndexSearcher is = getIndexSearcher(); - final TopDocs docs = is.search(query, maxQueryResults); - - return docs; + return is.search(query, maxQueryResults); } /** diff --git a/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index e32239f14..f9e60b659 100644 --- a/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -305,11 +305,11 @@ public class CveDB { rsS = selectSoftware.executeQuery(); while (rsS.next()) { final String cpe = rsS.getString(1); - final String prevVers = rsS.getString(2); - if (prevVers == null) { + final String prevVersion = rsS.getString(2); + if (prevVersion == null) { vuln.addVulnerableSoftware(cpe); } else { - vuln.addVulnerableSoftware(cpe, prevVers); + vuln.addVulnerableSoftware(cpe, prevVersion); } } } diff --git a/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java b/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java index 78f5d86ba..bc5abcbf4 100644 --- a/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java +++ b/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java @@ -147,6 +147,15 @@ public class DatabaseUpdater implements CachedWebDataSource { outputPath.deleteOnExit(); } } + try { + if (outputPath12 != null && outputPath12.exists()) { + outputPath12.delete(); + } + } finally { + if (outputPath12 != null && outputPath12.exists()) { + outputPath12.deleteOnExit(); + } + } } } } @@ -167,7 +176,7 @@ public class DatabaseUpdater implements CachedWebDataSource { * @param oldVersion contains the file containing the NVD CVE XML 1.2 * @throws ParserConfigurationException is thrown if there is a parser configuration exception * @throws SAXException is thrown if there is a SAXException - * @throws IOException is thrown if there is a IOException + * @throws IOException is thrown if there is a ioexception * @throws SQLException is thrown if there is a sql exception * @throws DatabaseException is thrown if there is a database exception */ @@ -255,7 +264,14 @@ public class DatabaseUpdater implements CachedWebDataSource { try { out.close(); } catch (IOException ex) { - Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex); + Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINEST, null, ex); + } + } + if (os != null) { + try { + os.close(); + } catch (IOException ex) { + Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINEST, null, ex); } } } @@ -311,7 +327,7 @@ public class DatabaseUpdater implements CachedWebDataSource { prop.load(is); boolean deleteAndRecreate = false; - float version = 0; + float version; if (prop.getProperty("version") == null) { deleteAndRecreate = true; @@ -333,8 +349,8 @@ public class DatabaseUpdater implements CachedWebDataSource { FileUtils.delete(f); //this importer also updates the CPE index and it is also using an old version - final Index cpeid = new Index(); - final File cpeDir = cpeid.getDataDirectory(); + final Index cpeId = new Index(); + final File cpeDir = cpeId.getDataDirectory(); FileUtils.delete(cpeDir); return currentlyPublished; } diff --git a/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java b/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java index e9e13660e..758d09804 100644 --- a/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java +++ b/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java @@ -80,7 +80,7 @@ public class EvidenceCollection implements Iterable { * * @param confidence the confidence level for the evidence to be iterated * over. - * @return Iterable. + * @return Iterable an iterable collectoin of evidence */ public final Iterable iterator(Evidence.Confidence confidence) { if (confidence == Evidence.Confidence.HIGH) { diff --git a/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java b/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java index d64655071..e05b82b12 100644 --- a/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java +++ b/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java @@ -193,14 +193,13 @@ public class ReportGenerator { OutputStream outputStream = null; try { - File foutDir = new File(outFileName).getParentFile(); - if (!foutDir.exists()) { - foutDir.mkdirs(); + File outDir = new File(outFileName).getParentFile(); + if (!outDir.exists()) { + outDir.mkdirs(); } outputStream = new FileOutputStream(outFileName); writer = new OutputStreamWriter(outputStream, "UTF-8"); - //writer = new BufferedWriter(oswriter); if (!engine.evaluate(context, writer, templatePath, reader)) { throw new Exception("Failed to convert the template into html."); diff --git a/src/main/java/org/owasp/dependencycheck/utils/CliParser.java b/src/main/java/org/owasp/dependencycheck/utils/CliParser.java index c351010dc..87200eeca 100644 --- a/src/main/java/org/owasp/dependencycheck/utils/CliParser.java +++ b/src/main/java/org/owasp/dependencycheck/utils/CliParser.java @@ -75,8 +75,7 @@ public final class CliParser { */ private CommandLine parseArgs(String[] args) throws ParseException { final CommandLineParser parser = new PosixParser(); - final CommandLine ln = parser.parse(options, args); - return ln; + return parser.parse(options, args); } /** @@ -102,7 +101,7 @@ public final class CliParser { + "the 'out' argument."); } } - if (!line.hasOption(ArgumentName.APPNAME)) { + if (!line.hasOption(ArgumentName.APP_NAME)) { throw new ParseException("Scan cannot be run without specifying an application " + "name via the 'app' argument."); } @@ -166,12 +165,12 @@ public final class CliParser { final Option version = new Option(ArgumentName.VERSION_SHORT, ArgumentName.VERSION, false, "print the version information."); - final Option noupdate = new Option(ArgumentName.DISABLE_AUTO_UPDATE_SHORT, ArgumentName.DISABLE_AUTO_UPDATE, + final Option noUpdate = new Option(ArgumentName.DISABLE_AUTO_UPDATE_SHORT, ArgumentName.DISABLE_AUTO_UPDATE, false, "disables the automatic updating of the CPE data."); - final Option appname = OptionBuilder.withArgName("name").hasArg().withLongOpt(ArgumentName.APPNAME) + final Option appName = OptionBuilder.withArgName("name").hasArg().withLongOpt(ArgumentName.APP_NAME) .withDescription("the name of the application being scanned.") - .create(ArgumentName.APPNAME_SHORT); + .create(ArgumentName.APP_NAME_SHORT); final Option connectionTimeout = OptionBuilder.withArgName("timeout").hasArg().withLongOpt(ArgumentName.CONNECTION_TIMEOUT) .withDescription("the connection timeout (in milliseconds) to use when downloading resources.") @@ -197,7 +196,7 @@ public final class CliParser { .withDescription("the folder to write reports to.") .create(ArgumentName.OUT_SHORT); - final Option outputformat = OptionBuilder.withArgName("format").hasArg().withLongOpt(ArgumentName.OUTPUT_FORMAT) + final Option outputFormat = OptionBuilder.withArgName("format").hasArg().withLongOpt(ArgumentName.OUTPUT_FORMAT) .withDescription("the output format to write to (XML, HTML, ALL).") .create(ArgumentName.OUTPUT_FORMAT_SHORT); @@ -207,11 +206,11 @@ public final class CliParser { final Options opts = new Options(); opts.addOptionGroup(og); opts.addOption(out); - opts.addOption(outputformat); - opts.addOption(appname); + opts.addOption(outputFormat); + opts.addOption(appName); opts.addOption(version); opts.addOption(help); - opts.addOption(noupdate); + opts.addOption(noUpdate); opts.addOption(deepScan); opts.addOption(props); opts.addOption(proxyPort); @@ -301,7 +300,7 @@ public final class CliParser { * @return the application name. */ public String getApplicationName() { - return line.getOptionValue(ArgumentName.APPNAME); + return line.getOptionValue(ArgumentName.APP_NAME); } /** @@ -405,12 +404,12 @@ public final class CliParser { * The long CLI argument name specifying the name of the application to * be scanned. */ - public static final String APPNAME = "app"; + public static final String APP_NAME = "app"; /** * The short CLI argument name specifying the name of the application to * be scanned. */ - public static final String APPNAME_SHORT = "a"; + public static final String APP_NAME_SHORT = "a"; /** * The long CLI argument name asking for help. */ diff --git a/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/src/main/java/org/owasp/dependencycheck/utils/Downloader.java index 771205d9c..90150baeb 100644 --- a/src/main/java/org/owasp/dependencycheck/utils/Downloader.java +++ b/src/main/java/org/owasp/dependencycheck/utils/Downloader.java @@ -126,7 +126,7 @@ public final class Downloader { writer = new BufferedOutputStream(new FileOutputStream(outputPath)); final byte[] buffer = new byte[4096]; - int bytesRead = 0; + int bytesRead; while ((bytesRead = reader.read(buffer)) > 0) { writer.write(buffer, 0, bytesRead); }