From 0dc36765f113a874e2c2c0675359498805998850 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Sat, 10 Oct 2015 16:19:59 -0700 Subject: [PATCH 1/5] Added missing serialVersionUID to new ComposerException. --- .../dependencycheck/data/composer/ComposerException.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerException.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerException.java index 8b4d841aa..16be04bc5 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerException.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerException.java @@ -24,6 +24,11 @@ package org.owasp.dependencycheck.data.composer; */ public class ComposerException extends RuntimeException { + /** + * The serial version UID for serialization. + */ + private static final long serialVersionUID = 1L; + /** * Creates a ComposerException with default message. */ From c3177df739f9c6d2c3ed942829ac27b99649a891 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Sun, 11 Oct 2015 11:42:03 -0700 Subject: [PATCH 2/5] Removing unused NonClosingStream. --- .../utils/NonClosingStream.java | 47 ------------------- 1 file changed, 47 deletions(-) delete mode 100644 dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/NonClosingStream.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/NonClosingStream.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/NonClosingStream.java deleted file mode 100644 index 6dfc0edf7..000000000 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/NonClosingStream.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * This file is part of dependency-check-core. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Copyright (c) 2012 Jeremy Long. All Rights Reserved. - */ -package org.owasp.dependencycheck.utils; - -import java.io.FilterInputStream; -import java.io.InputStream; - -/** - * NonClosingStream is a stream filter which prevents another class that processes the stream from closing it. This is - * necessary when dealing with things like JAXB and zipInputStreams. - * - * @author Jeremy Long - */ -public class NonClosingStream extends FilterInputStream { - - /** - * Constructs a new NonClosingStream. - * - * @param in an input stream. - */ - public NonClosingStream(InputStream in) { - super(in); - } - - /** - * Prevents closing of the stream. - */ - @Override - public void close() { - // don't close the stream. - } -} From 5db377923efac5a1517c3fc1b2a575ecbbaec0d4 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Sun, 11 Oct 2015 16:51:57 -0700 Subject: [PATCH 3/5] Sized the new HashSet to avoid rehashing risk. --- .../dependencycheck/analyzer/AbstractFileTypeAnalyzer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java index 6f23a75b2..26d8d8ab8 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java @@ -214,7 +214,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen * @return a Set of strings. */ protected static Set newHashSet(String... strings) { - final Set set = new HashSet(); + final Set set = new HashSet(strings.length); Collections.addAll(set, strings); return set; } From 762b2fe7d62eed45374c3a253032f9b0cca66e8b Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Sun, 11 Oct 2015 17:32:08 -0700 Subject: [PATCH 4/5] Leverage Collections.singleton for single entry HashSets. --- .../analyzer/CPEAnalyzerIntegrationTest.java | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java index 6e272206e..0384fe407 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java @@ -19,7 +19,7 @@ package org.owasp.dependencycheck.analyzer; import java.io.File; import java.io.IOException; -import java.util.HashSet; +import java.util.Collections; import java.util.List; import java.util.Set; import org.apache.lucene.index.CorruptIndexException; @@ -49,11 +49,9 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase { */ @Test public void testBuildSearch() throws IOException, CorruptIndexException, ParseException { - Set productWeightings = new HashSet(1); - productWeightings.add("struts2"); + Set productWeightings = Collections.singleton("struts2"); - Set vendorWeightings = new HashSet(1); - vendorWeightings.add("apache"); + Set vendorWeightings = Collections.singleton("apache"); String vendor = "apache software foundation"; String product = "struts 2 core"; @@ -238,11 +236,9 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase { CPEAnalyzer instance = new CPEAnalyzer(); instance.open(); - Set productWeightings = new HashSet(1); - productWeightings.add("struts2"); + Set productWeightings = Collections.singleton("struts2"); - Set vendorWeightings = new HashSet(1); - vendorWeightings.add("apache"); + Set vendorWeightings = Collections.singleton("apache"); List result = instance.searchCPE(vendor, product, productWeightings, vendorWeightings); instance.close(); From 031d64858514c8296c39eb85d02821c4d3564cb7 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Sun, 11 Oct 2015 17:48:27 -0700 Subject: [PATCH 5/5] Removed compiler warnings from test code. --- .../analyzer/AbstractFileTypeAnalyzerTest.java | 2 +- .../org/owasp/dependencycheck/data/nvdcve/CveDBMySQLTest.java | 3 ++- .../org/owasp/dependencycheck/dependency/DependencyTest.java | 1 - .../dependencycheck/suppression/SuppressionParserTest.java | 2 +- .../owasp/dependencycheck/utils/DependencyVersionTest.java | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzerTest.java index f456707a8..37c0de5ac 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzerTest.java @@ -34,7 +34,7 @@ public class AbstractFileTypeAnalyzerTest extends BaseTest { */ @Test public void testNewHashSet() { - Set result = AbstractFileTypeAnalyzer.newHashSet("one", "two"); + Set result = AbstractFileTypeAnalyzer.newHashSet("one", "two"); assertEquals(2, result.size()); assertTrue(result.contains("one")); assertTrue(result.contains("two")); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBMySQLTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBMySQLTest.java index bed456159..3ba92444d 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBMySQLTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBMySQLTest.java @@ -25,6 +25,7 @@ import static org.junit.Assert.assertTrue; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import org.owasp.dependencycheck.dependency.Vulnerability; import org.owasp.dependencycheck.dependency.VulnerableSoftware; /** @@ -93,7 +94,7 @@ public class CveDBMySQLTest { CveDB instance = new CveDB(); try { instance.open(); - List result = instance.getVulnerabilities(cpeStr); + List result = instance.getVulnerabilities(cpeStr); assertTrue(result.size() > 5); } catch (Exception ex) { System.out.println("Unable to access the My SQL database; verify that the db server is running and that the schema has been generated"); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java index 25210e9a7..cbccb2083 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java @@ -185,7 +185,6 @@ public class DependencyTest { @Test public void testGetIdentifiers() { Dependency instance = new Dependency(); - List expResult = null; Set result = instance.getIdentifiers(); assertTrue(true); //this is just a getter setter pair. diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionParserTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionParserTest.java index 09570551b..dc0563e96 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionParserTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionParserTest.java @@ -61,7 +61,7 @@ public class SuppressionParserTest { //File file = new File(this.getClass().getClassLoader().getResource("suppressions.xml").getPath()); File file = BaseTest.getResourceAsFile(this, "suppressions.xml"); SuppressionParser instance = new SuppressionParser(); - List result = instance.parseSuppressionRules(file); + List result = instance.parseSuppressionRules(file); assertTrue(result.size() > 3); } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionTest.java index b303f552b..fae60cbc7 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionTest.java @@ -61,11 +61,11 @@ public class DependencyVersionTest { @Test public void testIterator() { DependencyVersion instance = new DependencyVersion("1.2.3"); - Iterator result = instance.iterator(); + Iterator result = instance.iterator(); assertTrue(result.hasNext()); int count = 1; while (result.hasNext()) { - String v = (String) result.next(); + String v = result.next(); assertTrue(String.valueOf(count++).equals(v)); } }