Merge branch 'master' of github.com:jeremylong/DependencyCheck

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java

@@ -214,7 +214,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
      * @return a Set of strings.
      */
     protected static Set<String> newHashSet(String... strings) {
-        final Set<String> set = new HashSet<String>();
+        final Set<String> set = new HashSet<String>(strings.length);
         Collections.addAll(set, strings);
         return set;
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerException.java

@@ -24,6 +24,11 @@ package org.owasp.dependencycheck.data.composer;
  */
 public class ComposerException extends RuntimeException {
 
+    /**
+     * The serial version UID for serialization.
+     */
+    private static final long serialVersionUID = 1L;
+
     /**
      * Creates a ComposerException with default message.
      */

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/NonClosingStream.java

@@ -1,47 +0,0 @@
-/*
- * This file is part of dependency-check-core.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
- */
-package org.owasp.dependencycheck.utils;
-
-import java.io.FilterInputStream;
-import java.io.InputStream;
-
-/**
- * NonClosingStream is a stream filter which prevents another class that processes the stream from closing it. This is
- * necessary when dealing with things like JAXB and zipInputStreams.
- *
- * @author Jeremy Long
- */
-public class NonClosingStream extends FilterInputStream {
-
-    /**
-     * Constructs a new NonClosingStream.
-     *
-     * @param in an input stream.
-     */
-    public NonClosingStream(InputStream in) {
-        super(in);
-    }
-
-    /**
-     * Prevents closing of the stream.
-     */
-    @Override
-    public void close() {
-        // don't close the stream.
-    }
-}

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzerTest.java

@@ -34,7 +34,7 @@ public class AbstractFileTypeAnalyzerTest extends BaseTest {
      */
     @Test
     public void testNewHashSet() {
-        Set result = AbstractFileTypeAnalyzer.newHashSet("one", "two");
+        Set<String> result = AbstractFileTypeAnalyzer.newHashSet("one", "two");
         assertEquals(2, result.size());
         assertTrue(result.contains("one"));
         assertTrue(result.contains("two"));

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java

@@ -19,7 +19,7 @@ package org.owasp.dependencycheck.analyzer;
 
 import java.io.File;
 import java.io.IOException;
-import java.util.HashSet;
+import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 import org.apache.lucene.index.CorruptIndexException;
@@ -49,11 +49,9 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
      */
     @Test
     public void testBuildSearch() throws IOException, CorruptIndexException, ParseException {
-        Set<String> productWeightings = new HashSet<String>(1);
+        Set<String> productWeightings = Collections.singleton("struts2");
-        productWeightings.add("struts2");
 
-        Set<String> vendorWeightings = new HashSet<String>(1);
+        Set<String> vendorWeightings = Collections.singleton("apache");
-        vendorWeightings.add("apache");
 
         String vendor = "apache software foundation";
         String product = "struts 2 core";
@@ -238,11 +236,9 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
         CPEAnalyzer instance = new CPEAnalyzer();
         instance.open();
 
-        Set<String> productWeightings = new HashSet<String>(1);
+        Set<String> productWeightings = Collections.singleton("struts2");
-        productWeightings.add("struts2");
 
-        Set<String> vendorWeightings = new HashSet<String>(1);
+        Set<String> vendorWeightings = Collections.singleton("apache");
-        vendorWeightings.add("apache");
 
         List<IndexEntry> result = instance.searchCPE(vendor, product, productWeightings, vendorWeightings);
         instance.close();

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBMySQLTest.java

@@ -25,6 +25,7 @@ import static org.junit.Assert.assertTrue;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.owasp.dependencycheck.dependency.Vulnerability;
 import org.owasp.dependencycheck.dependency.VulnerableSoftware;
 import org.owasp.dependencycheck.utils.Settings;
 
@@ -96,7 +97,7 @@ public class CveDBMySQLTest {
         CveDB instance = new CveDB();
         try {
             instance.open();
-            List result = instance.getVulnerabilities(cpeStr);
+            List<Vulnerability> result = instance.getVulnerabilities(cpeStr);
             assertTrue(result.size() > 5);
         } catch (Exception ex) {
             System.out.println("Unable to access the My SQL database; verify that the db server is running and that the schema has been generated");

dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java

@@ -185,7 +185,6 @@ public class DependencyTest {
     @Test
     public void testGetIdentifiers() {
         Dependency instance = new Dependency();
-        List expResult = null;
         Set<Identifier> result = instance.getIdentifiers();
 
         assertTrue(true); //this is just a getter setter pair.

dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionParserTest.java

@@ -61,7 +61,7 @@ public class SuppressionParserTest {
         //File file = new File(this.getClass().getClassLoader().getResource("suppressions.xml").getPath());
         File file = BaseTest.getResourceAsFile(this, "suppressions.xml");
         SuppressionParser instance = new SuppressionParser();
-        List result = instance.parseSuppressionRules(file);
+        List<SuppressionRule> result = instance.parseSuppressionRules(file);
         assertTrue(result.size() > 3);
     }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionTest.java

@@ -61,11 +61,11 @@ public class DependencyVersionTest {
     @Test
     public void testIterator() {
         DependencyVersion instance = new DependencyVersion("1.2.3");
-        Iterator result = instance.iterator();
+        Iterator<String> result = instance.iterator();
         assertTrue(result.hasNext());
         int count = 1;
         while (result.hasNext()) {
-            String v = (String) result.next();
+            String v = result.next();
             assertTrue(String.valueOf(count++).equals(v));
         }
     }