findbugs/checkstyle corrections

2026-03-11 21:05:38 +01:00 · 2016-01-30 08:57:40 -05:00
parent 6355a29a7a
commit 31df2fa131
7 changed files with 29 additions and 23 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalysisPhase.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalysisPhase.java
@@ -29,7 +29,7 @@ public enum AnalysisPhase {
     */
    INITIAL,
    /**
-     * Pre information collection phase
+     * Pre information collection phase.
     */
    PRE_INFORMATION_COLLECTION,
    /**
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
@@ -32,8 +32,10 @@ import org.slf4j.LoggerFactory;
 import java.io.File;
 import java.io.FileFilter;
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.util.logging.Level;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;

@@ -212,8 +214,13 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
                final String filePath = String.format("%s:%s", dependency.getFilePath(), product);
                currentDep.setFilePath(filePath);

-                // prevents coalescing into the dependency provided by engine
-                currentDep.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes())));
+                byte[] path;
+                try {
+                    path = filePath.getBytes("UTF-8");
+                } catch (UnsupportedEncodingException ex) {
+                    path = filePath.getBytes();
+                }
+                currentDep.setSha1sum(Checksum.getHex(sha1.digest(path)));
                engine.getDependencies().add(currentDep);
            }
            final String source = currentDep.getDisplayFileName();
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
@@ -51,8 +51,8 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
     */
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_INFORMATION_COLLECTION;

-    private static final FileFilter FILTER =
-            FileFilterBuilder.newInstance().addFilenames("Gemfile.lock").build();
+    private static final FileFilter FILTER
+            = FileFilterBuilder.newInstance().addFilenames("Gemfile.lock").build();
    public static final String NAME = "Name: ";
    public static final String VERSION = "Version: ";
    public static final String ADVISORY = "Advisory: ";
@@ -113,7 +113,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
                    throw new AnalysisException("Bundle-audit error stream unexpectedly not ready.");
                } else {
                    final String line = reader.readLine();
-                    if (!line.contains("Errno::ENOENT")) {
+                    if (line == null || !line.contains("Errno::ENOENT")) {
                        LOGGER.warn("Unexpected bundle-audit output. Disabling {}: {}", ANALYZER_NAME, line);
                        setEnabled(false);
                        throw new AnalysisException("Unexpected bundle-audit output.");
@@ -126,8 +126,8 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
            }
        }
        if (isEnabled()) {
-            LOGGER.info(ANALYZER_NAME + " is enabled. It is necessary to manually run \"bundle-audit update\" " +
-                    "occasionally to keep its database up to date.");
+            LOGGER.info(ANALYZER_NAME + " is enabled. It is necessary to manually run \"bundle-audit update\" "
+                    + "occasionally to keep its database up to date.");
        }
    }

@@ -162,8 +162,8 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
    }

    /**
-     * If {@link #analyzeFileType(Dependency, Engine)} is called, then we have successfully initialized, and it will
-     * be necessary to disable {@link RubyGemspecAnalyzer}.
+     * If {@link #analyzeFileType(Dependency, Engine)} is called, then we have successfully initialized, and it will be necessary
+     * to disable {@link RubyGemspecAnalyzer}.
     */
    private boolean needToDisableGemspecAnalyzer = true;

--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java
@@ -21,7 +21,6 @@ import java.io.IOException;
 import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.util.logging.Level;
 import org.apache.commons.io.IOUtils;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
@@ -128,7 +127,7 @@ public class EngineVersionCheck implements CachedWebDataSource {
    protected boolean shouldUpdate(final long lastChecked, final long now, final DatabaseProperties properties,
            String currentVersion) throws UpdateException {
        //check every 30 days if we know there is an update, otherwise check every 7 days
-        int checkRange = 30;
+        final int checkRange = 30;
        if (!DateUtil.withinDateRange(lastChecked, now, checkRange)) {
            LOGGER.debug("Checking web for new version.");
            final String currentRelease = getCurrentReleaseVersion();