github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

checkstyle corrections

Browse Source
This commit is contained in:
Jeremy Long
2017-03-12 18:03:27 -04:00
parent 675349c06f
commit 371dba948d
24 changed files with 263 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
View File

@@ -257,7 +257,7 @@ public class Check extends Update {
*
* @param r the reference to a path, fileset, dirset or filelist.
*/
public void setRefId(Reference r) {
public synchronized void setRefId(Reference r) {
if (path != null) {
throw new BuildException("Nested elements are not allowed when using the refId attribute.");
}
@@ -923,7 +923,7 @@ public class Check extends Update {
log(ex.getMessage(), Project.MSG_ERR);
}
} else {
for (Resource resource : path) {
for (Resource resource : getPath()) {
final FileProvider provider = resource.as(FileProvider.class);
if (provider != null) {
final File file = provider.getFile();
@@ -987,7 +987,7 @@ public class Check extends Update {
* @throws BuildException if the task was not configured correctly.
*/
private void validateConfiguration() throws BuildException {
if (path == null) {
if (getPath() == null) {
throw new BuildException("No project dependencies have been defined to analyze.");
}
if (failBuildOnCVSS < 0 || failBuildOnCVSS > 11) {

1
dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
View File

@@ -144,7 +144,6 @@ public class Purge extends Task {
*/
protected void populateSettings() throws BuildException {
Settings.initialize();
try (InputStream taskProperties = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE)) {
Settings.mergeProperties(taskProperties);
} catch (IOException ex) {

4
dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
View File

@@ -282,8 +282,8 @@ public class App {
exCol = ex;
}
final List<Dependency> dependencies = engine.getDependencies();
CveDB cve = CveDB.getInstance();
DatabaseProperties prop = cve.getDatabaseProperties();
final CveDB cve = CveDB.getInstance();
final DatabaseProperties prop = cve.getDatabaseProperties();
final ReportGenerator report = new ReportGenerator(applicationName, dependencies, engine.getAnalyzers(), prop);
try {
report.generateReports(reportDirectory, outputFormat);

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
View File

@@ -144,7 +144,8 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
dependency.getActualFilePath());
return;
} else if (rc != 0) {
LOGGER.debug("Return code {} from GrokAssembly; dependency-check is unable to analyze the library: {}", rc, dependency.getActualFilePath());
LOGGER.debug("Return code {} from GrokAssembly; dependency-check is unable to analyze the library: {}",
rc, dependency.getActualFilePath());
return;
}

1
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java
View File

@@ -33,7 +33,6 @@ import org.slf4j.LoggerFactory;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.MessageDigest;

5
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
View File

@@ -52,7 +52,8 @@ import org.xml.sax.SAXException;
* @author Jeremy Long
*/
public class HintAnalyzer extends AbstractAnalyzer {
/**
/**
* The Logger for use throughout the class
*/
private static final Logger LOGGER = LoggerFactory.getLogger(HintAnalyzer.class);
@@ -121,7 +122,7 @@ public class HintAnalyzer extends AbstractAnalyzer {
}
}
//</editor-fold>
/**
* The HintAnalyzer uses knowledge about a dependency to add additional
* information to help in identification of identifiers or vulnerabilities.

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -25,8 +25,16 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.UnsupportedEncodingException;
import java.util.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
@@ -248,7 +256,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
*/
protected boolean analyzePOM(Dependency dependency, List<ClassNameInformation> classes, Engine engine) throws AnalysisException {
try (JarFile jar = new JarFile(dependency.getActualFilePath())) {
List<String> pomEntries = retrievePomListing(jar);
final List<String> pomEntries = retrievePomListing(jar);
if (pomEntries != null && pomEntries.size() <= 1) {
String path;
File pomFile;

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
View File

@@ -144,7 +144,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
LOGGER.debug("Initializing Nexus Analyzer");
LOGGER.debug("Nexus Analyzer enabled: {}", isEnabled());
if (isEnabled()) {
boolean useProxy = useProxy();
final boolean useProxy = useProxy();
final String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL);
LOGGER.debug("Nexus Analyzer URL: {}", searchUrl);
try {

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
View File

@@ -33,7 +33,6 @@ import org.slf4j.LoggerFactory;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import org.owasp.dependencycheck.exception.InitializationException;
/**
@@ -132,7 +131,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
try {
final NuspecParser parser = new XPathNuspecParser();
NugetPackage np = null;
try (FileInputStream fis =new FileInputStream(dependency.getActualFilePath())) {
try (FileInputStream fis = new FileInputStream(dependency.getActualFilePath())) {
np = parser.parse(fis);
} catch (NuspecParseException | FileNotFoundException ex) {
throw new AnalysisException(ex);

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
View File

@@ -360,7 +360,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
if (null == manifest) {
LOGGER.debug("Manifest file not found.");
} else {
try (InputStream in = new BufferedInputStream(new FileInputStream(manifest))){
try (InputStream in = new BufferedInputStream(new FileInputStream(manifest))) {
result.load(in);
} catch (MessagingException | FileNotFoundException e) {
LOGGER.warn(e.getMessage(), e);

44
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View File

@@ -180,9 +180,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
final String msg = String.format("Unexpected exit code from bundle-audit process. Disabling %s: %s", ANALYZER_NAME, exitValue);
throw new InitializationException(msg);
} else {
BufferedReader reader = null;
try {
reader = new BufferedReader(new InputStreamReader(process.getErrorStream(), "UTF-8"));
try (BufferedReader reader = new BufferedReader(new InputStreamReader(process.getErrorStream(), "UTF-8"))) {
if (!reader.ready()) {
LOGGER.warn("Bundle-audit error stream unexpectedly not ready. Disabling " + ANALYZER_NAME);
setEnabled(false);
@@ -201,14 +199,6 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
} catch (IOException ex) {
setEnabled(false);
throw new InitializationException("Unable to read bundle-audit output.", ex);
} finally {
if (null != reader) {
try {
reader.close();
} catch (IOException ex) {
LOGGER.debug("Error closing reader", ex);
}
}
}
}
@@ -296,35 +286,19 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
final String msg = String.format("Unexpected exit code from bundle-audit process; exit code: %s", exitValue);
throw new AnalysisException(msg);
}
BufferedReader rdr = null;
BufferedReader errReader = null;
try {
errReader = new BufferedReader(new InputStreamReader(process.getErrorStream(), "UTF-8"));
while (errReader.ready()) {
final String error = errReader.readLine();
LOGGER.warn(error);
try (BufferedReader errReader = new BufferedReader(new InputStreamReader(process.getErrorStream(), "UTF-8"))) {
while (errReader.ready()) {
final String error = errReader.readLine();
LOGGER.warn(error);
}
}
try (BufferedReader rdr = new BufferedReader(new InputStreamReader(process.getInputStream(), "UTF-8"))) {
processBundlerAuditOutput(dependency, engine, rdr);
}
rdr = new BufferedReader(new InputStreamReader(process.getInputStream(), "UTF-8"));
processBundlerAuditOutput(dependency, engine, rdr);
} catch (IOException ioe) {
LOGGER.warn("bundle-audit failure", ioe);
} finally {
if (errReader != null) {
try {
errReader.close();
} catch (IOException ioe) {
LOGGER.warn("bundle-audit close failure", ioe);
}
}
if (null != rdr) {
try {
rdr.close();
} catch (IOException ioe) {
LOGGER.warn("bundle-audit close failure", ioe);
}
}
}
}
/**

109
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -63,7 +63,7 @@ public final class CveDB {
/**
* Singleton instance of the CveDB.
*/
private static CveDB INSTANCE = null;
private static CveDB instance = null;
/**
* The logger.
*/
@@ -91,27 +91,93 @@ public final class CveDB {
* statement bundles "dbStatements*.properties".
*/
enum PreparedStatementCveDb {
/**
* Key for SQL Statement.
*/
CLEANUP_ORPHANS,
/**
* Key for SQL Statement.
*/
COUNT_CPE,
/**
* Key for SQL Statement.
*/
DELETE_REFERENCE,
/**
* Key for SQL Statement.
*/
DELETE_SOFTWARE,
/**
* Key for SQL Statement.
*/
DELETE_VULNERABILITY,
/**
* Key for SQL Statement.
*/
INSERT_CPE,
/**
* Key for SQL Statement.
*/
INSERT_PROPERTY,
/**
* Key for SQL Statement.
*/
INSERT_REFERENCE,
/**
* Key for SQL Statement.
*/
INSERT_SOFTWARE,
/**
* Key for SQL Statement.
*/
INSERT_VULNERABILITY,
/**
* Key for SQL Statement.
*/
MERGE_PROPERTY,
/**
* Key for SQL Statement.
*/
SELECT_CPE_ENTRIES,
/**
* Key for SQL Statement.
*/
SELECT_CPE_ID,
/**
* Key for SQL Statement.
*/
SELECT_CVE_FROM_SOFTWARE,
/**
* Key for SQL Statement.
*/
SELECT_PROPERTIES,
/**
* Key for SQL Statement.
*/
SELECT_REFERENCES,
/**
* Key for SQL Statement.
*/
SELECT_SOFTWARE,
/**
* Key for SQL Statement.
*/
SELECT_VENDOR_PRODUCT_LIST,
/**
* Key for SQL Statement.
*/
SELECT_VULNERABILITY,
/**
* Key for SQL Statement.
*/
SELECT_VULNERABILITY_ID,
/**
* Key for SQL Statement.
*/
UPDATE_PROPERTY,
/**
* Key for SQL Statement.
*/
UPDATE_VULNERABILITY
}
@@ -121,11 +187,11 @@ public final class CveDB {
* @return the CveDB singleton
* @throws DatabaseException thrown if there is a database error
*/
public synchronized static CveDB getInstance() throws DatabaseException {
if (INSTANCE == null) {
INSTANCE = new CveDB();
public static synchronized CveDB getInstance() throws DatabaseException {
if (instance == null) {
instance = new CveDB();
}
return INSTANCE;
return instance;
}
/**
@@ -150,9 +216,9 @@ public final class CveDB {
*
* @return the product name of the database if successful, {@code null} else
*/
private String determineDatabaseProductName() {
private synchronized String determineDatabaseProductName() {
try {
final String databaseProductName = getConnection().getMetaData().getDatabaseProductName();
final String databaseProductName = connection.getMetaData().getDatabaseProductName();
LOGGER.debug("Database product: {}", databaseProductName);
return databaseProductName;
} catch (SQLException se) {
@@ -161,15 +227,6 @@ public final class CveDB {
}
}
/**
* Returns the database connection.
*
* @return the database connection
*/
private Connection getConnection() {
return connection;
}
/**
* Opens the database connection. If the database does not exist, it will
* create a new one.
@@ -191,7 +248,7 @@ public final class CveDB {
if (isOpen()) {
closeStatements();
try {
getConnection().close();
connection.close();
} catch (SQLException ex) {
LOGGER.error("There was an error attempting to close the CveDB, see the log for more details.");
LOGGER.debug("", ex);
@@ -200,7 +257,7 @@ public final class CveDB {
LOGGER.debug("", ex);
}
connection = null;
INSTANCE = null;
instance = null;
}
}
@@ -210,7 +267,7 @@ public final class CveDB {
* @return whether the database connection is open or closed
*/
private boolean isOpen() {
return getConnection() != null;
return connection != null;
}
/**
@@ -229,9 +286,9 @@ public final class CveDB {
final PreparedStatement preparedStatement;
try {
if (key == INSERT_VULNERABILITY || key == INSERT_CPE) {
preparedStatement = getConnection().prepareStatement(statementString, new String[]{"id"});
preparedStatement = connection.prepareStatement(statementString, new String[]{"id"});
} else {
preparedStatement = getConnection().prepareStatement(statementString);
preparedStatement = connection.prepareStatement(statementString);
}
} catch (SQLException exception) {
throw new DatabaseException(exception);
@@ -272,7 +329,7 @@ public final class CveDB {
public synchronized void commit() throws SQLException {
//temporary remove this as autocommit is on.
//if (isOpen()) {
// getConnection().commit();
// connection.commit();
//}
}
@@ -625,6 +682,7 @@ public final class CveDB {
insertReference.setString(4, r.getSource());
insertReference.execute();
}
final PreparedStatement insertSoftware = getPreparedStatement(INSERT_SOFTWARE);
for (VulnerableSoftware s : vuln.getVulnerableSoftware()) {
int cpeProductId = 0;
@@ -671,6 +729,7 @@ public final class CveDB {
throw ex;
}
}
}
} catch (SQLException ex) {
final String msg = String.format("Error updating '%s'", vuln.getName());
@@ -856,10 +915,11 @@ public final class CveDB {
public synchronized void deleteUnusedCpe() {
PreparedStatement ps = null;
try {
ps = getConnection().prepareStatement(statementBundle.getString("DELETE_UNUSED_DICT_CPE"));
ps = connection.prepareStatement(statementBundle.getString("DELETE_UNUSED_DICT_CPE"));
ps.executeUpdate();
} catch (SQLException ex) {
LOGGER.error("Unable to delete CPE dictionary entries", ex);
} finally {
DBUtils.closeStatement(ps);
}
}
@@ -877,13 +937,14 @@ public final class CveDB {
public synchronized void addCpe(String cpe, String vendor, String product) {
PreparedStatement ps = null;
try {
ps = getConnection().prepareStatement(statementBundle.getString("ADD_DICT_CPE"));
ps = connection.prepareStatement(statementBundle.getString("ADD_DICT_CPE"));
ps.setString(1, cpe);
ps.setString(2, vendor);
ps.setString(3, product);
ps.executeUpdate();
} catch (SQLException ex) {
LOGGER.error("Unable to add CPE dictionary entry", ex);
} finally {
DBUtils.closeStatement(ps);
}
}

14
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
View File

@@ -78,7 +78,13 @@ public class NvdCveUpdater implements CachedWebDataSource {
*/
private ExecutorService downloadExecutorService = null;
/**
* Reference to the DAO.
*/
private CveDB cveDb = null;
/**
* The properties obtained from the database.
*/
private DatabaseProperties dbProperties = null;
/**
@@ -448,8 +454,16 @@ public class NvdCveUpdater implements CachedWebDataSource {
*/
private static class TimestampRetriever implements Callable<Long> {
/**
* The URL to obtain the timestamp from.
*/
private final String url;
/**
* Instantiates a new timestamp retriever object.
*
* @param url the URL to hit
*/
TimestampRetriever(String url) {
this.url = url;
}

1
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java
View File

@@ -19,7 +19,6 @@ package org.owasp.dependencycheck.data.update.nvd;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;

21
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java
View File

@@ -51,7 +51,8 @@ public class NvdCve20Handler extends DefaultHandler {
*/
private static final String CURRENT_SCHEMA_VERSION = "2.0";
/**
* a possible attribute value of the {@link AttributeValues#XML_LANG} attribute
* a possible attribute value of the {@link AttributeValues#XML_LANG}
* attribute
*/
private static final String EN = "en";
/**
@@ -97,7 +98,8 @@ public class NvdCve20Handler extends DefaultHandler {
private CveDB cveDB;
/**
* A list of CVE entries and associated VulnerableSoftware entries that contain previous entries.
* A list of CVE entries and associated VulnerableSoftware entries that
* contain previous entries.
*/
private Map<String, List<VulnerableSoftware>> prevVersionVulnMap;
@@ -109,7 +111,7 @@ public class NvdCve20Handler extends DefaultHandler {
public int getTotalNumberOfEntries() {
return totalNumberOfEntries;
}
/**
* Get the value of totalNumberOfApplicationEntries.
*
@@ -249,10 +251,12 @@ public class NvdCve20Handler extends DefaultHandler {
public void setCveDB(CveDB db) {
cveDB = db;
}
/**
* Sets the prevVersionVulnMap.
*
* @param map the map of vulnerable software with previous versions being vulnerable
* @param map the map of vulnerable software with previous versions being
* vulnerable
*/
public void setPrevVersionVulnMap(Map<String, List<VulnerableSoftware>> map) {
prevVersionVulnMap = map;
@@ -262,7 +266,8 @@ public class NvdCve20Handler extends DefaultHandler {
* Saves a vulnerability to the CVE Database.
*
* @param vuln the vulnerability to store in the database
* @throws DatabaseException thrown if there is an error writing to the database
* @throws DatabaseException thrown if there is an error writing to the
* database
* @throws CorruptIndexException is thrown if the CPE Index is corrupt
* @throws IOException thrown if there is an IOException with the CPE Index
*/
@@ -281,7 +286,8 @@ public class NvdCve20Handler extends DefaultHandler {
// <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
/**
* A simple class to maintain information about the current element while parsing the NVD CVE XML.
* A simple class to maintain information about the current element while
* parsing the NVD CVE XML.
*/
protected static class Element {
@@ -506,7 +512,8 @@ public class NvdCve20Handler extends DefaultHandler {
// </editor-fold>
/**
* A simple class to maintain information about the attribute values encountered while parsing the NVD CVE XML.
* A simple class to maintain information about the attribute values
* encountered while parsing the NVD CVE XML.
*/
protected static class AttributeValues {

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java
View File

@@ -153,7 +153,7 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
* @return the list of references
*/
public List<Reference> getReferences(boolean sorted) {
List<Reference> sortedRefs = new ArrayList<>(this.references);
final List<Reference> sortedRefs = new ArrayList<>(this.references);
if (sorted) {
Collections.sort(sortedRefs);
}
@@ -210,7 +210,7 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
* @return the list of vulnerable software
*/
public List<VulnerableSoftware> getVulnerableSoftware(boolean sorted) {
List<VulnerableSoftware> sortedVulnerableSoftware = new ArrayList<>(this.vulnerableSoftware);
final List<VulnerableSoftware> sortedVulnerableSoftware = new ArrayList<>(this.vulnerableSoftware);
if (sorted) {
Collections.sort(sortedVulnerableSoftware);
}
@@ -516,4 +516,4 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
public boolean hasMatchedAllPreviousCPE() {
return matchedAllPreviousCPE != null;
}
}
}

23
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DBUtils.java
View File

@@ -47,7 +47,8 @@ public final class DBUtils {
*
* @param statement a prepared statement that just executed an insert
* @return a primary key
* @throws DatabaseException thrown if there is an exception obtaining the key
* @throws DatabaseException thrown if there is an exception obtaining the
* key
*/
public static int getGeneratedKey(PreparedStatement statement) throws DatabaseException {
ResultSet rs = null;
@@ -72,27 +73,29 @@ public final class DBUtils {
* @param statement a Statement object
*/
public static void closeStatement(Statement statement) {
if (statement != null) {
try {
try {
if (statement != null && !statement.isClosed()) {
statement.close();
} catch (SQLException ex) {
LOGGER.trace(statement.toString(), ex);
}
} catch (SQLException ex) {
LOGGER.trace(statement.toString(), ex);
}
}
/**
* Closes the result set capturing and ignoring any SQLExceptions that occur.
* Closes the result set capturing and ignoring any SQLExceptions that
* occur.
*
* @param rs a ResultSet to close
*/
public static void closeResultSet(ResultSet rs) {
if (rs != null) {
try {
try {
if (rs != null && !rs.isClosed()) {
rs.close();
} catch (SQLException ex) {
LOGGER.trace(rs.toString(), ex);
}
} catch (SQLException ex) {
LOGGER.trace(rs.toString(), ex);
}
}
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java
View File

@@ -111,7 +111,7 @@ public final class UrlStringUtils {
final int pos = tmp.lastIndexOf('.');
if (pos > 1) {
importantParts.add(tmp.substring(0, pos));
} else if (pos == 0 && tmp.length()>1) {
} else if (pos == 0 && tmp.length() > 1) {
importantParts.add(tmp.substring(1));
} else {
importantParts.add(tmp);

9
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintHandler.java
View File

@@ -149,8 +149,17 @@ public class HintHandler extends DefaultHandler {
* Internal type to track the parent node state.
*/
enum ParentType {
/**
* Marks the add node.
*/
ADD,
/**
* Marks the given node.
*/
GIVEN,
/**
* Marks the remove node.
*/
REMOVE
}
/**

123
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomHandler.java
View File

@@ -101,7 +101,7 @@ public class PomHandler extends DefaultHandler {
* The current node text being extracted from the element.
*/
private StringBuilder currentText;
/**
* Handles the start element event.
*
@@ -132,66 +132,77 @@ public class PomHandler extends DefaultHandler {
public void endElement(String uri, String localName, String qName) throws SAXException {
stack.pop();
final String parentNode = stack.peek();
if (null != parentNode) switch (parentNode) {
case PROJECT:
if (null != qName) switch (qName) {
case GROUPID:
model.setGroupId(currentText.toString());
break;
case ARTIFACTID:
model.setArtifactId(currentText.toString());
break;
case VERSION:
model.setVersion(currentText.toString());
break;
case NAME:
model.setName(currentText.toString());
break;
case DESCRIPTION:
model.setDescription(currentText.toString());
break;
case URL:
model.setProjectURL(currentText.toString());
break;
default:
break;
} break;
case ORGANIZATION:
if (NAME.equals(qName)) {
model.setOrganization(currentText.toString());
} else if (URL.equals(qName)) {
model.setOrganizationUrl(currentText.toString());
} break;
case PARENT:
if (null != qName) switch (qName) {
case GROUPID:
model.setParentGroupId(currentText.toString());
break;
case ARTIFACTID:
model.setParentArtifactId(currentText.toString());
break;
case VERSION:
model.setParentVersion(currentText.toString());
break;
default:
break;
} break;
case LICENSE:
if (license != null) {
if (null != parentNode) {
switch (parentNode) {
case PROJECT:
if (null != qName) {
switch (qName) {
case GROUPID:
model.setGroupId(currentText.toString());
break;
case ARTIFACTID:
model.setArtifactId(currentText.toString());
break;
case VERSION:
model.setVersion(currentText.toString());
break;
case NAME:
model.setName(currentText.toString());
break;
case DESCRIPTION:
model.setDescription(currentText.toString());
break;
case URL:
model.setProjectURL(currentText.toString());
break;
default:
break;
}
}
break;
case ORGANIZATION:
if (NAME.equals(qName)) {
license.setName(currentText.toString());
model.setOrganization(currentText.toString());
} else if (URL.equals(qName)) {
license.setUrl(currentText.toString());
model.setOrganizationUrl(currentText.toString());
}
} break;
case LICENSES:
if (LICENSE.equals(qName)) {
break;
case PARENT:
if (null != qName) {
switch (qName) {
case GROUPID:
model.setParentGroupId(currentText.toString());
break;
case ARTIFACTID:
model.setParentArtifactId(currentText.toString());
break;
case VERSION:
model.setParentVersion(currentText.toString());
break;
default:
break;
}
}
break;
case LICENSE:
if (license != null) {
model.addLicense(license);
if (NAME.equals(qName)) {
license.setName(currentText.toString());
} else if (URL.equals(qName)) {
license.setUrl(currentText.toString());
}
}
} break;
default:
break;
break;
case LICENSES:
if (LICENSE.equals(qName)) {
if (license != null) {
model.addLicense(license);
}
}
break;
default:
break;
}
}
}

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomParser.java
View File

@@ -80,10 +80,10 @@ public class PomParser {
final SAXParser saxParser = XmlUtils.buildSecureSaxParser();
final XMLReader xmlReader = saxParser.getXMLReader();
xmlReader.setContentHandler(handler);
BOMInputStream bomStream = new BOMInputStream(inputStream);
ByteOrderMark bom = bomStream.getBOM();
String defaultEncoding = "UTF-8";
String charsetName = bom == null ? defaultEncoding : bom.getCharsetName();
final BOMInputStream bomStream = new BOMInputStream(inputStream);
final ByteOrderMark bom = bomStream.getBOM();
final String defaultEncoding = "UTF-8";
final String charsetName = bom == null ? defaultEncoding : bom.getCharsetName();
final Reader reader = new InputStreamReader(bomStream, charsetName);
final InputSource in = new InputSource(reader);
xmlReader.parse(in);

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionHandler.java
View File

@@ -199,4 +199,4 @@ public class SuppressionHandler extends DefaultHandler {
}
return pt;
}
}
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java
View File

@@ -529,4 +529,4 @@ public class SuppressionRule {
sb.append('}');
return sb.toString();
}
}
}

42
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -17,13 +17,10 @@
*/
package org.owasp.dependencycheck.maven;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectOutputStream;
import java.util.List;
import java.util.Locale;
import org.apache.maven.artifact.Artifact;
@@ -109,8 +106,9 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
@Parameter(readonly = true, required = true, property = "reactorProjects")
private List<MavenProject> reactorProjects;
/**
* The entry point towards a Maven version independent way of resolving artifacts (handles both Maven 3.0
* Sonatype and Maven 3.1+ eclipse Aether implementations).
* The entry point towards a Maven version independent way of resolving
* artifacts (handles both Maven 3.0 Sonatype and Maven 3.1+ eclipse Aether
* implementations).
*/
@Component
private ArtifactResolver artifactResolver;
@@ -118,13 +116,13 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
/**
* The Maven Session.
*/
@Parameter( defaultValue = "${session}", readonly = true, required = true )
@Parameter(defaultValue = "${session}", readonly = true, required = true)
protected MavenSession session;
/**
/**
* Remote repositories which will be searched for artifacts.
*/
@Parameter( defaultValue = "${project.remoteArtifactRepositories}", readonly = true, required = true )
@Parameter(defaultValue = "${project.remoteArtifactRepositories}", readonly = true, required = true)
private List<ArtifactRepository> remoteRepositories;
/**
@@ -461,7 +459,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
@Parameter(property = "externalReport")
@Deprecated
private String externalReport = null;
// </editor-fold>
//<editor-fold defaultstate="collapsed" desc="Base Maven implementation">
/**
@@ -531,6 +529,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
protected String getConnectionString() {
return connectionString;
}
/**
* Returns if the mojo should fail the build if an exception occurs.
*
@@ -624,6 +623,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* @param project the project being scanned
* @param nodes the list of dependency nodes, generally obtained via the
* DependencyGraphBuilder
* @param buildingRequest the Maven project building request
* @return a collection of exceptions that may have occurred while resolving
* and scanning the dependencies
*/
@@ -636,8 +636,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
}
try {
final ArtifactCoordinate coordinate = TransferUtils.toArtifactCoordinate(dependencyNode.getArtifact());
final Artifact result = artifactResolver.resolveArtifact( buildingRequest, coordinate ).getArtifact();
if (result.isResolved() && result.getFile()!= null) {
final Artifact result = artifactResolver.resolveArtifact(buildingRequest, coordinate).getArtifact();
if (result.isResolved() && result.getFile() != null) {
final List<Dependency> deps = engine.scan(result.getFile().getAbsoluteFile(),
project.getName() + ":" + dependencyNode.getArtifact().getScope());
if (deps != null) {
@@ -683,16 +683,13 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
}
/**
* @return Returns a new ProjectBuildingRequest populated from the current session and the current project remote
* repositories, used to resolve artifacts.
* @return Returns a new ProjectBuildingRequest populated from the current
* session and the current project remote repositories, used to resolve
* artifacts.
*/
public ProjectBuildingRequest newResolveArtifactProjectBuildingRequest()
{
ProjectBuildingRequest buildingRequest =
new DefaultProjectBuildingRequest( session.getProjectBuildingRequest() );
buildingRequest.setRemoteRepositories( remoteRepositories );
public ProjectBuildingRequest newResolveArtifactProjectBuildingRequest() {
final ProjectBuildingRequest buildingRequest = new DefaultProjectBuildingRequest(session.getProjectBuildingRequest());
buildingRequest.setRemoteRepositories(remoteRepositories);
return buildingRequest;
}
@@ -1060,8 +1057,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
msg = String.format("%n%nOne or more dependencies were identified with vulnerabilities: %n%s%n%n"
+ "See the dependency-check report for more details.%n%n", ids.toString());
} else {
msg = String.format("%n%nOne or more dependencies were identified with vulnerabilities that have a CVSS score greater than '%.1f': %n%s%n%n"
+ "See the dependency-check report for more details.%n%n", failBuildOnCVSS, ids.toString());
msg = String.format("%n%nOne or more dependencies were identified with vulnerabilities that have a CVSS score greater than '%.1f': "
+ "%n%s%n%nSee the dependency-check report for more details.%n%n", failBuildOnCVSS, ids.toString());
}
throw new MojoFailureException(msg);
@@ -1136,5 +1133,4 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
}
//</editor-fold>
}