mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 07:43:40 +01:00
checkstyle recommendations
This commit is contained in:
Jeremy Long
@@ -205,6 +205,7 @@ public class App {
|
||||
* @param excludes the patterns for files/directories to exclude
|
||||
* @param symLinkDepth the depth that symbolic links will be followed
|
||||
* @param cvssFailScore the score to fail on if a vulnerability is found
|
||||
* @return the exit code if there was an error
|
||||
*
|
||||
* @throws InvalidScanPathException thrown if the path to scan starts with
|
||||
* "//"
|
||||
@@ -216,7 +217,8 @@ public class App {
|
||||
* collection.
|
||||
*/
|
||||
private int runScan(String reportDirectory, String outputFormat, String applicationName, String[] files,
|
||||
String[] excludes, int symLinkDepth, int cvssFailScore) throws InvalidScanPathException, DatabaseException, ExceptionCollection, ReportException {
|
||||
String[] excludes, int symLinkDepth, int cvssFailScore) throws InvalidScanPathException, DatabaseException,
|
||||
ExceptionCollection, ReportException {
|
||||
Engine engine = null;
|
||||
int retCode = 0;
|
||||
try {
|
||||
@@ -308,11 +310,12 @@ public class App {
|
||||
|
||||
//Set the exit code based on whether we found a high enough vulnerability
|
||||
for (Dependency dep : dependencies) {
|
||||
if (dep.getVulnerabilities().size() != 0) {
|
||||
if (!dep.getVulnerabilities().isEmpty()) {
|
||||
for (Vulnerability vuln : dep.getVulnerabilities()) {
|
||||
LOGGER.debug("VULNERABILITY FOUND " + dep.getDisplayFileName());
|
||||
if (vuln.getCvssScore() > cvssFailScore)
|
||||
if (vuln.getCvssScore() > cvssFailScore) {
|
||||
retCode = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -290,7 +290,8 @@ public final class CliParser {
|
||||
.build();
|
||||
|
||||
final Option failOnCVSS = Option.builder().argName("score").hasArg().longOpt(ARGUMENT.FAIL_ON_CVSS)
|
||||
.desc("Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11; since the CVSS scores are 0-10, by default the build will never fail.")
|
||||
.desc("Specifies if the build should be failed if a CVSS score above a specified level is identified. "
|
||||
+ "The default is 11; since the CVSS scores are 0-10, by default the build will never fail.")
|
||||
.build();
|
||||
|
||||
//This is an option group because it can be specified more then once.
|
||||
@@ -1111,13 +1112,14 @@ public final class CliParser {
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the CVSS value to fail on
|
||||
* Returns the CVSS value to fail on.
|
||||
*
|
||||
* @return 11 if nothing is set. Otherwise it returns the int passed from the command line arg
|
||||
* @return 11 if nothing is set. Otherwise it returns the int passed from
|
||||
* the command line arg
|
||||
*/
|
||||
public int getFailOnCVSS() {
|
||||
if(line.hasOption(ARGUMENT.FAIL_ON_CVSS)) {
|
||||
String value = line.getOptionValue(ARGUMENT.FAIL_ON_CVSS);
|
||||
if (line.hasOption(ARGUMENT.FAIL_ON_CVSS)) {
|
||||
final String value = line.getOptionValue(ARGUMENT.FAIL_ON_CVSS);
|
||||
try {
|
||||
return Integer.parseInt(value);
|
||||
} catch (NumberFormatException nfe) {
|
||||
@@ -1310,8 +1312,7 @@ public final class CliParser {
|
||||
*/
|
||||
public static final String SUPPRESSION_FILE = "suppression";
|
||||
/**
|
||||
* The CLI argument name for setting the location of the hint
|
||||
* file.
|
||||
* The CLI argument name for setting the location of the hint file.
|
||||
*/
|
||||
public static final String HINTS_FILE = "hints";
|
||||
/**
|
||||
|
||||
@@ -142,7 +142,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer {
|
||||
final ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
|
||||
while (subIterator.hasNext()) {
|
||||
final Dependency nextDependency = subIterator.next();
|
||||
Dependency main = null;
|
||||
if (hashesMatch(dependency, nextDependency) && !containedInWar(dependency.getFilePath())
|
||||
&& !containedInWar(nextDependency.getFilePath())) {
|
||||
if (firstPathIsShortest(dependency.getFilePath(), nextDependency.getFilePath())) {
|
||||
|
||||
@@ -260,7 +260,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* @return whether or not evidence was added to the dependency
|
||||
*/
|
||||
protected boolean analyzePOM(Dependency dependency, List<ClassNameInformation> classes, Engine engine) throws AnalysisException {
|
||||
boolean foundSomething = false;
|
||||
JarFile jar = null;
|
||||
List<String> pomEntries = null;
|
||||
try {
|
||||
@@ -292,7 +291,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
pomFile = new File(path);
|
||||
}
|
||||
if (pomFile.isFile()) {
|
||||
Model pom = PomUtils.readPom(pomFile);
|
||||
final Model pom = PomUtils.readPom(pomFile);
|
||||
if (pom != null && pomProperties != null) {
|
||||
pom.processProperties(pomProperties);
|
||||
}
|
||||
@@ -347,7 +346,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
} catch (IOException ex) {
|
||||
LOGGER.trace("", ex);
|
||||
}
|
||||
return foundSomething;
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -87,6 +87,9 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
*/
|
||||
private static final String SUPPORTED_EXTENSIONS = "jar";
|
||||
|
||||
/**
|
||||
* Whether or not the Nexus analyzer should use a proxy if configured.
|
||||
*/
|
||||
private boolean useProxy;
|
||||
/**
|
||||
* The Nexus Search to be set up for this analyzer.
|
||||
@@ -265,7 +268,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
LOGGER.debug("Could not connect to nexus repository", ioe);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Determine if a proxy should be used.
|
||||
*
|
||||
|
||||
@@ -114,7 +114,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
throw new AnalysisException(String.format("%s should have been a directory.", folder.getAbsolutePath()));
|
||||
}
|
||||
final List<String> args = new ArrayList<String>();
|
||||
String bundleAuditPath = Settings.getString(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH);
|
||||
final String bundleAuditPath = Settings.getString(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH);
|
||||
File bundleAudit = null;
|
||||
if (bundleAuditPath != null) {
|
||||
bundleAudit = new File(bundleAuditPath);
|
||||
|
||||
@@ -58,7 +58,7 @@ public class XPathNuspecParser implements NuspecParser {
|
||||
@Override
|
||||
public NugetPackage parse(InputStream stream) throws NuspecParseException {
|
||||
try {
|
||||
DocumentBuilder db = XmlUtils.buildSecureDocumentBuilder();
|
||||
final DocumentBuilder db = XmlUtils.buildSecureDocumentBuilder();
|
||||
final Document d = db.parse(stream);
|
||||
|
||||
final XPath xpath = XPathFactory.newInstance().newXPath();
|
||||
|
||||
@@ -171,8 +171,8 @@ public class DatabaseProperties {
|
||||
try {
|
||||
final long epoch = Long.parseLong((String) entry.getValue());
|
||||
final DateTime date = new DateTime(epoch);
|
||||
DateTimeFormatter format = DateTimeFormat.forPattern("dd/MM/yyyy HH:mm:ss");
|
||||
String formatted = format.print(date);
|
||||
final DateTimeFormatter format = DateTimeFormat.forPattern("dd/MM/yyyy HH:mm:ss");
|
||||
final String formatted = format.print(date);
|
||||
// final Date date = new Date(epoch);
|
||||
// final DateFormat format = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
|
||||
// final String formatted = format.format(date);
|
||||
|
||||
@@ -27,9 +27,6 @@ import java.io.InputStreamReader;
|
||||
import java.io.OutputStream;
|
||||
import java.io.OutputStreamWriter;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.text.DateFormat;
|
||||
import java.text.SimpleDateFormat;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import org.apache.velocity.VelocityContext;
|
||||
import org.apache.velocity.app.VelocityEngine;
|
||||
@@ -109,13 +106,12 @@ public class ReportGenerator {
|
||||
final EscapeTool enc = new EscapeTool();
|
||||
|
||||
final DateTime dt = DateTime.now();
|
||||
DateTimeFormatter dateFormat = DateTimeFormat.forPattern("MMM d, yyyy 'at' HH:mm:ss z");
|
||||
DateTimeFormatter dateFormatXML = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
|
||||
|
||||
final DateTimeFormatter dateFormat = DateTimeFormat.forPattern("MMM d, yyyy 'at' HH:mm:ss z");
|
||||
final DateTimeFormatter dateFormatXML = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
|
||||
|
||||
// final Date d = new Date();
|
||||
// final DateFormat dateFormat = new SimpleDateFormat("MMM d, yyyy 'at' HH:mm:ss z");
|
||||
// final DateFormat dateFormatXML = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
|
||||
|
||||
final String scanDate = dateFormat.print(dt);
|
||||
final String scanDateXML = dateFormatXML.print(dt);
|
||||
|
||||
|
||||
@@ -18,7 +18,6 @@
|
||||
package org.owasp.dependencycheck.utils;
|
||||
|
||||
import java.io.BufferedInputStream;
|
||||
import java.io.Closeable;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.FileNotFoundException;
|
||||
|
||||
@@ -110,7 +110,7 @@ public class SuppressionParser {
|
||||
try {
|
||||
schemaStream = this.getClass().getClassLoader().getResourceAsStream(SUPPRESSION_SCHEMA);
|
||||
final SuppressionHandler handler = new SuppressionHandler();
|
||||
SAXParser saxParser = XmlUtils.buildSecureSaxParser(schemaStream);
|
||||
final SAXParser saxParser = XmlUtils.buildSecureSaxParser(schemaStream);
|
||||
final XMLReader xmlReader = saxParser.getXMLReader();
|
||||
xmlReader.setErrorHandler(new SuppressionErrorHandler());
|
||||
xmlReader.setContentHandler(handler);
|
||||
@@ -149,8 +149,6 @@ public class SuppressionParser {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Parses the given XML stream and returns a list of the suppression rules
|
||||
* contained.
|
||||
|
||||
@@ -17,4 +17,4 @@
|
||||
#
|
||||
|
||||
invoker.goals.1 = ${project.groupId}:${project.artifactId}:${project.version}:update-only -DdataDirectory=./data -Dcve.startyear=2016
|
||||
invoker.goals.2 = ${project.groupId}:${project.artifactId}:${project.version}:purge -DdataDirectory=./data
|
||||
invoker.goals.2 = ${project.groupId}:${project.artifactId}:${project.version}:purge -DdataDirectory=./data
|
||||
|
||||
@@ -45,7 +45,7 @@ public class PurgeMojo extends BaseDependencyCheckMojo {
|
||||
/**
|
||||
* Returns false; this mojo cannot generate a report.
|
||||
*
|
||||
* @return <code>false</code>
|
||||
* @return <code>false</code>
|
||||
*/
|
||||
@Override
|
||||
public boolean canGenerateReport() {
|
||||
|
||||
@@ -351,7 +351,7 @@ public final class Downloader {
|
||||
try {
|
||||
quickQuery = Settings.getBoolean(Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP, true);
|
||||
} catch (InvalidSettingException e) {
|
||||
if (LOGGER.isTraceEnabled()){
|
||||
if (LOGGER.isTraceEnabled()) {
|
||||
LOGGER.trace("Invalid settings : {}", e.getMessage(), e);
|
||||
}
|
||||
quickQuery = true;
|
||||
|
||||
@@ -119,7 +119,7 @@ public final class XmlUtils {
|
||||
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
||||
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||
DocumentBuilder db = factory.newDocumentBuilder();
|
||||
final DocumentBuilder db = factory.newDocumentBuilder();
|
||||
return db;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user