diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java index dc1baa9d8..c5cec9ccb 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java @@ -205,6 +205,7 @@ public class App { * @param excludes the patterns for files/directories to exclude * @param symLinkDepth the depth that symbolic links will be followed * @param cvssFailScore the score to fail on if a vulnerability is found + * @return the exit code if there was an error * * @throws InvalidScanPathException thrown if the path to scan starts with * "//" @@ -216,7 +217,8 @@ public class App { * collection. */ private int runScan(String reportDirectory, String outputFormat, String applicationName, String[] files, - String[] excludes, int symLinkDepth, int cvssFailScore) throws InvalidScanPathException, DatabaseException, ExceptionCollection, ReportException { + String[] excludes, int symLinkDepth, int cvssFailScore) throws InvalidScanPathException, DatabaseException, + ExceptionCollection, ReportException { Engine engine = null; int retCode = 0; try { @@ -308,11 +310,12 @@ public class App { //Set the exit code based on whether we found a high enough vulnerability for (Dependency dep : dependencies) { - if (dep.getVulnerabilities().size() != 0) { + if (!dep.getVulnerabilities().isEmpty()) { for (Vulnerability vuln : dep.getVulnerabilities()) { LOGGER.debug("VULNERABILITY FOUND " + dep.getDisplayFileName()); - if (vuln.getCvssScore() > cvssFailScore) + if (vuln.getCvssScore() > cvssFailScore) { retCode = 1; + } } } } diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java index 09a5bea21..a5c17e41c 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java @@ -290,7 +290,8 @@ public final class CliParser { .build(); final Option failOnCVSS = Option.builder().argName("score").hasArg().longOpt(ARGUMENT.FAIL_ON_CVSS) - .desc("Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11; since the CVSS scores are 0-10, by default the build will never fail.") + .desc("Specifies if the build should be failed if a CVSS score above a specified level is identified. " + + "The default is 11; since the CVSS scores are 0-10, by default the build will never fail.") .build(); //This is an option group because it can be specified more then once. @@ -1111,13 +1112,14 @@ public final class CliParser { } /** - * Returns the CVSS value to fail on + * Returns the CVSS value to fail on. * - * @return 11 if nothing is set. Otherwise it returns the int passed from the command line arg + * @return 11 if nothing is set. Otherwise it returns the int passed from + * the command line arg */ public int getFailOnCVSS() { - if(line.hasOption(ARGUMENT.FAIL_ON_CVSS)) { - String value = line.getOptionValue(ARGUMENT.FAIL_ON_CVSS); + if (line.hasOption(ARGUMENT.FAIL_ON_CVSS)) { + final String value = line.getOptionValue(ARGUMENT.FAIL_ON_CVSS); try { return Integer.parseInt(value); } catch (NumberFormatException nfe) { @@ -1310,8 +1312,7 @@ public final class CliParser { */ public static final String SUPPRESSION_FILE = "suppression"; /** - * The CLI argument name for setting the location of the hint - * file. + * The CLI argument name for setting the location of the hint file. */ public static final String HINTS_FILE = "hints"; /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java index 8f8415dca..dab37cafd 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java @@ -142,7 +142,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer { final ListIterator subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex()); while (subIterator.hasNext()) { final Dependency nextDependency = subIterator.next(); - Dependency main = null; if (hashesMatch(dependency, nextDependency) && !containedInWar(dependency.getFilePath()) && !containedInWar(nextDependency.getFilePath())) { if (firstPathIsShortest(dependency.getFilePath(), nextDependency.getFilePath())) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 353f8dade..77fc4eeed 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -260,7 +260,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @return whether or not evidence was added to the dependency */ protected boolean analyzePOM(Dependency dependency, List classes, Engine engine) throws AnalysisException { - boolean foundSomething = false; JarFile jar = null; List pomEntries = null; try { @@ -292,7 +291,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { pomFile = new File(path); } if (pomFile.isFile()) { - Model pom = PomUtils.readPom(pomFile); + final Model pom = PomUtils.readPom(pomFile); if (pom != null && pomProperties != null) { pom.processProperties(pomProperties); } @@ -347,7 +346,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { } catch (IOException ex) { LOGGER.trace("", ex); } - return foundSomething; + return false; } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java index 32f93c1aa..e01ee9962 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java @@ -87,6 +87,9 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { */ private static final String SUPPORTED_EXTENSIONS = "jar"; + /** + * Whether or not the Nexus analyzer should use a proxy if configured. + */ private boolean useProxy; /** * The Nexus Search to be set up for this analyzer. @@ -265,7 +268,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { LOGGER.debug("Could not connect to nexus repository", ioe); } } - + /** * Determine if a proxy should be used. * diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java index 82f737fd4..9f4da5b78 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java @@ -114,7 +114,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer { throw new AnalysisException(String.format("%s should have been a directory.", folder.getAbsolutePath())); } final List args = new ArrayList(); - String bundleAuditPath = Settings.getString(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH); + final String bundleAuditPath = Settings.getString(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH); File bundleAudit = null; if (bundleAuditPath != null) { bundleAudit = new File(bundleAuditPath); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParser.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParser.java index 0f5dee91c..bbf2ecd1d 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParser.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParser.java @@ -58,7 +58,7 @@ public class XPathNuspecParser implements NuspecParser { @Override public NugetPackage parse(InputStream stream) throws NuspecParseException { try { - DocumentBuilder db = XmlUtils.buildSecureDocumentBuilder(); + final DocumentBuilder db = XmlUtils.buildSecureDocumentBuilder(); final Document d = db.parse(stream); final XPath xpath = XPathFactory.newInstance().newXPath(); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java index 2d4086f03..8283fc5f2 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java @@ -171,8 +171,8 @@ public class DatabaseProperties { try { final long epoch = Long.parseLong((String) entry.getValue()); final DateTime date = new DateTime(epoch); - DateTimeFormatter format = DateTimeFormat.forPattern("dd/MM/yyyy HH:mm:ss"); - String formatted = format.print(date); + final DateTimeFormatter format = DateTimeFormat.forPattern("dd/MM/yyyy HH:mm:ss"); + final String formatted = format.print(date); // final Date date = new Date(epoch); // final DateFormat format = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss"); // final String formatted = format.format(date); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java index 2729c9f1c..a69181d51 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java @@ -27,9 +27,6 @@ import java.io.InputStreamReader; import java.io.OutputStream; import java.io.OutputStreamWriter; import java.io.UnsupportedEncodingException; -import java.text.DateFormat; -import java.text.SimpleDateFormat; -import java.util.Date; import java.util.List; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; @@ -109,13 +106,12 @@ public class ReportGenerator { final EscapeTool enc = new EscapeTool(); final DateTime dt = DateTime.now(); - DateTimeFormatter dateFormat = DateTimeFormat.forPattern("MMM d, yyyy 'at' HH:mm:ss z"); - DateTimeFormatter dateFormatXML = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss.SSSZ"); - + final DateTimeFormatter dateFormat = DateTimeFormat.forPattern("MMM d, yyyy 'at' HH:mm:ss z"); + final DateTimeFormatter dateFormatXML = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss.SSSZ"); + // final Date d = new Date(); // final DateFormat dateFormat = new SimpleDateFormat("MMM d, yyyy 'at' HH:mm:ss z"); // final DateFormat dateFormatXML = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ"); - final String scanDate = dateFormat.print(dt); final String scanDateXML = dateFormatXML.print(dt); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java index 5ed10f2f9..b55cffca7 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java @@ -18,7 +18,6 @@ package org.owasp.dependencycheck.utils; import java.io.BufferedInputStream; -import java.io.Closeable; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionParser.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionParser.java index f663dd5cb..3a2aab76c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionParser.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionParser.java @@ -110,7 +110,7 @@ public class SuppressionParser { try { schemaStream = this.getClass().getClassLoader().getResourceAsStream(SUPPRESSION_SCHEMA); final SuppressionHandler handler = new SuppressionHandler(); - SAXParser saxParser = XmlUtils.buildSecureSaxParser(schemaStream); + final SAXParser saxParser = XmlUtils.buildSecureSaxParser(schemaStream); final XMLReader xmlReader = saxParser.getXMLReader(); xmlReader.setErrorHandler(new SuppressionErrorHandler()); xmlReader.setContentHandler(handler); @@ -149,8 +149,6 @@ public class SuppressionParser { } } - - /** * Parses the given XML stream and returns a list of the suppression rules * contained. diff --git a/dependency-check-maven/src/it/618-aggregator-purge/invoker.properties b/dependency-check-maven/src/it/618-aggregator-purge/invoker.properties index adb5bc444..c67d88503 100644 --- a/dependency-check-maven/src/it/618-aggregator-purge/invoker.properties +++ b/dependency-check-maven/src/it/618-aggregator-purge/invoker.properties @@ -17,4 +17,4 @@ # invoker.goals.1 = ${project.groupId}:${project.artifactId}:${project.version}:update-only -DdataDirectory=./data -Dcve.startyear=2016 -invoker.goals.2 = ${project.groupId}:${project.artifactId}:${project.version}:purge -DdataDirectory=./data +invoker.goals.2 = ${project.groupId}:${project.artifactId}:${project.version}:purge -DdataDirectory=./data diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java index 8d9f2104b..490ffe45c 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java @@ -45,7 +45,7 @@ public class PurgeMojo extends BaseDependencyCheckMojo { /** * Returns false; this mojo cannot generate a report. * - * @return false + * @return false */ @Override public boolean canGenerateReport() { diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java index c3ab08ac6..41c594d9f 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java @@ -351,7 +351,7 @@ public final class Downloader { try { quickQuery = Settings.getBoolean(Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP, true); } catch (InvalidSettingException e) { - if (LOGGER.isTraceEnabled()){ + if (LOGGER.isTraceEnabled()) { LOGGER.trace("Invalid settings : {}", e.getMessage(), e); } quickQuery = true; diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java index 734fcbb27..9c167356e 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java @@ -119,7 +119,7 @@ public final class XmlUtils { factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - DocumentBuilder db = factory.newDocumentBuilder(); + final DocumentBuilder db = factory.newDocumentBuilder(); return db; } }