mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-21 16:49:43 +01:00
checkstyle recommendations
This commit is contained in:
Jeremy Long
@@ -205,6 +205,7 @@ public class App {
|
|||||||
* @param excludes the patterns for files/directories to exclude
|
* @param excludes the patterns for files/directories to exclude
|
||||||
* @param symLinkDepth the depth that symbolic links will be followed
|
* @param symLinkDepth the depth that symbolic links will be followed
|
||||||
* @param cvssFailScore the score to fail on if a vulnerability is found
|
* @param cvssFailScore the score to fail on if a vulnerability is found
|
||||||
|
* @return the exit code if there was an error
|
||||||
*
|
*
|
||||||
* @throws InvalidScanPathException thrown if the path to scan starts with
|
* @throws InvalidScanPathException thrown if the path to scan starts with
|
||||||
* "//"
|
* "//"
|
||||||
@@ -216,7 +217,8 @@ public class App {
|
|||||||
* collection.
|
* collection.
|
||||||
*/
|
*/
|
||||||
private int runScan(String reportDirectory, String outputFormat, String applicationName, String[] files,
|
private int runScan(String reportDirectory, String outputFormat, String applicationName, String[] files,
|
||||||
String[] excludes, int symLinkDepth, int cvssFailScore) throws InvalidScanPathException, DatabaseException, ExceptionCollection, ReportException {
|
String[] excludes, int symLinkDepth, int cvssFailScore) throws InvalidScanPathException, DatabaseException,
|
||||||
|
ExceptionCollection, ReportException {
|
||||||
Engine engine = null;
|
Engine engine = null;
|
||||||
int retCode = 0;
|
int retCode = 0;
|
||||||
try {
|
try {
|
||||||
@@ -308,14 +310,15 @@ public class App {
|
|||||||
|
|
||||||
//Set the exit code based on whether we found a high enough vulnerability
|
//Set the exit code based on whether we found a high enough vulnerability
|
||||||
for (Dependency dep : dependencies) {
|
for (Dependency dep : dependencies) {
|
||||||
if (dep.getVulnerabilities().size() != 0) {
|
if (!dep.getVulnerabilities().isEmpty()) {
|
||||||
for (Vulnerability vuln : dep.getVulnerabilities()) {
|
for (Vulnerability vuln : dep.getVulnerabilities()) {
|
||||||
LOGGER.debug("VULNERABILITY FOUND " + dep.getDisplayFileName());
|
LOGGER.debug("VULNERABILITY FOUND " + dep.getDisplayFileName());
|
||||||
if (vuln.getCvssScore() > cvssFailScore)
|
if (vuln.getCvssScore() > cvssFailScore) {
|
||||||
retCode = 1;
|
retCode = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return retCode;
|
return retCode;
|
||||||
} finally {
|
} finally {
|
||||||
|
|||||||
@@ -290,7 +290,8 @@ public final class CliParser {
|
|||||||
.build();
|
.build();
|
||||||
|
|
||||||
final Option failOnCVSS = Option.builder().argName("score").hasArg().longOpt(ARGUMENT.FAIL_ON_CVSS)
|
final Option failOnCVSS = Option.builder().argName("score").hasArg().longOpt(ARGUMENT.FAIL_ON_CVSS)
|
||||||
.desc("Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11; since the CVSS scores are 0-10, by default the build will never fail.")
|
.desc("Specifies if the build should be failed if a CVSS score above a specified level is identified. "
|
||||||
|
+ "The default is 11; since the CVSS scores are 0-10, by default the build will never fail.")
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
//This is an option group because it can be specified more then once.
|
//This is an option group because it can be specified more then once.
|
||||||
@@ -1111,13 +1112,14 @@ public final class CliParser {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the CVSS value to fail on
|
* Returns the CVSS value to fail on.
|
||||||
*
|
*
|
||||||
* @return 11 if nothing is set. Otherwise it returns the int passed from the command line arg
|
* @return 11 if nothing is set. Otherwise it returns the int passed from
|
||||||
|
* the command line arg
|
||||||
*/
|
*/
|
||||||
public int getFailOnCVSS() {
|
public int getFailOnCVSS() {
|
||||||
if(line.hasOption(ARGUMENT.FAIL_ON_CVSS)) {
|
if (line.hasOption(ARGUMENT.FAIL_ON_CVSS)) {
|
||||||
String value = line.getOptionValue(ARGUMENT.FAIL_ON_CVSS);
|
final String value = line.getOptionValue(ARGUMENT.FAIL_ON_CVSS);
|
||||||
try {
|
try {
|
||||||
return Integer.parseInt(value);
|
return Integer.parseInt(value);
|
||||||
} catch (NumberFormatException nfe) {
|
} catch (NumberFormatException nfe) {
|
||||||
@@ -1310,8 +1312,7 @@ public final class CliParser {
|
|||||||
*/
|
*/
|
||||||
public static final String SUPPRESSION_FILE = "suppression";
|
public static final String SUPPRESSION_FILE = "suppression";
|
||||||
/**
|
/**
|
||||||
* The CLI argument name for setting the location of the hint
|
* The CLI argument name for setting the location of the hint file.
|
||||||
* file.
|
|
||||||
*/
|
*/
|
||||||
public static final String HINTS_FILE = "hints";
|
public static final String HINTS_FILE = "hints";
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -142,7 +142,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer {
|
|||||||
final ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
|
final ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
|
||||||
while (subIterator.hasNext()) {
|
while (subIterator.hasNext()) {
|
||||||
final Dependency nextDependency = subIterator.next();
|
final Dependency nextDependency = subIterator.next();
|
||||||
Dependency main = null;
|
|
||||||
if (hashesMatch(dependency, nextDependency) && !containedInWar(dependency.getFilePath())
|
if (hashesMatch(dependency, nextDependency) && !containedInWar(dependency.getFilePath())
|
||||||
&& !containedInWar(nextDependency.getFilePath())) {
|
&& !containedInWar(nextDependency.getFilePath())) {
|
||||||
if (firstPathIsShortest(dependency.getFilePath(), nextDependency.getFilePath())) {
|
if (firstPathIsShortest(dependency.getFilePath(), nextDependency.getFilePath())) {
|
||||||
|
|||||||
@@ -260,7 +260,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
* @return whether or not evidence was added to the dependency
|
* @return whether or not evidence was added to the dependency
|
||||||
*/
|
*/
|
||||||
protected boolean analyzePOM(Dependency dependency, List<ClassNameInformation> classes, Engine engine) throws AnalysisException {
|
protected boolean analyzePOM(Dependency dependency, List<ClassNameInformation> classes, Engine engine) throws AnalysisException {
|
||||||
boolean foundSomething = false;
|
|
||||||
JarFile jar = null;
|
JarFile jar = null;
|
||||||
List<String> pomEntries = null;
|
List<String> pomEntries = null;
|
||||||
try {
|
try {
|
||||||
@@ -292,7 +291,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
pomFile = new File(path);
|
pomFile = new File(path);
|
||||||
}
|
}
|
||||||
if (pomFile.isFile()) {
|
if (pomFile.isFile()) {
|
||||||
Model pom = PomUtils.readPom(pomFile);
|
final Model pom = PomUtils.readPom(pomFile);
|
||||||
if (pom != null && pomProperties != null) {
|
if (pom != null && pomProperties != null) {
|
||||||
pom.processProperties(pomProperties);
|
pom.processProperties(pomProperties);
|
||||||
}
|
}
|
||||||
@@ -347,7 +346,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
} catch (IOException ex) {
|
} catch (IOException ex) {
|
||||||
LOGGER.trace("", ex);
|
LOGGER.trace("", ex);
|
||||||
}
|
}
|
||||||
return foundSomething;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -87,6 +87,9 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
*/
|
*/
|
||||||
private static final String SUPPORTED_EXTENSIONS = "jar";
|
private static final String SUPPORTED_EXTENSIONS = "jar";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Whether or not the Nexus analyzer should use a proxy if configured.
|
||||||
|
*/
|
||||||
private boolean useProxy;
|
private boolean useProxy;
|
||||||
/**
|
/**
|
||||||
* The Nexus Search to be set up for this analyzer.
|
* The Nexus Search to be set up for this analyzer.
|
||||||
|
|||||||
@@ -114,7 +114,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
throw new AnalysisException(String.format("%s should have been a directory.", folder.getAbsolutePath()));
|
throw new AnalysisException(String.format("%s should have been a directory.", folder.getAbsolutePath()));
|
||||||
}
|
}
|
||||||
final List<String> args = new ArrayList<String>();
|
final List<String> args = new ArrayList<String>();
|
||||||
String bundleAuditPath = Settings.getString(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH);
|
final String bundleAuditPath = Settings.getString(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH);
|
||||||
File bundleAudit = null;
|
File bundleAudit = null;
|
||||||
if (bundleAuditPath != null) {
|
if (bundleAuditPath != null) {
|
||||||
bundleAudit = new File(bundleAuditPath);
|
bundleAudit = new File(bundleAuditPath);
|
||||||
|
|||||||
@@ -58,7 +58,7 @@ public class XPathNuspecParser implements NuspecParser {
|
|||||||
@Override
|
@Override
|
||||||
public NugetPackage parse(InputStream stream) throws NuspecParseException {
|
public NugetPackage parse(InputStream stream) throws NuspecParseException {
|
||||||
try {
|
try {
|
||||||
DocumentBuilder db = XmlUtils.buildSecureDocumentBuilder();
|
final DocumentBuilder db = XmlUtils.buildSecureDocumentBuilder();
|
||||||
final Document d = db.parse(stream);
|
final Document d = db.parse(stream);
|
||||||
|
|
||||||
final XPath xpath = XPathFactory.newInstance().newXPath();
|
final XPath xpath = XPathFactory.newInstance().newXPath();
|
||||||
|
|||||||
@@ -171,8 +171,8 @@ public class DatabaseProperties {
|
|||||||
try {
|
try {
|
||||||
final long epoch = Long.parseLong((String) entry.getValue());
|
final long epoch = Long.parseLong((String) entry.getValue());
|
||||||
final DateTime date = new DateTime(epoch);
|
final DateTime date = new DateTime(epoch);
|
||||||
DateTimeFormatter format = DateTimeFormat.forPattern("dd/MM/yyyy HH:mm:ss");
|
final DateTimeFormatter format = DateTimeFormat.forPattern("dd/MM/yyyy HH:mm:ss");
|
||||||
String formatted = format.print(date);
|
final String formatted = format.print(date);
|
||||||
// final Date date = new Date(epoch);
|
// final Date date = new Date(epoch);
|
||||||
// final DateFormat format = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
|
// final DateFormat format = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
|
||||||
// final String formatted = format.format(date);
|
// final String formatted = format.format(date);
|
||||||
|
|||||||
@@ -27,9 +27,6 @@ import java.io.InputStreamReader;
|
|||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
import java.io.OutputStreamWriter;
|
import java.io.OutputStreamWriter;
|
||||||
import java.io.UnsupportedEncodingException;
|
import java.io.UnsupportedEncodingException;
|
||||||
import java.text.DateFormat;
|
|
||||||
import java.text.SimpleDateFormat;
|
|
||||||
import java.util.Date;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import org.apache.velocity.VelocityContext;
|
import org.apache.velocity.VelocityContext;
|
||||||
import org.apache.velocity.app.VelocityEngine;
|
import org.apache.velocity.app.VelocityEngine;
|
||||||
@@ -109,13 +106,12 @@ public class ReportGenerator {
|
|||||||
final EscapeTool enc = new EscapeTool();
|
final EscapeTool enc = new EscapeTool();
|
||||||
|
|
||||||
final DateTime dt = DateTime.now();
|
final DateTime dt = DateTime.now();
|
||||||
DateTimeFormatter dateFormat = DateTimeFormat.forPattern("MMM d, yyyy 'at' HH:mm:ss z");
|
final DateTimeFormatter dateFormat = DateTimeFormat.forPattern("MMM d, yyyy 'at' HH:mm:ss z");
|
||||||
DateTimeFormatter dateFormatXML = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
|
final DateTimeFormatter dateFormatXML = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
|
||||||
|
|
||||||
// final Date d = new Date();
|
// final Date d = new Date();
|
||||||
// final DateFormat dateFormat = new SimpleDateFormat("MMM d, yyyy 'at' HH:mm:ss z");
|
// final DateFormat dateFormat = new SimpleDateFormat("MMM d, yyyy 'at' HH:mm:ss z");
|
||||||
// final DateFormat dateFormatXML = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
|
// final DateFormat dateFormatXML = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
|
||||||
|
|
||||||
final String scanDate = dateFormat.print(dt);
|
final String scanDate = dateFormat.print(dt);
|
||||||
final String scanDateXML = dateFormatXML.print(dt);
|
final String scanDateXML = dateFormatXML.print(dt);
|
||||||
|
|
||||||
|
|||||||
@@ -18,7 +18,6 @@
|
|||||||
package org.owasp.dependencycheck.utils;
|
package org.owasp.dependencycheck.utils;
|
||||||
|
|
||||||
import java.io.BufferedInputStream;
|
import java.io.BufferedInputStream;
|
||||||
import java.io.Closeable;
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
|
|||||||
@@ -110,7 +110,7 @@ public class SuppressionParser {
|
|||||||
try {
|
try {
|
||||||
schemaStream = this.getClass().getClassLoader().getResourceAsStream(SUPPRESSION_SCHEMA);
|
schemaStream = this.getClass().getClassLoader().getResourceAsStream(SUPPRESSION_SCHEMA);
|
||||||
final SuppressionHandler handler = new SuppressionHandler();
|
final SuppressionHandler handler = new SuppressionHandler();
|
||||||
SAXParser saxParser = XmlUtils.buildSecureSaxParser(schemaStream);
|
final SAXParser saxParser = XmlUtils.buildSecureSaxParser(schemaStream);
|
||||||
final XMLReader xmlReader = saxParser.getXMLReader();
|
final XMLReader xmlReader = saxParser.getXMLReader();
|
||||||
xmlReader.setErrorHandler(new SuppressionErrorHandler());
|
xmlReader.setErrorHandler(new SuppressionErrorHandler());
|
||||||
xmlReader.setContentHandler(handler);
|
xmlReader.setContentHandler(handler);
|
||||||
@@ -149,8 +149,6 @@ public class SuppressionParser {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Parses the given XML stream and returns a list of the suppression rules
|
* Parses the given XML stream and returns a list of the suppression rules
|
||||||
* contained.
|
* contained.
|
||||||
|
|||||||
@@ -351,7 +351,7 @@ public final class Downloader {
|
|||||||
try {
|
try {
|
||||||
quickQuery = Settings.getBoolean(Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP, true);
|
quickQuery = Settings.getBoolean(Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP, true);
|
||||||
} catch (InvalidSettingException e) {
|
} catch (InvalidSettingException e) {
|
||||||
if (LOGGER.isTraceEnabled()){
|
if (LOGGER.isTraceEnabled()) {
|
||||||
LOGGER.trace("Invalid settings : {}", e.getMessage(), e);
|
LOGGER.trace("Invalid settings : {}", e.getMessage(), e);
|
||||||
}
|
}
|
||||||
quickQuery = true;
|
quickQuery = true;
|
||||||
|
|||||||
@@ -119,7 +119,7 @@ public final class XmlUtils {
|
|||||||
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||||
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
||||||
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||||
DocumentBuilder db = factory.newDocumentBuilder();
|
final DocumentBuilder db = factory.newDocumentBuilder();
|
||||||
return db;
|
return db;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user