github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

checkstyle suggested cleanup

Browse Source
This commit is contained in:
Jeremy Long
2017-09-12 08:55:57 -04:00
parent 82a5b4ab12
commit 4358952e17
24 changed files with 73 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
View File

@@ -50,13 +50,14 @@ public class Purge extends Task {
* Indicates if dependency-check should fail the build if an exception
* occurs.
*/
private boolean failOnError = true;
private boolean failOnError = true;
/**
* Construct a new DependencyCheckTask.
*/
public Purge() {
super();
// Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from
// core end up coming through this tasks logger
StaticLoggerBinder.getSingleton().setTask(this);
@@ -65,7 +66,7 @@ public class Purge extends Task {
public Settings getSettings() {
return settings;
}
/**
* Get the value of dataDirectory.
*

5
dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
View File

@@ -58,6 +58,11 @@ public final class CliParser {
*/
private final Settings settings;
/**
* Constructs a new CLI Parser object with the configured settings.
*
* @param settings the configured settings
*/
public CliParser(Settings settings) {
this.settings = settings;
}

11
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -246,6 +246,17 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
engine.sortDependencies();
}
/**
* Extracts the contents of the archive dependency and scans for additional
* dependencies.
*
* @param dependency the dependency being analyzed
* @param engine the engine doing the analysis
* @param scanDepth the current scan depth; extracctAndAnalyze is recursive
* and will, be default, only go 3 levels deep
* @throws AnalysisException thrown if there is a problem analyzing the
* dependencies
*/
private void extractAndAnalyze(Dependency dependency, Engine engine, int scanDepth) throws AnalysisException {
final File f = new File(dependency.getActualFilePath());
final File tmpDir = getNextTempDirectory();

1
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
View File

@@ -28,7 +28,6 @@ import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
View File

@@ -241,9 +241,9 @@ public class CPEAnalyzer extends AbstractAnalyzer {
final StringBuilder sb = new StringBuilder();
sb.append(' ').append(txt).append(' ');
for (Evidence e : evidence) {
String value = e.getValue();
final String value = e.getValue();
//removed as the URLTokenizingFilter was created
//hack to get around the fact that lucene does a really good job of recognizing domains and not splitting them.
//hack to get around the fact that lucene does a really good job of recognizing domains and not splitting them.
// if (value.startsWith("http://")) {
// value = value.substring(7).replaceAll("\\.", " ");
// }
@@ -499,7 +499,7 @@ public class CPEAnalyzer extends AbstractAnalyzer {
boolean found = false;
for (Evidence e : evidence) {
if (e.getValue().toLowerCase().contains(word.toLowerCase())) {
if ("http".equals(word)&& e.getValue().contains("http:")) {
if ("http".equals(word) && e.getValue().contains("http:")) {
continue;
}
found = true;

10
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java
View File

@@ -141,25 +141,25 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
dependency.addEvidence(EvidenceType.PRODUCT, PODSPEC, "name_project", name, Confidence.HIGHEST);
dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "name_project", name, Confidence.HIGHEST);
}
String summary = determineEvidence(contents, blockVariable, "summary");
final String summary = determineEvidence(contents, blockVariable, "summary");
if (!summary.isEmpty()) {
dependency.addEvidence(EvidenceType.PRODUCT, PODSPEC, "summary", summary, Confidence.HIGHEST);
}
String author = determineEvidence(contents, blockVariable, "authors?");
final String author = determineEvidence(contents, blockVariable, "authors?");
if (!author.isEmpty()) {
dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "author", author, Confidence.HIGHEST);
}
String homepage = determineEvidence(contents, blockVariable, "homepage");
final String homepage = determineEvidence(contents, blockVariable, "homepage");
if (!homepage.isEmpty()) {
dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "homepage", homepage, Confidence.HIGHEST);
}
String license = determineEvidence(contents, blockVariable, "licen[cs]es?");
final String license = determineEvidence(contents, blockVariable, "licen[cs]es?");
if (!license.isEmpty()) {
dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "license", license, Confidence.HIGHEST);
}
String version = determineEvidence(contents, blockVariable, "version");
final String version = determineEvidence(contents, blockVariable, "version");
if (!version.isEmpty()) {
dependency.addEvidence(EvidenceType.VERSION, PODSPEC, "version", version, Confidence.HIGHEST);
}

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
View File

@@ -18,7 +18,6 @@
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.util.Iterator;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -185,7 +184,7 @@ public class DependencyBundlingAnalyzer extends AbstractDependencyComparingAnaly
}
//below is always true
//if (tmp > 0) {
pos = tmp + 1;
pos = tmp + 1;
//}
tmp = path.indexOf(File.separator, pos);
if (tmp > 0) {

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyMergingAnalyzer.java
View File

@@ -18,7 +18,6 @@
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.util.Iterator;
import java.util.Set;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
@@ -131,7 +130,7 @@ public class DependencyMergingAnalyzer extends AbstractDependencyComparingAnalyz
for (Evidence e : relatedDependency.getEvidence(EvidenceType.VERSION)) {
dependency.addEvidence(EvidenceType.VERSION, e);
}
for (Dependency d : relatedDependency.getRelatedDependencies()) {
dependency.addRelatedDependency(d);
relatedDependency.removeRelatedDependencies(d);

1
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
View File

@@ -23,7 +23,6 @@ import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Set;

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java
View File

@@ -114,7 +114,7 @@ public class FileNameAnalyzer extends AbstractAnalyzer {
// a shade. This should hopefully correct for cases like log4j.jar or
// struts2-core.jar
if (version.getVersionParts() == null || version.getVersionParts().size() < 2) {
dependency.addEvidence(EvidenceType.VERSION, "file", "version",version.toString(), Confidence.MEDIUM);
dependency.addEvidence(EvidenceType.VERSION, "file", "version", version.toString(), Confidence.MEDIUM);
} else {
dependency.addEvidence(EvidenceType.VERSION, "file", "version", version.toString(), Confidence.HIGHEST);
}

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
View File

@@ -209,7 +209,8 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
if (value instanceof JsonString) {
final String valueString = ((JsonString) value).getString();
dependency.addEvidence(EvidenceType.PRODUCT, PACKAGE_JSON, "name", valueString, Confidence.HIGHEST);
dependency.addEvidence(EvidenceType.VENDOR, PACKAGE_JSON, "name_project", String.format("%s_project", valueString), Confidence.LOW);
dependency.addEvidence(EvidenceType.VENDOR, PACKAGE_JSON, "name_project",
String.format("%s_project", valueString), Confidence.LOW);
} else {
LOGGER.warn("JSON value not string as expected: {}", value);
}
@@ -338,8 +339,9 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
* Adds information to an evidence collection from the node json
* configuration.
*
* @param dep the dependency to which the evidence will be added
* @param type the type of evidence to be added
* @param json information from node.js
* @param collection a set of evidence about a dependency
* @param key the key to obtain the data from the json information
*/
private void addToEvidence(Dependency dep, EvidenceType type, JsonObject json, String key) {

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
View File

@@ -141,11 +141,11 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
}
if (np.getOwners() != null) {
dependency.addEvidence(EvidenceType.VENDOR,"nuspec", "owners", np.getOwners(), Confidence.HIGHEST);
dependency.addEvidence(EvidenceType.VENDOR, "nuspec", "owners", np.getOwners(), Confidence.HIGHEST);
}
dependency.addEvidence(EvidenceType.VENDOR,"nuspec", "authors", np.getAuthors(), Confidence.HIGH);
dependency.addEvidence(EvidenceType.VERSION,"nuspec", "version", np.getVersion(), Confidence.HIGHEST);
dependency.addEvidence(EvidenceType.PRODUCT,"nuspec", "id", np.getId(), Confidence.HIGHEST);
dependency.addEvidence(EvidenceType.VENDOR, "nuspec", "authors", np.getAuthors(), Confidence.HIGH);
dependency.addEvidence(EvidenceType.VERSION, "nuspec", "version", np.getVersion(), Confidence.HIGHEST);
dependency.addEvidence(EvidenceType.PRODUCT, "nuspec", "id", np.getId(), Confidence.HIGHEST);
if (np.getTitle() != null) {
dependency.addEvidence(EvidenceType.PRODUCT, "nuspec", "title", np.getTitle(), Confidence.MEDIUM);
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
View File

@@ -299,8 +299,8 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
*
* @param dependency the dependency being analyzed
* @param type the type of evidence to add
* @param confidence the confidence in the evidence being added
* @param headers the properties collection
* @param evidence the evidence collection to add the value
* @param property the property name
*/
private static void addPropertyToEvidence(Dependency dependency, EvidenceType type, Confidence confidence,

7
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.java
View File

@@ -18,7 +18,6 @@
package org.owasp.dependencycheck.analyzer;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import javax.annotation.concurrent.ThreadSafe;
@@ -154,8 +153,8 @@ public class VersionFilterAnalyzer extends AbstractAnalyzer {
final boolean pomMatch = Objects.equals(dvPom, dvFile) || Objects.equals(dvPom, dvManifest);
if (fileMatch || manifestMatch || pomMatch) {
LOGGER.debug("filtering evidence from {}", dependency.getFileName());
Set<Evidence> remove = new HashSet<>();
for(Evidence e : dependency.getEvidence(EvidenceType.VERSION)) {
final Set<Evidence> remove = new HashSet<>();
for (Evidence e : dependency.getEvidence(EvidenceType.VERSION)) {
if (!(pomMatch && VERSION.equals(e.getName())
&& (NEXUS.equals(e.getSource()) || CENTRAL.equals(e.getSource()) || POM.equals(e.getSource())))
&& !(fileMatch && VERSION.equals(e.getName()) && FILE.equals(e.getSource()))
@@ -163,7 +162,7 @@ public class VersionFilterAnalyzer extends AbstractAnalyzer {
remove.add(e);
}
}
for (Evidence e: remove) {
for (Evidence e : remove) {
dependency.removeEvidence(EvidenceType.VERSION, e);
}
}

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java
View File

@@ -151,8 +151,8 @@ public final class CpeMemoryIndex implements AutoCloseable {
private Analyzer createSearchingAnalyzer() {
final Map<String, Analyzer> fieldAnalyzers = new HashMap<>();
fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer());
SearchFieldAnalyzer productFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
SearchFieldAnalyzer vendorFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
final SearchFieldAnalyzer productFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
final SearchFieldAnalyzer vendorFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
fieldAnalyzers.put(Fields.PRODUCT, productFieldAnalyzer);
fieldAnalyzers.put(Fields.VENDOR, vendorFieldAnalyzer);

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
View File

@@ -303,12 +303,12 @@ public class NvdCveUpdater implements CachedWebDataSource {
}
//always true because <=0 exits early above
//if (maxUpdates >= 1) {
//ensure the modified file date gets written (we may not have actually updated it)
dbProperties.save(updateable.get(MODIFIED));
LOGGER.info("Begin database maintenance.");
cveDb.cleanupDatabase();
LOGGER.info("End database maintenance.");
//if (maxUpdates >= 1) {
//ensure the modified file date gets written (we may not have actually updated it)
dbProperties.save(updateable.get(MODIFIED));
LOGGER.info("Begin database maintenance.");
cveDb.cleanupDatabase();
LOGGER.info("End database maintenance.");
//}
}

27
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceType.java
View File

@@ -19,20 +19,21 @@ package org.owasp.dependencycheck.dependency;
/**
* The types of evidence.
*
* @author jeremy long
*/
public enum EvidenceType {
/**
* Vendor evidence.
*/
VENDOR,
/**
* Product evidence.
*/
PRODUCT,
/**
* Version evidence.
*/
VERSION
/**
* Vendor evidence.
*/
VENDOR,
/**
* Product evidence.
*/
PRODUCT,
/**
* Version evidence.
*/
VERSION
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java
View File

@@ -109,7 +109,7 @@ public class EscapeTool {
if (text == null || text.isEmpty()) {
return text;
}
//until lang3 has escapeJavaScript we use this...
//until lang3 has escapeJavaScript we use this...
return org.apache.commons.lang.StringEscapeUtils.escapeJavaScript(text);
}

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java
View File

@@ -367,7 +367,7 @@ public class SuppressionRule {
}
if (this.hasCpe()) {
Set<Identifier> removalList = new HashSet<>();
final Set<Identifier> removalList = new HashSet<>();
for (Identifier i : dependency.getIdentifiers()) {
for (PropertyType c : this.cpe) {
if (identifierMatches("cpe", c, i)) {
@@ -387,7 +387,7 @@ public class SuppressionRule {
}
}
if (hasCve() || hasCwe() || hasCvssBelow()) {
Set<Vulnerability> removeVulns = new HashSet<>();
final Set<Vulnerability> removeVulns = new HashSet<>();
for (Vulnerability v : dependency.getVulnerabilities()) {
boolean remove = false;
for (String entry : this.cve) {

2
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -1080,6 +1080,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
if (server != null) {
databaseUser = server.getUsername();
try {
//CSOFF: LineLength
//The following fix was copied from:
// https://github.com/bsorrentino/maven-confluence-plugin/blob/master/maven-confluence-reporting-plugin/src/main/java/org/bsc/maven/confluence/plugin/AbstractBaseConfluenceMojo.java
//
@@ -1087,6 +1088,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
// org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException:
// java.io.FileNotFoundException: ~/.settings-security.xml (No such file or directory)
//
//CSON: LineLength
if (securityDispatcher instanceof DefaultSecDispatcher) {
((DefaultSecDispatcher) securityDispatcher).setConfigurationFile("~/.m2/settings-security.xml");
}

1
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java
View File

@@ -30,7 +30,6 @@ import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.ReportException;
import org.owasp.dependencycheck.utils.Settings;
/**
* Maven Plugin that checks the project dependencies to see if they have any

1
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java
View File

@@ -26,7 +26,6 @@ import org.apache.maven.plugins.annotations.ResolutionScope;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.update.exception.UpdateException;
import org.owasp.dependencycheck.utils.Settings;
/**
* Maven Plugin that checks the project dependencies to see if they have any

3
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java
View File

@@ -71,7 +71,8 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
* supported
* @throws KeyManagementException thrown if initialization fails
*/
public SSLSocketFactoryEx(KeyManager[] km, TrustManager[] tm, SecureRandom random, Settings settings) throws NoSuchAlgorithmException, KeyManagementException {
public SSLSocketFactoryEx(KeyManager[] km, TrustManager[] tm, SecureRandom random, Settings settings)
throws NoSuchAlgorithmException, KeyManagementException {
this.settings = settings;
initSSLSocketFactoryEx(km, tm, random);
}

2
src/main/config/checkstyle-checks.xml
View File

@@ -197,7 +197,7 @@
<property name="braceAdjustment" value="0"/>
<property name="caseIndent" value="0"/>
</module-->
<module name="ArrayTrailingComma"/>
<!--module name="ArrayTrailingComma"/-->
<module name="FinalLocalVariable"/>
<module name="EqualsAvoidNull"/>
<module name="ParameterAssignment"/>