From 4358952e17c4712a2d720518e804bd93f8e26922 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Tue, 12 Sep 2017 08:55:57 -0400 Subject: [PATCH] checkstyle suggested cleanup --- .../owasp/dependencycheck/taskdefs/Purge.java | 7 ++--- .../org/owasp/dependencycheck/CliParser.java | 5 ++++ .../analyzer/ArchiveAnalyzer.java | 11 ++++++++ .../analyzer/AssemblyAnalyzer.java | 1 - .../dependencycheck/analyzer/CPEAnalyzer.java | 6 ++--- .../analyzer/CocoaPodsAnalyzer.java | 10 +++---- .../analyzer/DependencyBundlingAnalyzer.java | 3 +-- .../analyzer/DependencyMergingAnalyzer.java | 3 +-- .../analyzer/FalsePositiveAnalyzer.java | 1 - .../analyzer/FileNameAnalyzer.java | 2 +- .../dependencycheck/analyzer/NspAnalyzer.java | 6 +++-- .../analyzer/NuspecAnalyzer.java | 8 +++--- .../analyzer/PythonDistributionAnalyzer.java | 2 +- .../analyzer/VersionFilterAnalyzer.java | 7 +++-- .../data/cpe/CpeMemoryIndex.java | 4 +-- .../data/update/NvdCveUpdater.java | 12 ++++----- .../dependency/EvidenceType.java | 27 ++++++++++--------- .../dependencycheck/reporting/EscapeTool.java | 2 +- .../xml/suppression/SuppressionRule.java | 4 +-- .../maven/BaseDependencyCheckMojo.java | 2 ++ .../dependencycheck/maven/CheckMojo.java | 1 - .../dependencycheck/maven/UpdateMojo.java | 1 - .../utils/SSLSocketFactoryEx.java | 3 ++- src/main/config/checkstyle-checks.xml | 2 +- 24 files changed, 73 insertions(+), 57 deletions(-) diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java index c1582edb2..30bdf8775 100644 --- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java @@ -50,13 +50,14 @@ public class Purge extends Task { * Indicates if dependency-check should fail the build if an exception * occurs. */ - private boolean failOnError = true; + private boolean failOnError = true; + /** * Construct a new DependencyCheckTask. */ public Purge() { super(); - + // Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from // core end up coming through this tasks logger StaticLoggerBinder.getSingleton().setTask(this); @@ -65,7 +66,7 @@ public class Purge extends Task { public Settings getSettings() { return settings; } - + /** * Get the value of dataDirectory. * diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java index eee18ca27..4fd56bad3 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java @@ -58,6 +58,11 @@ public final class CliParser { */ private final Settings settings; + /** + * Constructs a new CLI Parser object with the configured settings. + * + * @param settings the configured settings + */ public CliParser(Settings settings) { this.settings = settings; } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index 6c14374ff..d542171e6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -246,6 +246,17 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { engine.sortDependencies(); } + /** + * Extracts the contents of the archive dependency and scans for additional + * dependencies. + * + * @param dependency the dependency being analyzed + * @param engine the engine doing the analysis + * @param scanDepth the current scan depth; extracctAndAnalyze is recursive + * and will, be default, only go 3 levels deep + * @throws AnalysisException thrown if there is a problem analyzing the + * dependencies + */ private void extractAndAnalyze(Dependency dependency, Engine engine, int scanDepth) throws AnalysisException { final File f = new File(dependency.getActualFilePath()); final File tmpDir = getNextTempDirectory(); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java index bb3701752..e4bbf9595 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java @@ -28,7 +28,6 @@ import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; -import org.owasp.dependencycheck.dependency.Evidence; import org.owasp.dependencycheck.utils.FileFilterBuilder; import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.Settings; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java index 4c27aaf80..ae2a55d35 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java @@ -241,9 +241,9 @@ public class CPEAnalyzer extends AbstractAnalyzer { final StringBuilder sb = new StringBuilder(); sb.append(' ').append(txt).append(' '); for (Evidence e : evidence) { - String value = e.getValue(); + final String value = e.getValue(); //removed as the URLTokenizingFilter was created - //hack to get around the fact that lucene does a really good job of recognizing domains and not splitting them. + //hack to get around the fact that lucene does a really good job of recognizing domains and not splitting them. // if (value.startsWith("http://")) { // value = value.substring(7).replaceAll("\\.", " "); // } @@ -499,7 +499,7 @@ public class CPEAnalyzer extends AbstractAnalyzer { boolean found = false; for (Evidence e : evidence) { if (e.getValue().toLowerCase().contains(word.toLowerCase())) { - if ("http".equals(word)&& e.getValue().contains("http:")) { + if ("http".equals(word) && e.getValue().contains("http:")) { continue; } found = true; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java index 1d2bc7213..1d2d3a476 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java @@ -141,25 +141,25 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer { dependency.addEvidence(EvidenceType.PRODUCT, PODSPEC, "name_project", name, Confidence.HIGHEST); dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "name_project", name, Confidence.HIGHEST); } - String summary = determineEvidence(contents, blockVariable, "summary"); + final String summary = determineEvidence(contents, blockVariable, "summary"); if (!summary.isEmpty()) { dependency.addEvidence(EvidenceType.PRODUCT, PODSPEC, "summary", summary, Confidence.HIGHEST); } - String author = determineEvidence(contents, blockVariable, "authors?"); + final String author = determineEvidence(contents, blockVariable, "authors?"); if (!author.isEmpty()) { dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "author", author, Confidence.HIGHEST); } - String homepage = determineEvidence(contents, blockVariable, "homepage"); + final String homepage = determineEvidence(contents, blockVariable, "homepage"); if (!homepage.isEmpty()) { dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "homepage", homepage, Confidence.HIGHEST); } - String license = determineEvidence(contents, blockVariable, "licen[cs]es?"); + final String license = determineEvidence(contents, blockVariable, "licen[cs]es?"); if (!license.isEmpty()) { dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "license", license, Confidence.HIGHEST); } - String version = determineEvidence(contents, blockVariable, "version"); + final String version = determineEvidence(contents, blockVariable, "version"); if (!version.isEmpty()) { dependency.addEvidence(EvidenceType.VERSION, PODSPEC, "version", version, Confidence.HIGHEST); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java index fbad6c0e7..30125e419 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java @@ -18,7 +18,6 @@ package org.owasp.dependencycheck.analyzer; import java.io.File; -import java.util.Iterator; import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -185,7 +184,7 @@ public class DependencyBundlingAnalyzer extends AbstractDependencyComparingAnaly } //below is always true //if (tmp > 0) { - pos = tmp + 1; + pos = tmp + 1; //} tmp = path.indexOf(File.separator, pos); if (tmp > 0) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyMergingAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyMergingAnalyzer.java index b6ac2839a..49db7fd7c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyMergingAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyMergingAnalyzer.java @@ -18,7 +18,6 @@ package org.owasp.dependencycheck.analyzer; import java.io.File; -import java.util.Iterator; import java.util.Set; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; @@ -131,7 +130,7 @@ public class DependencyMergingAnalyzer extends AbstractDependencyComparingAnalyz for (Evidence e : relatedDependency.getEvidence(EvidenceType.VERSION)) { dependency.addEvidence(EvidenceType.VERSION, e); } - + for (Dependency d : relatedDependency.getRelatedDependencies()) { dependency.addRelatedDependency(d); relatedDependency.removeRelatedDependencies(d); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java index bb9decec8..54bc21a04 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java @@ -23,7 +23,6 @@ import java.net.URLEncoder; import java.util.ArrayList; import java.util.Collections; import java.util.HashSet; -import java.util.Iterator; import java.util.List; import java.util.ListIterator; import java.util.Set; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java index 1a311d21f..8ada06d22 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java @@ -114,7 +114,7 @@ public class FileNameAnalyzer extends AbstractAnalyzer { // a shade. This should hopefully correct for cases like log4j.jar or // struts2-core.jar if (version.getVersionParts() == null || version.getVersionParts().size() < 2) { - dependency.addEvidence(EvidenceType.VERSION, "file", "version",version.toString(), Confidence.MEDIUM); + dependency.addEvidence(EvidenceType.VERSION, "file", "version", version.toString(), Confidence.MEDIUM); } else { dependency.addEvidence(EvidenceType.VERSION, "file", "version", version.toString(), Confidence.HIGHEST); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java index c7beba6c3..da33c61a6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java @@ -209,7 +209,8 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer { if (value instanceof JsonString) { final String valueString = ((JsonString) value).getString(); dependency.addEvidence(EvidenceType.PRODUCT, PACKAGE_JSON, "name", valueString, Confidence.HIGHEST); - dependency.addEvidence(EvidenceType.VENDOR, PACKAGE_JSON, "name_project", String.format("%s_project", valueString), Confidence.LOW); + dependency.addEvidence(EvidenceType.VENDOR, PACKAGE_JSON, "name_project", + String.format("%s_project", valueString), Confidence.LOW); } else { LOGGER.warn("JSON value not string as expected: {}", value); } @@ -338,8 +339,9 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer { * Adds information to an evidence collection from the node json * configuration. * + * @param dep the dependency to which the evidence will be added + * @param type the type of evidence to be added * @param json information from node.js - * @param collection a set of evidence about a dependency * @param key the key to obtain the data from the json information */ private void addToEvidence(Dependency dep, EvidenceType type, JsonObject json, String key) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java index 470e46c67..ea4d5a397 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java @@ -141,11 +141,11 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { } if (np.getOwners() != null) { - dependency.addEvidence(EvidenceType.VENDOR,"nuspec", "owners", np.getOwners(), Confidence.HIGHEST); + dependency.addEvidence(EvidenceType.VENDOR, "nuspec", "owners", np.getOwners(), Confidence.HIGHEST); } - dependency.addEvidence(EvidenceType.VENDOR,"nuspec", "authors", np.getAuthors(), Confidence.HIGH); - dependency.addEvidence(EvidenceType.VERSION,"nuspec", "version", np.getVersion(), Confidence.HIGHEST); - dependency.addEvidence(EvidenceType.PRODUCT,"nuspec", "id", np.getId(), Confidence.HIGHEST); + dependency.addEvidence(EvidenceType.VENDOR, "nuspec", "authors", np.getAuthors(), Confidence.HIGH); + dependency.addEvidence(EvidenceType.VERSION, "nuspec", "version", np.getVersion(), Confidence.HIGHEST); + dependency.addEvidence(EvidenceType.PRODUCT, "nuspec", "id", np.getId(), Confidence.HIGHEST); if (np.getTitle() != null) { dependency.addEvidence(EvidenceType.PRODUCT, "nuspec", "title", np.getTitle(), Confidence.MEDIUM); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java index a092840ab..697122a27 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java @@ -299,8 +299,8 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { * * @param dependency the dependency being analyzed * @param type the type of evidence to add + * @param confidence the confidence in the evidence being added * @param headers the properties collection - * @param evidence the evidence collection to add the value * @param property the property name */ private static void addPropertyToEvidence(Dependency dependency, EvidenceType type, Confidence confidence, diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.java index 809732876..8fec4a3ea 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.java @@ -18,7 +18,6 @@ package org.owasp.dependencycheck.analyzer; import java.util.HashSet; -import java.util.Iterator; import java.util.Objects; import java.util.Set; import javax.annotation.concurrent.ThreadSafe; @@ -154,8 +153,8 @@ public class VersionFilterAnalyzer extends AbstractAnalyzer { final boolean pomMatch = Objects.equals(dvPom, dvFile) || Objects.equals(dvPom, dvManifest); if (fileMatch || manifestMatch || pomMatch) { LOGGER.debug("filtering evidence from {}", dependency.getFileName()); - Set remove = new HashSet<>(); - for(Evidence e : dependency.getEvidence(EvidenceType.VERSION)) { + final Set remove = new HashSet<>(); + for (Evidence e : dependency.getEvidence(EvidenceType.VERSION)) { if (!(pomMatch && VERSION.equals(e.getName()) && (NEXUS.equals(e.getSource()) || CENTRAL.equals(e.getSource()) || POM.equals(e.getSource()))) && !(fileMatch && VERSION.equals(e.getName()) && FILE.equals(e.getSource())) @@ -163,7 +162,7 @@ public class VersionFilterAnalyzer extends AbstractAnalyzer { remove.add(e); } } - for (Evidence e: remove) { + for (Evidence e : remove) { dependency.removeEvidence(EvidenceType.VERSION, e); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java index e84926af5..221a9a4b6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java @@ -151,8 +151,8 @@ public final class CpeMemoryIndex implements AutoCloseable { private Analyzer createSearchingAnalyzer() { final Map fieldAnalyzers = new HashMap<>(); fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer()); - SearchFieldAnalyzer productFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION); - SearchFieldAnalyzer vendorFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION); + final SearchFieldAnalyzer productFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION); + final SearchFieldAnalyzer vendorFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION); fieldAnalyzers.put(Fields.PRODUCT, productFieldAnalyzer); fieldAnalyzers.put(Fields.VENDOR, vendorFieldAnalyzer); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java index 16902c141..ec9963295 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java @@ -303,12 +303,12 @@ public class NvdCveUpdater implements CachedWebDataSource { } //always true because <=0 exits early above - //if (maxUpdates >= 1) { - //ensure the modified file date gets written (we may not have actually updated it) - dbProperties.save(updateable.get(MODIFIED)); - LOGGER.info("Begin database maintenance."); - cveDb.cleanupDatabase(); - LOGGER.info("End database maintenance."); + //if (maxUpdates >= 1) { + //ensure the modified file date gets written (we may not have actually updated it) + dbProperties.save(updateable.get(MODIFIED)); + LOGGER.info("Begin database maintenance."); + cveDb.cleanupDatabase(); + LOGGER.info("End database maintenance."); //} } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceType.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceType.java index b84bcaa0e..efbe92e94 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceType.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceType.java @@ -19,20 +19,21 @@ package org.owasp.dependencycheck.dependency; /** * The types of evidence. + * * @author jeremy long */ public enum EvidenceType { - /** - * Vendor evidence. - */ - VENDOR, - /** - * Product evidence. - */ - PRODUCT, - /** - * Version evidence. - */ - VERSION - + /** + * Vendor evidence. + */ + VENDOR, + /** + * Product evidence. + */ + PRODUCT, + /** + * Version evidence. + */ + VERSION + } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java index c5fd7ce06..2f8819421 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java @@ -109,7 +109,7 @@ public class EscapeTool { if (text == null || text.isEmpty()) { return text; } - //until lang3 has escapeJavaScript we use this... + //until lang3 has escapeJavaScript we use this... return org.apache.commons.lang.StringEscapeUtils.escapeJavaScript(text); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java index b2b9daf19..7288685e3 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java @@ -367,7 +367,7 @@ public class SuppressionRule { } if (this.hasCpe()) { - Set removalList = new HashSet<>(); + final Set removalList = new HashSet<>(); for (Identifier i : dependency.getIdentifiers()) { for (PropertyType c : this.cpe) { if (identifierMatches("cpe", c, i)) { @@ -387,7 +387,7 @@ public class SuppressionRule { } } if (hasCve() || hasCwe() || hasCvssBelow()) { - Set removeVulns = new HashSet<>(); + final Set removeVulns = new HashSet<>(); for (Vulnerability v : dependency.getVulnerabilities()) { boolean remove = false; for (String entry : this.cve) { diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index 508c8ba24..a20e81a80 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -1080,6 +1080,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma if (server != null) { databaseUser = server.getUsername(); try { + //CSOFF: LineLength //The following fix was copied from: // https://github.com/bsorrentino/maven-confluence-plugin/blob/master/maven-confluence-reporting-plugin/src/main/java/org/bsc/maven/confluence/plugin/AbstractBaseConfluenceMojo.java // @@ -1087,6 +1088,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma // org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: // java.io.FileNotFoundException: ~/.settings-security.xml (No such file or directory) // + //CSON: LineLength if (securityDispatcher instanceof DefaultSecDispatcher) { ((DefaultSecDispatcher) securityDispatcher).setConfigurationFile("~/.m2/settings-security.xml"); } diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java index 89c97d30e..a91f9b45d 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java @@ -30,7 +30,6 @@ import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; import org.owasp.dependencycheck.exception.ExceptionCollection; import org.owasp.dependencycheck.exception.ReportException; -import org.owasp.dependencycheck.utils.Settings; /** * Maven Plugin that checks the project dependencies to see if they have any diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java index b11045a7b..4482fa726 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java @@ -26,7 +26,6 @@ import org.apache.maven.plugins.annotations.ResolutionScope; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; import org.owasp.dependencycheck.data.update.exception.UpdateException; -import org.owasp.dependencycheck.utils.Settings; /** * Maven Plugin that checks the project dependencies to see if they have any diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java index ff3663eaf..060193964 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java @@ -71,7 +71,8 @@ public class SSLSocketFactoryEx extends SSLSocketFactory { * supported * @throws KeyManagementException thrown if initialization fails */ - public SSLSocketFactoryEx(KeyManager[] km, TrustManager[] tm, SecureRandom random, Settings settings) throws NoSuchAlgorithmException, KeyManagementException { + public SSLSocketFactoryEx(KeyManager[] km, TrustManager[] tm, SecureRandom random, Settings settings) + throws NoSuchAlgorithmException, KeyManagementException { this.settings = settings; initSSLSocketFactoryEx(km, tm, random); } diff --git a/src/main/config/checkstyle-checks.xml b/src/main/config/checkstyle-checks.xml index 3cb0cd41e..f237c7b39 100644 --- a/src/main/config/checkstyle-checks.xml +++ b/src/main/config/checkstyle-checks.xml @@ -197,7 +197,7 @@ - +