mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-23 17:41:28 +01:00
checkstyle suggested cleanup
This commit is contained in:
Jeremy Long
@@ -51,6 +51,7 @@ public class Purge extends Task {
|
|||||||
* occurs.
|
* occurs.
|
||||||
*/
|
*/
|
||||||
private boolean failOnError = true;
|
private boolean failOnError = true;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Construct a new DependencyCheckTask.
|
* Construct a new DependencyCheckTask.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -58,6 +58,11 @@ public final class CliParser {
|
|||||||
*/
|
*/
|
||||||
private final Settings settings;
|
private final Settings settings;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constructs a new CLI Parser object with the configured settings.
|
||||||
|
*
|
||||||
|
* @param settings the configured settings
|
||||||
|
*/
|
||||||
public CliParser(Settings settings) {
|
public CliParser(Settings settings) {
|
||||||
this.settings = settings;
|
this.settings = settings;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -246,6 +246,17 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
engine.sortDependencies();
|
engine.sortDependencies();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extracts the contents of the archive dependency and scans for additional
|
||||||
|
* dependencies.
|
||||||
|
*
|
||||||
|
* @param dependency the dependency being analyzed
|
||||||
|
* @param engine the engine doing the analysis
|
||||||
|
* @param scanDepth the current scan depth; extracctAndAnalyze is recursive
|
||||||
|
* and will, be default, only go 3 levels deep
|
||||||
|
* @throws AnalysisException thrown if there is a problem analyzing the
|
||||||
|
* dependencies
|
||||||
|
*/
|
||||||
private void extractAndAnalyze(Dependency dependency, Engine engine, int scanDepth) throws AnalysisException {
|
private void extractAndAnalyze(Dependency dependency, Engine engine, int scanDepth) throws AnalysisException {
|
||||||
final File f = new File(dependency.getActualFilePath());
|
final File f = new File(dependency.getActualFilePath());
|
||||||
final File tmpDir = getNextTempDirectory();
|
final File tmpDir = getNextTempDirectory();
|
||||||
|
|||||||
@@ -28,7 +28,6 @@ import org.owasp.dependencycheck.Engine;
|
|||||||
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||||
import org.owasp.dependencycheck.dependency.Confidence;
|
import org.owasp.dependencycheck.dependency.Confidence;
|
||||||
import org.owasp.dependencycheck.dependency.Dependency;
|
import org.owasp.dependencycheck.dependency.Dependency;
|
||||||
import org.owasp.dependencycheck.dependency.Evidence;
|
|
||||||
import org.owasp.dependencycheck.utils.FileFilterBuilder;
|
import org.owasp.dependencycheck.utils.FileFilterBuilder;
|
||||||
import org.owasp.dependencycheck.utils.FileUtils;
|
import org.owasp.dependencycheck.utils.FileUtils;
|
||||||
import org.owasp.dependencycheck.utils.Settings;
|
import org.owasp.dependencycheck.utils.Settings;
|
||||||
|
|||||||
@@ -241,7 +241,7 @@ public class CPEAnalyzer extends AbstractAnalyzer {
|
|||||||
final StringBuilder sb = new StringBuilder();
|
final StringBuilder sb = new StringBuilder();
|
||||||
sb.append(' ').append(txt).append(' ');
|
sb.append(' ').append(txt).append(' ');
|
||||||
for (Evidence e : evidence) {
|
for (Evidence e : evidence) {
|
||||||
String value = e.getValue();
|
final String value = e.getValue();
|
||||||
//removed as the URLTokenizingFilter was created
|
//removed as the URLTokenizingFilter was created
|
||||||
//hack to get around the fact that lucene does a really good job of recognizing domains and not splitting them.
|
//hack to get around the fact that lucene does a really good job of recognizing domains and not splitting them.
|
||||||
// if (value.startsWith("http://")) {
|
// if (value.startsWith("http://")) {
|
||||||
|
|||||||
@@ -141,25 +141,25 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
dependency.addEvidence(EvidenceType.PRODUCT, PODSPEC, "name_project", name, Confidence.HIGHEST);
|
dependency.addEvidence(EvidenceType.PRODUCT, PODSPEC, "name_project", name, Confidence.HIGHEST);
|
||||||
dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "name_project", name, Confidence.HIGHEST);
|
dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "name_project", name, Confidence.HIGHEST);
|
||||||
}
|
}
|
||||||
String summary = determineEvidence(contents, blockVariable, "summary");
|
final String summary = determineEvidence(contents, blockVariable, "summary");
|
||||||
if (!summary.isEmpty()) {
|
if (!summary.isEmpty()) {
|
||||||
dependency.addEvidence(EvidenceType.PRODUCT, PODSPEC, "summary", summary, Confidence.HIGHEST);
|
dependency.addEvidence(EvidenceType.PRODUCT, PODSPEC, "summary", summary, Confidence.HIGHEST);
|
||||||
}
|
}
|
||||||
|
|
||||||
String author = determineEvidence(contents, blockVariable, "authors?");
|
final String author = determineEvidence(contents, blockVariable, "authors?");
|
||||||
if (!author.isEmpty()) {
|
if (!author.isEmpty()) {
|
||||||
dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "author", author, Confidence.HIGHEST);
|
dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "author", author, Confidence.HIGHEST);
|
||||||
}
|
}
|
||||||
String homepage = determineEvidence(contents, blockVariable, "homepage");
|
final String homepage = determineEvidence(contents, blockVariable, "homepage");
|
||||||
if (!homepage.isEmpty()) {
|
if (!homepage.isEmpty()) {
|
||||||
dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "homepage", homepage, Confidence.HIGHEST);
|
dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "homepage", homepage, Confidence.HIGHEST);
|
||||||
}
|
}
|
||||||
String license = determineEvidence(contents, blockVariable, "licen[cs]es?");
|
final String license = determineEvidence(contents, blockVariable, "licen[cs]es?");
|
||||||
if (!license.isEmpty()) {
|
if (!license.isEmpty()) {
|
||||||
dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "license", license, Confidence.HIGHEST);
|
dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "license", license, Confidence.HIGHEST);
|
||||||
}
|
}
|
||||||
|
|
||||||
String version = determineEvidence(contents, blockVariable, "version");
|
final String version = determineEvidence(contents, blockVariable, "version");
|
||||||
if (!version.isEmpty()) {
|
if (!version.isEmpty()) {
|
||||||
dependency.addEvidence(EvidenceType.VERSION, PODSPEC, "version", version, Confidence.HIGHEST);
|
dependency.addEvidence(EvidenceType.VERSION, PODSPEC, "version", version, Confidence.HIGHEST);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -18,7 +18,6 @@
|
|||||||
package org.owasp.dependencycheck.analyzer;
|
package org.owasp.dependencycheck.analyzer;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.util.Iterator;
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.regex.Matcher;
|
import java.util.regex.Matcher;
|
||||||
import java.util.regex.Pattern;
|
import java.util.regex.Pattern;
|
||||||
|
|||||||
@@ -18,7 +18,6 @@
|
|||||||
package org.owasp.dependencycheck.analyzer;
|
package org.owasp.dependencycheck.analyzer;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.util.Iterator;
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import org.owasp.dependencycheck.dependency.Dependency;
|
import org.owasp.dependencycheck.dependency.Dependency;
|
||||||
import org.owasp.dependencycheck.dependency.Evidence;
|
import org.owasp.dependencycheck.dependency.Evidence;
|
||||||
|
|||||||
@@ -23,7 +23,6 @@ import java.net.URLEncoder;
|
|||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Iterator;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.ListIterator;
|
import java.util.ListIterator;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|||||||
@@ -209,7 +209,8 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
if (value instanceof JsonString) {
|
if (value instanceof JsonString) {
|
||||||
final String valueString = ((JsonString) value).getString();
|
final String valueString = ((JsonString) value).getString();
|
||||||
dependency.addEvidence(EvidenceType.PRODUCT, PACKAGE_JSON, "name", valueString, Confidence.HIGHEST);
|
dependency.addEvidence(EvidenceType.PRODUCT, PACKAGE_JSON, "name", valueString, Confidence.HIGHEST);
|
||||||
dependency.addEvidence(EvidenceType.VENDOR, PACKAGE_JSON, "name_project", String.format("%s_project", valueString), Confidence.LOW);
|
dependency.addEvidence(EvidenceType.VENDOR, PACKAGE_JSON, "name_project",
|
||||||
|
String.format("%s_project", valueString), Confidence.LOW);
|
||||||
} else {
|
} else {
|
||||||
LOGGER.warn("JSON value not string as expected: {}", value);
|
LOGGER.warn("JSON value not string as expected: {}", value);
|
||||||
}
|
}
|
||||||
@@ -338,8 +339,9 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
* Adds information to an evidence collection from the node json
|
* Adds information to an evidence collection from the node json
|
||||||
* configuration.
|
* configuration.
|
||||||
*
|
*
|
||||||
|
* @param dep the dependency to which the evidence will be added
|
||||||
|
* @param type the type of evidence to be added
|
||||||
* @param json information from node.js
|
* @param json information from node.js
|
||||||
* @param collection a set of evidence about a dependency
|
|
||||||
* @param key the key to obtain the data from the json information
|
* @param key the key to obtain the data from the json information
|
||||||
*/
|
*/
|
||||||
private void addToEvidence(Dependency dep, EvidenceType type, JsonObject json, String key) {
|
private void addToEvidence(Dependency dep, EvidenceType type, JsonObject json, String key) {
|
||||||
|
|||||||
@@ -299,8 +299,8 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
*
|
*
|
||||||
* @param dependency the dependency being analyzed
|
* @param dependency the dependency being analyzed
|
||||||
* @param type the type of evidence to add
|
* @param type the type of evidence to add
|
||||||
|
* @param confidence the confidence in the evidence being added
|
||||||
* @param headers the properties collection
|
* @param headers the properties collection
|
||||||
* @param evidence the evidence collection to add the value
|
|
||||||
* @param property the property name
|
* @param property the property name
|
||||||
*/
|
*/
|
||||||
private static void addPropertyToEvidence(Dependency dependency, EvidenceType type, Confidence confidence,
|
private static void addPropertyToEvidence(Dependency dependency, EvidenceType type, Confidence confidence,
|
||||||
|
|||||||
@@ -18,7 +18,6 @@
|
|||||||
package org.owasp.dependencycheck.analyzer;
|
package org.owasp.dependencycheck.analyzer;
|
||||||
|
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Iterator;
|
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import javax.annotation.concurrent.ThreadSafe;
|
import javax.annotation.concurrent.ThreadSafe;
|
||||||
@@ -154,7 +153,7 @@ public class VersionFilterAnalyzer extends AbstractAnalyzer {
|
|||||||
final boolean pomMatch = Objects.equals(dvPom, dvFile) || Objects.equals(dvPom, dvManifest);
|
final boolean pomMatch = Objects.equals(dvPom, dvFile) || Objects.equals(dvPom, dvManifest);
|
||||||
if (fileMatch || manifestMatch || pomMatch) {
|
if (fileMatch || manifestMatch || pomMatch) {
|
||||||
LOGGER.debug("filtering evidence from {}", dependency.getFileName());
|
LOGGER.debug("filtering evidence from {}", dependency.getFileName());
|
||||||
Set<Evidence> remove = new HashSet<>();
|
final Set<Evidence> remove = new HashSet<>();
|
||||||
for (Evidence e : dependency.getEvidence(EvidenceType.VERSION)) {
|
for (Evidence e : dependency.getEvidence(EvidenceType.VERSION)) {
|
||||||
if (!(pomMatch && VERSION.equals(e.getName())
|
if (!(pomMatch && VERSION.equals(e.getName())
|
||||||
&& (NEXUS.equals(e.getSource()) || CENTRAL.equals(e.getSource()) || POM.equals(e.getSource())))
|
&& (NEXUS.equals(e.getSource()) || CENTRAL.equals(e.getSource()) || POM.equals(e.getSource())))
|
||||||
|
|||||||
@@ -151,8 +151,8 @@ public final class CpeMemoryIndex implements AutoCloseable {
|
|||||||
private Analyzer createSearchingAnalyzer() {
|
private Analyzer createSearchingAnalyzer() {
|
||||||
final Map<String, Analyzer> fieldAnalyzers = new HashMap<>();
|
final Map<String, Analyzer> fieldAnalyzers = new HashMap<>();
|
||||||
fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer());
|
fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer());
|
||||||
SearchFieldAnalyzer productFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
|
final SearchFieldAnalyzer productFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
|
||||||
SearchFieldAnalyzer vendorFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
|
final SearchFieldAnalyzer vendorFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
|
||||||
fieldAnalyzers.put(Fields.PRODUCT, productFieldAnalyzer);
|
fieldAnalyzers.put(Fields.PRODUCT, productFieldAnalyzer);
|
||||||
fieldAnalyzers.put(Fields.VENDOR, vendorFieldAnalyzer);
|
fieldAnalyzers.put(Fields.VENDOR, vendorFieldAnalyzer);
|
||||||
|
|
||||||
|
|||||||
@@ -19,6 +19,7 @@ package org.owasp.dependencycheck.dependency;
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* The types of evidence.
|
* The types of evidence.
|
||||||
|
*
|
||||||
* @author jeremy long
|
* @author jeremy long
|
||||||
*/
|
*/
|
||||||
public enum EvidenceType {
|
public enum EvidenceType {
|
||||||
|
|||||||
@@ -367,7 +367,7 @@ public class SuppressionRule {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (this.hasCpe()) {
|
if (this.hasCpe()) {
|
||||||
Set<Identifier> removalList = new HashSet<>();
|
final Set<Identifier> removalList = new HashSet<>();
|
||||||
for (Identifier i : dependency.getIdentifiers()) {
|
for (Identifier i : dependency.getIdentifiers()) {
|
||||||
for (PropertyType c : this.cpe) {
|
for (PropertyType c : this.cpe) {
|
||||||
if (identifierMatches("cpe", c, i)) {
|
if (identifierMatches("cpe", c, i)) {
|
||||||
@@ -387,7 +387,7 @@ public class SuppressionRule {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (hasCve() || hasCwe() || hasCvssBelow()) {
|
if (hasCve() || hasCwe() || hasCvssBelow()) {
|
||||||
Set<Vulnerability> removeVulns = new HashSet<>();
|
final Set<Vulnerability> removeVulns = new HashSet<>();
|
||||||
for (Vulnerability v : dependency.getVulnerabilities()) {
|
for (Vulnerability v : dependency.getVulnerabilities()) {
|
||||||
boolean remove = false;
|
boolean remove = false;
|
||||||
for (String entry : this.cve) {
|
for (String entry : this.cve) {
|
||||||
|
|||||||
@@ -1080,6 +1080,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
|
|||||||
if (server != null) {
|
if (server != null) {
|
||||||
databaseUser = server.getUsername();
|
databaseUser = server.getUsername();
|
||||||
try {
|
try {
|
||||||
|
//CSOFF: LineLength
|
||||||
//The following fix was copied from:
|
//The following fix was copied from:
|
||||||
// https://github.com/bsorrentino/maven-confluence-plugin/blob/master/maven-confluence-reporting-plugin/src/main/java/org/bsc/maven/confluence/plugin/AbstractBaseConfluenceMojo.java
|
// https://github.com/bsorrentino/maven-confluence-plugin/blob/master/maven-confluence-reporting-plugin/src/main/java/org/bsc/maven/confluence/plugin/AbstractBaseConfluenceMojo.java
|
||||||
//
|
//
|
||||||
@@ -1087,6 +1088,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
|
|||||||
// org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException:
|
// org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException:
|
||||||
// java.io.FileNotFoundException: ~/.settings-security.xml (No such file or directory)
|
// java.io.FileNotFoundException: ~/.settings-security.xml (No such file or directory)
|
||||||
//
|
//
|
||||||
|
//CSON: LineLength
|
||||||
if (securityDispatcher instanceof DefaultSecDispatcher) {
|
if (securityDispatcher instanceof DefaultSecDispatcher) {
|
||||||
((DefaultSecDispatcher) securityDispatcher).setConfigurationFile("~/.m2/settings-security.xml");
|
((DefaultSecDispatcher) securityDispatcher).setConfigurationFile("~/.m2/settings-security.xml");
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -30,7 +30,6 @@ import org.owasp.dependencycheck.Engine;
|
|||||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
||||||
import org.owasp.dependencycheck.exception.ExceptionCollection;
|
import org.owasp.dependencycheck.exception.ExceptionCollection;
|
||||||
import org.owasp.dependencycheck.exception.ReportException;
|
import org.owasp.dependencycheck.exception.ReportException;
|
||||||
import org.owasp.dependencycheck.utils.Settings;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Maven Plugin that checks the project dependencies to see if they have any
|
* Maven Plugin that checks the project dependencies to see if they have any
|
||||||
|
|||||||
@@ -26,7 +26,6 @@ import org.apache.maven.plugins.annotations.ResolutionScope;
|
|||||||
import org.owasp.dependencycheck.Engine;
|
import org.owasp.dependencycheck.Engine;
|
||||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
||||||
import org.owasp.dependencycheck.data.update.exception.UpdateException;
|
import org.owasp.dependencycheck.data.update.exception.UpdateException;
|
||||||
import org.owasp.dependencycheck.utils.Settings;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Maven Plugin that checks the project dependencies to see if they have any
|
* Maven Plugin that checks the project dependencies to see if they have any
|
||||||
|
|||||||
@@ -71,7 +71,8 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
|
|||||||
* supported
|
* supported
|
||||||
* @throws KeyManagementException thrown if initialization fails
|
* @throws KeyManagementException thrown if initialization fails
|
||||||
*/
|
*/
|
||||||
public SSLSocketFactoryEx(KeyManager[] km, TrustManager[] tm, SecureRandom random, Settings settings) throws NoSuchAlgorithmException, KeyManagementException {
|
public SSLSocketFactoryEx(KeyManager[] km, TrustManager[] tm, SecureRandom random, Settings settings)
|
||||||
|
throws NoSuchAlgorithmException, KeyManagementException {
|
||||||
this.settings = settings;
|
this.settings = settings;
|
||||||
initSSLSocketFactoryEx(km, tm, random);
|
initSSLSocketFactoryEx(km, tm, random);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -197,7 +197,7 @@
|
|||||||
<property name="braceAdjustment" value="0"/>
|
<property name="braceAdjustment" value="0"/>
|
||||||
<property name="caseIndent" value="0"/>
|
<property name="caseIndent" value="0"/>
|
||||||
</module-->
|
</module-->
|
||||||
<module name="ArrayTrailingComma"/>
|
<!--module name="ArrayTrailingComma"/-->
|
||||||
<module name="FinalLocalVariable"/>
|
<module name="FinalLocalVariable"/>
|
||||||
<module name="EqualsAvoidNull"/>
|
<module name="EqualsAvoidNull"/>
|
||||||
<module name="ParameterAssignment"/>
|
<module name="ParameterAssignment"/>
|
||||||
|
|||||||
Reference in New Issue
Block a user