github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

checkstyle, findbugs, and pmd corrections

Browse Source 
Former-commit-id: 85573816e82855343af1d41576ffc2479e8595ed
This commit is contained in:
Jeremy Long
2014-12-06 13:16:06 -05:00
parent e1d4599a93
commit 4555b02592
8 changed files with 79 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dependency-check-cli/src/main/java/org/owasp/dependencycheck/InvalidScanPathException.java
View File

@@ -1,17 +1,19 @@
/*
* Copyright 2014 OWASP.
* This file is part of dependency-check-cli.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2014 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck;

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -60,12 +60,12 @@ public class Engine {
* A Map of analyzers grouped by Analysis phase.
*/
private EnumMap<AnalysisPhase, List<Analyzer>> analyzers = new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class);
;
/**
* A Map of analyzers grouped by Analysis phase.
*/
private Set<FileTypeAnalyzer> fileTypeAnalyzers = new HashSet<FileTypeAnalyzer>();
;
/**
* The ClassLoader to use when dynamically loading Analyzer and Update services.
*/
@@ -73,7 +73,7 @@ public class Engine {
/**
* The Logger for use throughout the class.
*/
private static Logger LOGGER = Logger.getLogger(Engine.class.getName());
private static final Logger LOGGER = Logger.getLogger(Engine.class.getName());
/**
* Creates a new Engine.

18
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -17,6 +17,7 @@
*/
package org.owasp.dependencycheck.data.nvdcve;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.sql.Connection;
import java.sql.PreparedStatement;
@@ -39,6 +40,7 @@ import org.owasp.dependencycheck.utils.DBUtils;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
import org.owasp.dependencycheck.utils.Pair;
import org.owasp.dependencycheck.utils.Settings;
/**
* The database holding information about the NVD CVE data.
@@ -705,7 +707,7 @@ public class CveDB {
/**
* Checks to see if data exists so that analysis can be performed.
*
* @return <code>true</code if data exists; otherwise <code>false</code>
* @return <code>true</code> if data exists; otherwise <code>false</code>
*/
public boolean dataExists() {
Statement cs = null;
@@ -719,7 +721,19 @@ public class CveDB {
}
}
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
String dd;
try {
dd = Settings.getDataDirectory().getAbsolutePath();
} catch (IOException ex1) {
dd = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
}
final String msg = String.format("Unable to access the local database.%n%nEnsure that '%s' is a writable directory. "
+ "If the problem persist try deleting the files in '%s' and running %s again. If the problem continues, please "
+ "create a log file (see documentation at http://jeremylong.github.io/DependencyCheck/) and open a ticket at "
+ "https://github.com/jeremylong/DependencyCheck/issues and include the log file.%n%n",
dd, dd, Settings.getString(Settings.KEYS.APPLICATION_VAME));
LOGGER.log(Level.SEVERE, msg);
LOGGER.log(Level.FINE, "", ex);
} finally {
DBUtils.closeResultSet(rs);
DBUtils.closeStatement(cs);

36
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java
View File

@@ -68,7 +68,6 @@ public class EngineVersionCheck implements CachedWebDataSource {
*
* @return the version to test
*/
protected String getUpdateToVersion() {
return updateToVersion;
}
@@ -90,8 +89,8 @@ public class EngineVersionCheck implements CachedWebDataSource {
final long lastChecked = Long.parseLong(properties.getProperty(ENGINE_VERSION_CHECKED_ON, "0"));
final long now = (new Date()).getTime();
updateToVersion = properties.getProperty(CURRENT_ENGINE_RELEASE, "");
String currentVersion = Settings.getString(Settings.KEYS.APPLICATION_VERSION, "0.0.0");
boolean updateNeeded = shouldUpdate(lastChecked, now, properties, currentVersion);
final String currentVersion = Settings.getString(Settings.KEYS.APPLICATION_VERSION, "0.0.0");
final boolean updateNeeded = shouldUpdate(lastChecked, now, properties, currentVersion);
if (updateNeeded) {
final String msg = String.format("A new version of dependency-check is available. Consider updating to version %s.",
updateToVersion);
@@ -105,7 +104,19 @@ public class EngineVersionCheck implements CachedWebDataSource {
}
}
protected boolean shouldUpdate(final long lastChecked, final long now, final DatabaseProperties properties, String currentVersion) throws UpdateException {
/**
* Determines if a new version of the dependency-check engine has been released.
*
* @param lastChecked the epoch time of the last version check
* @param now the current epoch time
* @param properties the database properties object
* @param currentVersion the current version of dependency-check
* @return <code>true</code> if a newer version of the database has been released; otherwise <code>false</code>
* @throws UpdateException thrown if there is an error connecting to the github documentation site or accessing the
* local database.
*/
protected boolean shouldUpdate(final long lastChecked, final long now, final DatabaseProperties properties,
String currentVersion) throws UpdateException {
//check every 30 days if we know there is an update, otherwise check every 7 days
int checkRange = 30;
if (updateToVersion.isEmpty()) {
@@ -114,18 +125,20 @@ public class EngineVersionCheck implements CachedWebDataSource {
if (!DateUtil.withinDateRange(lastChecked, now, checkRange)) {
final String currentRelease = getCurrentReleaseVersion();
if (currentRelease != null) {
DependencyVersion v = new DependencyVersion(currentRelease);
final DependencyVersion v = new DependencyVersion(currentRelease);
if (v.getVersionParts() != null && v.getVersionParts().size() >= 3) {
if (!currentRelease.equals(updateToVersion)) {
properties.save(CURRENT_ENGINE_RELEASE, v.toString());
} else {
properties.save(CURRENT_ENGINE_RELEASE, "");
}
properties.save(ENGINE_VERSION_CHECKED_ON, Long.toString(now));
updateToVersion = v.toString();
}
}
}
DependencyVersion running = new DependencyVersion(currentVersion);
DependencyVersion released = new DependencyVersion(updateToVersion);
final DependencyVersion running = new DependencyVersion(currentVersion);
final DependencyVersion released = new DependencyVersion(updateToVersion);
if (running.compareTo(released) < 0) {
return true;
}
@@ -135,7 +148,7 @@ public class EngineVersionCheck implements CachedWebDataSource {
/**
* Opens the CVE and CPE data stores.
*
* @throws UpdateException thrown if a data store cannot be opened
* @throws DatabaseException thrown if a data store cannot be opened
*/
protected final void openDatabase() throws DatabaseException {
if (cveDB != null) {
@@ -158,6 +171,11 @@ public class EngineVersionCheck implements CachedWebDataSource {
}
}
/**
* Retrieves the current released version number from the github documentation site.
*
* @return the current released version number
*/
protected String getCurrentReleaseVersion() {
HttpURLConnection conn = null;
try {
@@ -168,7 +186,7 @@ public class EngineVersionCheck implements CachedWebDataSource {
if (conn.getResponseCode() != 200) {
return null;
}
String releaseVersion = IOUtils.toString(conn.getInputStream(), "UTF-8");
final String releaseVersion = IOUtils.toString(conn.getInputStream(), "UTF-8");
if (releaseVersion != null) {
return releaseVersion.trim();
}

16
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java
View File

@@ -262,8 +262,8 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
private void extractGzip(File file) throws FileNotFoundException, IOException {
final String originalPath = file.getPath();
File gzip = new File(originalPath + ".gz");
if (gzip.isFile()) {
gzip.delete();
if (gzip.isFile() && !gzip.delete()) {
gzip.deleteOnExit();
}
if (!file.renameTo(gzip)) {
throw new IOException("Unable to rename '" + file.getPath() + "'");
@@ -284,10 +284,18 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
}
} finally {
if (cin != null) {
cin.close();
try {
cin.close();
} catch (IOException ex) {
LOGGER.log(Level.FINEST, "ignore", ex);
}
}
if (out != null) {
out.close();
try {
out.close();
} catch (IOException ex) {
LOGGER.log(Level.FINEST, "ignore", ex);
}
}
if (gzip.isFile()) {
FileUtils.deleteQuietly(gzip);

18
dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java
View File

@@ -299,14 +299,18 @@ public class ReportGenerator {
}
}
OutputStream outputSteam = new FileOutputStream(outFileName);
generateReport(templateName, outputSteam);
OutputStream outputSteam = null;
try {
outputSteam.close();
} catch (IOException ex) {
LOGGER.log(Level.FINEST, null, ex);
outputSteam = new FileOutputStream(outFileName);
generateReport(templateName, outputSteam);
} finally {
if (outputSteam != null) {
try {
outputSteam.close();
} catch (IOException ex) {
LOGGER.log(Level.FINEST, "ignore", ex);
}
}
}
}
}

1
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
View File

@@ -353,6 +353,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
/**
* Initializes a new <code>Engine</code> that can be used for scanning.
*
* @param project the current MavenProject
* @return a newly instantiated <code>Engine</code>
* @throws DatabaseException thrown if there is a database exception
*/

10
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java
View File

@@ -53,7 +53,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
*/
public Engine(MavenProject project) throws DatabaseException {
this.currentProject = project;
MavenProject parent = getRootParent();
final MavenProject parent = getRootParent();
if (parent != null && parent.getContextValue("dependency-check-data-was-updated") != null) {
System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());
}
@@ -94,7 +94,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
/**
* Closes the given analyzer. This skips closing the CPEAnalyzer.
*
* @param analyzer
* @param analyzer the analyzer to close
*/
@Override
protected void closeAnalyzer(Analyzer analyzer) {
@@ -111,7 +111,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
* Closes the CPEAnalyzer if it has been created and persisted in the root parent MavenProject context.
*/
public void cleanupFinal() {
CPEAnalyzer cpe = getPreviouslyLoadedAnalyzer();
final CPEAnalyzer cpe = getPreviouslyLoadedAnalyzer();
if (cpe != null) {
cpe.close();
}
@@ -124,7 +124,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
*/
private CPEAnalyzer getPreviouslyLoadedAnalyzer() {
CPEAnalyzer cpe = null;
MavenProject project = getRootParent();
final MavenProject project = getRootParent();
if (project != null) {
cpe = (CPEAnalyzer) project.getContextValue(CPE_ANALYZER_KEY);
}
@@ -137,7 +137,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
* @param cpe the CPEAnalyzer to store
*/
private void storeCPEAnalyzer(CPEAnalyzer cpe) {
MavenProject p = getRootParent();
final MavenProject p = getRootParent();
if (p != null) {
p.setContextValue(CPE_ANALYZER_KEY, cpe);
}