From 4555b025927b3bafacf01a667cdf2386ea8afcbf Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 6 Dec 2014 13:16:06 -0500 Subject: [PATCH] checkstyle, findbugs, and pmd corrections Former-commit-id: 85573816e82855343af1d41576ffc2479e8595ed --- .../InvalidScanPathException.java | 6 ++-- .../org/owasp/dependencycheck/Engine.java | 6 ++-- .../dependencycheck/data/nvdcve/CveDB.java | 18 ++++++++-- .../data/update/EngineVersionCheck.java | 36 ++++++++++++++----- .../data/update/task/DownloadTask.java | 16 ++++++--- .../reporting/ReportGenerator.java | 18 ++++++---- .../maven/DependencyCheckMojo.java | 1 + .../owasp/dependencycheck/maven/Engine.java | 10 +++--- 8 files changed, 79 insertions(+), 32 deletions(-) diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/InvalidScanPathException.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/InvalidScanPathException.java index af1ca76d6..e8a9611d4 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/InvalidScanPathException.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/InvalidScanPathException.java @@ -1,17 +1,19 @@ /* - * Copyright 2014 OWASP. + * This file is part of dependency-check-cli. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * + * Copyright (c) 2014 Jeremy Long. All Rights Reserved. */ package org.owasp.dependencycheck; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index 08516954a..5c417bf38 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -60,12 +60,12 @@ public class Engine { * A Map of analyzers grouped by Analysis phase. */ private EnumMap> analyzers = new EnumMap>(AnalysisPhase.class); - ; + /** * A Map of analyzers grouped by Analysis phase. */ private Set fileTypeAnalyzers = new HashSet(); - ; + /** * The ClassLoader to use when dynamically loading Analyzer and Update services. */ @@ -73,7 +73,7 @@ public class Engine { /** * The Logger for use throughout the class. */ - private static Logger LOGGER = Logger.getLogger(Engine.class.getName()); + private static final Logger LOGGER = Logger.getLogger(Engine.class.getName()); /** * Creates a new Engine. diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index 78e8a2924..e0fa3a99c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -17,6 +17,7 @@ */ package org.owasp.dependencycheck.data.nvdcve; +import java.io.IOException; import java.io.UnsupportedEncodingException; import java.sql.Connection; import java.sql.PreparedStatement; @@ -39,6 +40,7 @@ import org.owasp.dependencycheck.utils.DBUtils; import org.owasp.dependencycheck.utils.DependencyVersion; import org.owasp.dependencycheck.utils.DependencyVersionUtil; import org.owasp.dependencycheck.utils.Pair; +import org.owasp.dependencycheck.utils.Settings; /** * The database holding information about the NVD CVE data. @@ -705,7 +707,7 @@ public class CveDB { /** * Checks to see if data exists so that analysis can be performed. * - * @return truefalse + * @return true if data exists; otherwise false */ public boolean dataExists() { Statement cs = null; @@ -719,7 +721,19 @@ public class CveDB { } } } catch (SQLException ex) { - Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex); + String dd; + try { + dd = Settings.getDataDirectory().getAbsolutePath(); + } catch (IOException ex1) { + dd = Settings.getString(Settings.KEYS.DATA_DIRECTORY); + } + final String msg = String.format("Unable to access the local database.%n%nEnsure that '%s' is a writable directory. " + + "If the problem persist try deleting the files in '%s' and running %s again. If the problem continues, please " + + "create a log file (see documentation at http://jeremylong.github.io/DependencyCheck/) and open a ticket at " + + "https://github.com/jeremylong/DependencyCheck/issues and include the log file.%n%n", + dd, dd, Settings.getString(Settings.KEYS.APPLICATION_VAME)); + LOGGER.log(Level.SEVERE, msg); + LOGGER.log(Level.FINE, "", ex); } finally { DBUtils.closeResultSet(rs); DBUtils.closeStatement(cs); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java index 90f7e5522..bc7c08da6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java @@ -68,7 +68,6 @@ public class EngineVersionCheck implements CachedWebDataSource { * * @return the version to test */ - protected String getUpdateToVersion() { return updateToVersion; } @@ -90,8 +89,8 @@ public class EngineVersionCheck implements CachedWebDataSource { final long lastChecked = Long.parseLong(properties.getProperty(ENGINE_VERSION_CHECKED_ON, "0")); final long now = (new Date()).getTime(); updateToVersion = properties.getProperty(CURRENT_ENGINE_RELEASE, ""); - String currentVersion = Settings.getString(Settings.KEYS.APPLICATION_VERSION, "0.0.0"); - boolean updateNeeded = shouldUpdate(lastChecked, now, properties, currentVersion); + final String currentVersion = Settings.getString(Settings.KEYS.APPLICATION_VERSION, "0.0.0"); + final boolean updateNeeded = shouldUpdate(lastChecked, now, properties, currentVersion); if (updateNeeded) { final String msg = String.format("A new version of dependency-check is available. Consider updating to version %s.", updateToVersion); @@ -105,7 +104,19 @@ public class EngineVersionCheck implements CachedWebDataSource { } } - protected boolean shouldUpdate(final long lastChecked, final long now, final DatabaseProperties properties, String currentVersion) throws UpdateException { + /** + * Determines if a new version of the dependency-check engine has been released. + * + * @param lastChecked the epoch time of the last version check + * @param now the current epoch time + * @param properties the database properties object + * @param currentVersion the current version of dependency-check + * @return true if a newer version of the database has been released; otherwise false + * @throws UpdateException thrown if there is an error connecting to the github documentation site or accessing the + * local database. + */ + protected boolean shouldUpdate(final long lastChecked, final long now, final DatabaseProperties properties, + String currentVersion) throws UpdateException { //check every 30 days if we know there is an update, otherwise check every 7 days int checkRange = 30; if (updateToVersion.isEmpty()) { @@ -114,18 +125,20 @@ public class EngineVersionCheck implements CachedWebDataSource { if (!DateUtil.withinDateRange(lastChecked, now, checkRange)) { final String currentRelease = getCurrentReleaseVersion(); if (currentRelease != null) { - DependencyVersion v = new DependencyVersion(currentRelease); + final DependencyVersion v = new DependencyVersion(currentRelease); if (v.getVersionParts() != null && v.getVersionParts().size() >= 3) { if (!currentRelease.equals(updateToVersion)) { properties.save(CURRENT_ENGINE_RELEASE, v.toString()); + } else { + properties.save(CURRENT_ENGINE_RELEASE, ""); } properties.save(ENGINE_VERSION_CHECKED_ON, Long.toString(now)); updateToVersion = v.toString(); } } } - DependencyVersion running = new DependencyVersion(currentVersion); - DependencyVersion released = new DependencyVersion(updateToVersion); + final DependencyVersion running = new DependencyVersion(currentVersion); + final DependencyVersion released = new DependencyVersion(updateToVersion); if (running.compareTo(released) < 0) { return true; } @@ -135,7 +148,7 @@ public class EngineVersionCheck implements CachedWebDataSource { /** * Opens the CVE and CPE data stores. * - * @throws UpdateException thrown if a data store cannot be opened + * @throws DatabaseException thrown if a data store cannot be opened */ protected final void openDatabase() throws DatabaseException { if (cveDB != null) { @@ -158,6 +171,11 @@ public class EngineVersionCheck implements CachedWebDataSource { } } + /** + * Retrieves the current released version number from the github documentation site. + * + * @return the current released version number + */ protected String getCurrentReleaseVersion() { HttpURLConnection conn = null; try { @@ -168,7 +186,7 @@ public class EngineVersionCheck implements CachedWebDataSource { if (conn.getResponseCode() != 200) { return null; } - String releaseVersion = IOUtils.toString(conn.getInputStream(), "UTF-8"); + final String releaseVersion = IOUtils.toString(conn.getInputStream(), "UTF-8"); if (releaseVersion != null) { return releaseVersion.trim(); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java index 75565f527..270baa95f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java @@ -262,8 +262,8 @@ public class DownloadTask implements Callable> { private void extractGzip(File file) throws FileNotFoundException, IOException { final String originalPath = file.getPath(); File gzip = new File(originalPath + ".gz"); - if (gzip.isFile()) { - gzip.delete(); + if (gzip.isFile() && !gzip.delete()) { + gzip.deleteOnExit(); } if (!file.renameTo(gzip)) { throw new IOException("Unable to rename '" + file.getPath() + "'"); @@ -284,10 +284,18 @@ public class DownloadTask implements Callable> { } } finally { if (cin != null) { - cin.close(); + try { + cin.close(); + } catch (IOException ex) { + LOGGER.log(Level.FINEST, "ignore", ex); + } } if (out != null) { - out.close(); + try { + out.close(); + } catch (IOException ex) { + LOGGER.log(Level.FINEST, "ignore", ex); + } } if (gzip.isFile()) { FileUtils.deleteQuietly(gzip); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java index 0e3c233ab..35d48c45b 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java @@ -299,14 +299,18 @@ public class ReportGenerator { } } - OutputStream outputSteam = new FileOutputStream(outFileName); - generateReport(templateName, outputSteam); - + OutputStream outputSteam = null; try { - outputSteam.close(); - } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + outputSteam = new FileOutputStream(outFileName); + generateReport(templateName, outputSteam); + } finally { + if (outputSteam != null) { + try { + outputSteam.close(); + } catch (IOException ex) { + LOGGER.log(Level.FINEST, "ignore", ex); + } + } } } - } diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java index 8f2cabc98..50c3ba2bb 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java @@ -353,6 +353,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo { /** * Initializes a new Engine that can be used for scanning. * + * @param project the current MavenProject * @return a newly instantiated Engine * @throws DatabaseException thrown if there is a database exception */ diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java index 81aaec309..efd6be00c 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java @@ -53,7 +53,7 @@ public class Engine extends org.owasp.dependencycheck.Engine { */ public Engine(MavenProject project) throws DatabaseException { this.currentProject = project; - MavenProject parent = getRootParent(); + final MavenProject parent = getRootParent(); if (parent != null && parent.getContextValue("dependency-check-data-was-updated") != null) { System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString()); } @@ -94,7 +94,7 @@ public class Engine extends org.owasp.dependencycheck.Engine { /** * Closes the given analyzer. This skips closing the CPEAnalyzer. * - * @param analyzer + * @param analyzer the analyzer to close */ @Override protected void closeAnalyzer(Analyzer analyzer) { @@ -111,7 +111,7 @@ public class Engine extends org.owasp.dependencycheck.Engine { * Closes the CPEAnalyzer if it has been created and persisted in the root parent MavenProject context. */ public void cleanupFinal() { - CPEAnalyzer cpe = getPreviouslyLoadedAnalyzer(); + final CPEAnalyzer cpe = getPreviouslyLoadedAnalyzer(); if (cpe != null) { cpe.close(); } @@ -124,7 +124,7 @@ public class Engine extends org.owasp.dependencycheck.Engine { */ private CPEAnalyzer getPreviouslyLoadedAnalyzer() { CPEAnalyzer cpe = null; - MavenProject project = getRootParent(); + final MavenProject project = getRootParent(); if (project != null) { cpe = (CPEAnalyzer) project.getContextValue(CPE_ANALYZER_KEY); } @@ -137,7 +137,7 @@ public class Engine extends org.owasp.dependencycheck.Engine { * @param cpe the CPEAnalyzer to store */ private void storeCPEAnalyzer(CPEAnalyzer cpe) { - MavenProject p = getRootParent(); + final MavenProject p = getRootParent(); if (p != null) { p.setContextValue(CPE_ANALYZER_KEY, cpe); }