checkstyle, findbugs, and pmd corrections

Former-commit-id: 85573816e82855343af1d41576ffc2479e8595ed

dependency-check-cli/src/main/java/org/owasp/dependencycheck/InvalidScanPathException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014 OWASP.
+ * This file is part of dependency-check-cli.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,6 +12,8 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
+ *
+ * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck;
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java

@@ -60,12 +60,12 @@ public class Engine {
      * A Map of analyzers grouped by Analysis phase.
      */
     private EnumMap<AnalysisPhase, List<Analyzer>> analyzers = new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class);
-    ;
+
     /**
      * A Map of analyzers grouped by Analysis phase.
      */
     private Set<FileTypeAnalyzer> fileTypeAnalyzers = new HashSet<FileTypeAnalyzer>();
-    ;
+
     /**
      * The ClassLoader to use when dynamically loading Analyzer and Update services.
      */
@@ -73,7 +73,7 @@ public class Engine {
     /**
      * The Logger for use throughout the class.
      */
-    private static Logger LOGGER = Logger.getLogger(Engine.class.getName());
+    private static final Logger LOGGER = Logger.getLogger(Engine.class.getName());
 
     /**
      * Creates a new Engine.

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java

@@ -17,6 +17,7 @@
  */
 package org.owasp.dependencycheck.data.nvdcve;
 
+import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
@@ -39,6 +40,7 @@ import org.owasp.dependencycheck.utils.DBUtils;
 import org.owasp.dependencycheck.utils.DependencyVersion;
 import org.owasp.dependencycheck.utils.DependencyVersionUtil;
 import org.owasp.dependencycheck.utils.Pair;
+import org.owasp.dependencycheck.utils.Settings;
 
 /**
  * The database holding information about the NVD CVE data.
@@ -705,7 +707,7 @@ public class CveDB {
     /**
      * Checks to see if data exists so that analysis can be performed.
      *
-     * @return <code>true</code if data exists; otherwise <code>false</code>
+     * @return <code>true</code> if data exists; otherwise <code>false</code>
      */
     public boolean dataExists() {
         Statement cs = null;
@@ -719,7 +721,19 @@ public class CveDB {
                 }
             }
         } catch (SQLException ex) {
-            Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
+            String dd;
+            try {
+                dd = Settings.getDataDirectory().getAbsolutePath();
+            } catch (IOException ex1) {
+                dd = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
+            }
+            final String msg = String.format("Unable to access the local database.%n%nEnsure that '%s' is a writable directory. "
+                    + "If the problem persist try deleting the files in '%s' and running %s again. If the problem continues, please "
+                    + "create a log file (see documentation at http://jeremylong.github.io/DependencyCheck/) and open a ticket at "
+                    + "https://github.com/jeremylong/DependencyCheck/issues and include the log file.%n%n",
+                    dd, dd, Settings.getString(Settings.KEYS.APPLICATION_VAME));
+            LOGGER.log(Level.SEVERE, msg);
+            LOGGER.log(Level.FINE, "", ex);
         } finally {
             DBUtils.closeResultSet(rs);
             DBUtils.closeStatement(cs);

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java

@@ -68,7 +68,6 @@ public class EngineVersionCheck implements CachedWebDataSource {
      *
      * @return the version to test
      */
-
     protected String getUpdateToVersion() {
         return updateToVersion;
     }
@@ -90,8 +89,8 @@ public class EngineVersionCheck implements CachedWebDataSource {
             final long lastChecked = Long.parseLong(properties.getProperty(ENGINE_VERSION_CHECKED_ON, "0"));
             final long now = (new Date()).getTime();
             updateToVersion = properties.getProperty(CURRENT_ENGINE_RELEASE, "");
-            String currentVersion = Settings.getString(Settings.KEYS.APPLICATION_VERSION, "0.0.0");
+            final String currentVersion = Settings.getString(Settings.KEYS.APPLICATION_VERSION, "0.0.0");
-            boolean updateNeeded = shouldUpdate(lastChecked, now, properties, currentVersion);
+            final boolean updateNeeded = shouldUpdate(lastChecked, now, properties, currentVersion);
             if (updateNeeded) {
                 final String msg = String.format("A new version of dependency-check is available. Consider updating to version %s.",
                         updateToVersion);
@@ -105,7 +104,19 @@ public class EngineVersionCheck implements CachedWebDataSource {
         }
     }
 
-    protected boolean shouldUpdate(final long lastChecked, final long now, final DatabaseProperties properties, String currentVersion) throws UpdateException {
+    /**
+     * Determines if a new version of the dependency-check engine has been released.
+     *
+     * @param lastChecked the epoch time of the last version check
+     * @param now the current epoch time
+     * @param properties the database properties object
+     * @param currentVersion the current version of dependency-check
+     * @return <code>true</code> if a newer version of the database has been released; otherwise <code>false</code>
+     * @throws UpdateException thrown if there is an error connecting to the github documentation site or accessing the
+     * local database.
+     */
+    protected boolean shouldUpdate(final long lastChecked, final long now, final DatabaseProperties properties,
+            String currentVersion) throws UpdateException {
         //check every 30 days if we know there is an update, otherwise check every 7 days
         int checkRange = 30;
         if (updateToVersion.isEmpty()) {
@@ -114,18 +125,20 @@ public class EngineVersionCheck implements CachedWebDataSource {
         if (!DateUtil.withinDateRange(lastChecked, now, checkRange)) {
             final String currentRelease = getCurrentReleaseVersion();
             if (currentRelease != null) {
-                DependencyVersion v = new DependencyVersion(currentRelease);
+                final DependencyVersion v = new DependencyVersion(currentRelease);
                 if (v.getVersionParts() != null && v.getVersionParts().size() >= 3) {
                     if (!currentRelease.equals(updateToVersion)) {
                         properties.save(CURRENT_ENGINE_RELEASE, v.toString());
+                    } else {
+                        properties.save(CURRENT_ENGINE_RELEASE, "");
                     }
                     properties.save(ENGINE_VERSION_CHECKED_ON, Long.toString(now));
                     updateToVersion = v.toString();
                 }
             }
         }
-        DependencyVersion running = new DependencyVersion(currentVersion);
+        final DependencyVersion running = new DependencyVersion(currentVersion);
-        DependencyVersion released = new DependencyVersion(updateToVersion);
+        final DependencyVersion released = new DependencyVersion(updateToVersion);
         if (running.compareTo(released) < 0) {
             return true;
         }
@@ -135,7 +148,7 @@ public class EngineVersionCheck implements CachedWebDataSource {
     /**
      * Opens the CVE and CPE data stores.
      *
-     * @throws UpdateException thrown if a data store cannot be opened
+     * @throws DatabaseException thrown if a data store cannot be opened
      */
     protected final void openDatabase() throws DatabaseException {
         if (cveDB != null) {
@@ -158,6 +171,11 @@ public class EngineVersionCheck implements CachedWebDataSource {
         }
     }
 
+    /**
+     * Retrieves the current released version number from the github documentation site.
+     *
+     * @return the current released version number
+     */
     protected String getCurrentReleaseVersion() {
         HttpURLConnection conn = null;
         try {
@@ -168,7 +186,7 @@ public class EngineVersionCheck implements CachedWebDataSource {
             if (conn.getResponseCode() != 200) {
                 return null;
             }
-            String releaseVersion = IOUtils.toString(conn.getInputStream(), "UTF-8");
+            final String releaseVersion = IOUtils.toString(conn.getInputStream(), "UTF-8");
             if (releaseVersion != null) {
                 return releaseVersion.trim();
             }

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java

@@ -262,8 +262,8 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
     private void extractGzip(File file) throws FileNotFoundException, IOException {
         final String originalPath = file.getPath();
         File gzip = new File(originalPath + ".gz");
-        if (gzip.isFile()) {
+        if (gzip.isFile() && !gzip.delete()) {
-            gzip.delete();
+            gzip.deleteOnExit();
         }
         if (!file.renameTo(gzip)) {
             throw new IOException("Unable to rename '" + file.getPath() + "'");
@@ -284,10 +284,18 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
             }
         } finally {
             if (cin != null) {
+                try {
                     cin.close();
+                } catch (IOException ex) {
+                    LOGGER.log(Level.FINEST, "ignore", ex);
+                }
             }
             if (out != null) {
+                try {
                     out.close();
+                } catch (IOException ex) {
+                    LOGGER.log(Level.FINEST, "ignore", ex);
+                }
             }
             if (gzip.isFile()) {
                 FileUtils.deleteQuietly(gzip);

dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java

@@ -299,14 +299,18 @@ public class ReportGenerator {
             }
         }
 
-        OutputStream outputSteam = new FileOutputStream(outFileName);
+        OutputStream outputSteam = null;
+        try {
+            outputSteam = new FileOutputStream(outFileName);
             generateReport(templateName, outputSteam);
-
+        } finally {
+            if (outputSteam != null) {
                 try {
                     outputSteam.close();
                 } catch (IOException ex) {
-            LOGGER.log(Level.FINEST, null, ex);
+                    LOGGER.log(Level.FINEST, "ignore", ex);
+                }
+            }
         }
     }
-
 }

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java

@@ -353,6 +353,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
     /**
      * Initializes a new <code>Engine</code> that can be used for scanning.
      *
+     * @param project the current MavenProject
      * @return a newly instantiated <code>Engine</code>
      * @throws DatabaseException thrown if there is a database exception
      */

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java

@@ -53,7 +53,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
      */
     public Engine(MavenProject project) throws DatabaseException {
         this.currentProject = project;
-        MavenProject parent = getRootParent();
+        final MavenProject parent = getRootParent();
         if (parent != null && parent.getContextValue("dependency-check-data-was-updated") != null) {
             System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());
         }
@@ -94,7 +94,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
     /**
      * Closes the given analyzer. This skips closing the CPEAnalyzer.
      *
-     * @param analyzer
+     * @param analyzer the analyzer to close
      */
     @Override
     protected void closeAnalyzer(Analyzer analyzer) {
@@ -111,7 +111,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
      * Closes the CPEAnalyzer if it has been created and persisted in the root parent MavenProject context.
      */
     public void cleanupFinal() {
-        CPEAnalyzer cpe = getPreviouslyLoadedAnalyzer();
+        final CPEAnalyzer cpe = getPreviouslyLoadedAnalyzer();
         if (cpe != null) {
             cpe.close();
         }
@@ -124,7 +124,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
      */
     private CPEAnalyzer getPreviouslyLoadedAnalyzer() {
         CPEAnalyzer cpe = null;
-        MavenProject project = getRootParent();
+        final MavenProject project = getRootParent();
         if (project != null) {
             cpe = (CPEAnalyzer) project.getContextValue(CPE_ANALYZER_KEY);
         }
@@ -137,7 +137,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
      * @param cpe the CPEAnalyzer to store
      */
     private void storeCPEAnalyzer(CPEAnalyzer cpe) {
-        MavenProject p = getRootParent();
+        final MavenProject p = getRootParent();
         if (p != null) {
             p.setContextValue(CPE_ANALYZER_KEY, cpe);
         }