diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
index ca5aa8e77..520c85009 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
@@ -416,7 +416,7 @@ public class App {
}
/**
- * Takes a path and resolves it to be a canonical & absolute path. The caveats are that this method will take an Ant style
+ * Takes a path and resolves it to be a canonical & absolute path. The caveats are that this method will take an Ant style
* file selector path (../someDir/**\/*.jar) and convert it to an absolute/canonical path (at least to the left of the first *
* or ?).
*
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index 1f8f283cf..4bdfc39a2 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -280,22 +280,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
slf4j-api
-
- ch.qos.logback
- logback-core
- test
-
ch.qos.logback
logback-classic
test
-
-
- org.slf4j
- slf4j-ext
- compile
-
org.owasp
dependency-check-utils
@@ -342,6 +331,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
com.h2database
h2
+ runtime
org.glassfish
@@ -350,7 +340,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
org.jsoup
jsoup
- jar
com.sun.mail
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
index 2da745245..b6e170a7d 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -366,8 +366,7 @@ public class Engine implements FileFilter {
* This is okay for adds/deletes because it happens per analyzer.
*/
LOGGER.debug("Begin Analyzer '{}'", a.getName());
- final Set dependencySet = new HashSet();
- dependencySet.addAll(dependencies);
+ final Set dependencySet = new HashSet(dependencies);
for (Dependency d : dependencySet) {
boolean shouldAnalyze = true;
if (a instanceof FileTypeAnalyzer) {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
index f43e09240..357d5f351 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -184,7 +184,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
if (tempFileLocation != null && tempFileLocation.exists()) {
LOGGER.debug("Attempting to delete temporary files");
final boolean success = FileUtils.delete(tempFileLocation);
- if (!success && tempFileLocation != null && tempFileLocation.exists() && tempFileLocation.list().length > 0) {
+ if (!success && tempFileLocation.exists() && tempFileLocation.list().length > 0) {
LOGGER.warn("Failed to delete some temporary files, see the log for more details");
}
}
@@ -271,15 +271,14 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
* @return any dependencies that weren't known to the engine before
*/
private static Set findMoreDependencies(Engine engine, File file) {
- List before = new ArrayList(engine.getDependencies());
+ final List before = new ArrayList(engine.getDependencies());
engine.scan(file);
- List after = engine.getDependencies();
+ final List after = engine.getDependencies();
final boolean sizeChanged = before.size() != after.size();
final Set newDependencies;
if (sizeChanged) {
//get the new dependencies
- newDependencies = new HashSet();
- newDependencies.addAll(after);
+ newDependencies = new HashSet(after);
newDependencies.removeAll(before);
} else {
newDependencies = EMPTY_DEPENDENCY_SET;
@@ -452,7 +451,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
*
* @param closeable to be closed
*/
- private static void close(Closeable closeable){
+ private static void close(Closeable closeable) {
if (null != closeable) {
try {
closeable.close();
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
index 26e795ee4..dc60c485b 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
@@ -17,8 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
-import ch.qos.cal10n.IMessageConveyor;
-import ch.qos.cal10n.MessageConveyor;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileFilter;
@@ -45,7 +43,6 @@ import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import java.util.ArrayList;
import java.util.List;
-import java.util.Locale;
/**
* Analyzer for getting company, product, and version information from a .NET assembly.
@@ -75,10 +72,6 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
* The DocumentBuilder for parsing the XML
*/
private DocumentBuilder builder;
- /**
- * Message Conveyer
- */
- private static final IMessageConveyor MESSAGE_CONVERYOR = new MessageConveyor(Locale.getDefault());
/**
* Logger
*/
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
index d518f8490..d136ee235 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
@@ -154,8 +154,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
*/
@SuppressWarnings("null")
private void removeSpuriousCPE(Dependency dependency) {
- final List ids = new ArrayList();
- ids.addAll(dependency.getIdentifiers());
+ final List ids = new ArrayList(dependency.getIdentifiers());
Collections.sort(ids);
final ListIterator mainItr = ids.listIterator();
while (mainItr.hasNext()) {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
index d489d97c0..56a98fd7e 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
@@ -28,10 +28,16 @@ import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.json.*;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
+import java.util.Map;
+import javax.json.Json;
+import javax.json.JsonException;
+import javax.json.JsonObject;
+import javax.json.JsonReader;
+import javax.json.JsonString;
+import javax.json.JsonValue;
/**
* Used to analyze Node Package Manager (npm) package.json files, and collect information that can be used to determine
@@ -120,13 +126,13 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
"Problem occurred while reading dependency file.", e);
}
try {
- JsonObject json = jsonReader.readObject();
+ final JsonObject json = jsonReader.readObject();
final EvidenceCollection productEvidence = dependency.getProductEvidence();
final EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
if (json.containsKey("name")) {
- Object value = json.get("name");
+ final Object value = json.get("name");
if (value instanceof JsonString) {
- String valueString = ((JsonString) value).getString();
+ final String valueString = ((JsonString) value).getString();
productEvidence.addEvidence(PACKAGE_JSON, "name", valueString, Confidence.HIGHEST);
vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString), Confidence.LOW);
} else {
@@ -146,20 +152,21 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
private void addToEvidence(JsonObject json, EvidenceCollection collection, String key) {
if (json.containsKey(key)) {
- Object value = json.get(key);
+ final JsonValue value = json.get(key);
if (value instanceof JsonString) {
collection.addEvidence(PACKAGE_JSON, key, ((JsonString) value).getString(), Confidence.HIGHEST);
} else if (value instanceof JsonObject) {
final JsonObject jsonObject = (JsonObject) value;
- for (String property : jsonObject.keySet()) {
- final Object subValue = jsonObject.get(property);
+ for (final Map.Entry entry : jsonObject.entrySet()) {
+ final String property = entry.getKey();
+ final JsonValue subValue = entry.getValue();
if (subValue instanceof JsonString) {
collection.addEvidence(PACKAGE_JSON,
String.format("%s.%s", key, property),
((JsonString) subValue).getString(),
Confidence.HIGHEST);
} else {
- LOGGER.warn("JSON sub-value not string as expected: %s");
+ LOGGER.warn("JSON sub-value not string as expected: %s", subValue);
}
}
} else {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
index 90a1e3490..4ab780755 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -490,7 +490,7 @@ public class CveDB {
deleteReferences = getConnection().prepareStatement(statementBundle.getString("DELETE_REFERENCE"));
deleteSoftware = getConnection().prepareStatement(statementBundle.getString("DELETE_SOFTWARE"));
updateVulnerability = getConnection().prepareStatement(statementBundle.getString("UPDATE_VULNERABILITY"));
- String ids[] = {"id"};
+ final String ids[] = {"id"};
insertVulnerability = getConnection().prepareStatement(statementBundle.getString("INSERT_VULNERABILITY"),
//Statement.RETURN_GENERATED_KEYS);
ids);
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java
index 0f6707488..e773f0f15 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java
@@ -24,7 +24,6 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
-import java.util.Date;
import java.util.List;
import java.util.zip.GZIPInputStream;
import javax.xml.parsers.ParserConfigurationException;
@@ -69,8 +68,8 @@ public class CpeUpdater extends BaseUpdater implements CachedWebDataSource {
for (Cpe cpe : cpes) {
getCveDB().addCpe(cpe.getValue(), cpe.getVendor(), cpe.getProduct());
}
- final Date now = new Date();
- getProperties().save(LAST_CPE_UPDATE, Long.toString(now.getTime()));
+ final long now = System.currentTimeMillis();
+ getProperties().save(LAST_CPE_UPDATE, Long.toString(now));
LOGGER.info("CPE update complete");
}
} finally {
@@ -134,14 +133,14 @@ public class CpeUpdater extends BaseUpdater implements CachedWebDataSource {
* @return true if the CPE data should be refreshed
*/
private boolean updateNeeded() {
- final Date now = new Date();
+ final long now = System.currentTimeMillis();
final int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS, 30);
long timestamp = 0;
final String ts = getProperties().getProperty(LAST_CPE_UPDATE);
if (ts != null && ts.matches("^[0-9]+$")) {
timestamp = Long.parseLong(ts);
}
- return !DateUtil.withinDateRange(timestamp, now.getTime(), days);
+ return !DateUtil.withinDateRange(timestamp, now, days);
}
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java
index 81df9557b..c3ff0b7b5 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java
@@ -21,7 +21,6 @@ import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
-import java.util.Date;
import org.apache.commons.io.IOUtils;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
@@ -88,7 +87,7 @@ public class EngineVersionCheck implements CachedWebDataSource {
LOGGER.debug("Begin Engine Version Check");
final DatabaseProperties properties = cveDB.getDatabaseProperties();
final long lastChecked = Long.parseLong(properties.getProperty(ENGINE_VERSION_CHECKED_ON, "0"));
- final long now = (new Date()).getTime();
+ final long now = System.currentTimeMillis();
updateToVersion = properties.getProperty(CURRENT_ENGINE_RELEASE, "");
final String currentVersion = Settings.getString(Settings.KEYS.APPLICATION_VERSION, "0.0.0");
LOGGER.debug("Last checked: {}", lastChecked);
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
index ef9aa2846..570c542ea 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
@@ -19,7 +19,6 @@ package org.owasp.dependencycheck.data.update;
import java.net.MalformedURLException;
import java.util.Calendar;
-import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.ExecutionException;
@@ -214,11 +213,11 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
if (!getProperties().isEmpty()) {
try {
final long lastUpdated = Long.parseLong(getProperties().getProperty(DatabaseProperties.LAST_UPDATED, "0"));
- final Date now = new Date();
+ final long now = System.currentTimeMillis();
final int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS, 7);
if (lastUpdated == updates.getTimeStamp(MODIFIED)) {
updates.clear(); //we don't need to update anything.
- } else if (DateUtil.withinDateRange(lastUpdated, now.getTime(), days)) {
+ } else if (DateUtil.withinDateRange(lastUpdated, now, days)) {
for (NvdCveInfo entry : updates) {
if (MODIFIED.equals(entry.getId())) {
entry.setNeedsUpdate(true);
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java
index 6a155c6ca..2e46a4678 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java
@@ -179,7 +179,7 @@ public class CPEHandler extends DefaultHandler {
/**
* A simple class to maintain information about the current element while parsing the CPE XML.
*/
- protected class Element {
+ protected static final class Element {
/**
* A node type in the CPE Schema 2.2
diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
index dc278bc4d..c8d8418cf 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
@@ -31,7 +31,6 @@ import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Enumeration;
import java.util.Properties;
-import java.util.logging.Level;
/**
* A simple settings container that wraps the dependencycheck.properties file.
@@ -626,11 +625,9 @@ public final class Settings {
*/
public static File getTempDirectory() throws IOException {
final File tmpDir = new File(Settings.getString(Settings.KEYS.TEMP_DIRECTORY, System.getProperty("java.io.tmpdir")), "dctemp");
- if (!tmpDir.exists()) {
- if (!tmpDir.mkdirs()) {
- final String msg = String.format("Unable to make a temporary folder '%s'", tmpDir.getPath());
- throw new IOException(msg);
- }
+ if (!tmpDir.exists() && !tmpDir.mkdirs()) {
+ final String msg = String.format("Unable to make a temporary folder '%s'", tmpDir.getPath());
+ throw new IOException(msg);
}
tempDirectory = tmpDir;
return tmpDir;
diff --git a/pom.xml b/pom.xml
index 0d69b1666..e83b0b7e0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -620,16 +620,6 @@ Copyright (c) 2012 - Jeremy Long
slf4j-api
${slf4j.version}
-
- org.slf4j
- slf4j-ext
- ${slf4j.version}
-
-
- org.slf4j
- slf4j-jdk14
- ${slf4j.version}
-
org.slf4j
slf4j-simple