checkstyle/pmd/etc. corrections

Former-commit-id: 59883bd0b03c8690ce9a20120eafefe7c61384cd

dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
- * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
+ * Copyright (c) 2014 Steve Springett. All Rights Reserved.
  */
 package org.owasp.dependencycheck.agent;
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java

@@ -531,7 +531,6 @@ public class CPEAnalyzer implements Analyzer {
                     if (dbVer == null //special case, no version specified - everything is vulnerable
                             || evVer.equals(dbVer)) { //yeah! exact match
 
-                        //final String url = String.format("http://web.nvd.nist.gov/view/vuln/search?cpe=%s", URLEncoder.encode(vs.getName(), "UTF-8"));
                         final String url = String.format(NVD_SEARCH_URL, URLEncoder.encode(vs.getName(), "UTF-8"));
                         final IdentifierMatch match = new IdentifierMatch("cpe", vs.getName(), url, IdentifierConfidence.EXACT_MATCH, conf);
                         collected.add(match);

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java

@@ -571,7 +571,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                 groupid = parentGroupId;
             }
         }
-        String originalGroupID = groupid;
+        final String originalGroupID = groupid;
 
         if (groupid != null && !groupid.isEmpty()) {
             if (groupid.startsWith("org.") || groupid.startsWith("com.")) {
@@ -601,7 +601,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                 artifactid = parentArtifactId;
             }
         }
-        String originalArtifactID = artifactid;
+        final String originalArtifactID = artifactid;
         if (artifactid != null && !artifactid.isEmpty()) {
             if (artifactid.startsWith("org.") || artifactid.startsWith("com.")) {
                 artifactid = artifactid.substring(4);

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java

@@ -248,6 +248,7 @@ public class CveDB {
     /**
      * SQL Statement to retrieve a property from the database.
      */
+    @SuppressWarnings("unused")
     private static final String SELECT_PROPERTY = "SELECT id, value FROM properties WHERE id = ?";
     /**
      * SQL Statement to insert a new property.
@@ -260,6 +261,7 @@ public class CveDB {
     /**
      * SQL Statement to delete a property.
      */
+    @SuppressWarnings("unused")
     private static final String DELETE_PROPERTY = "DELETE FROM properties WHERE id = ?";
 
     //</editor-fold>

dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java

@@ -20,7 +20,6 @@ package org.owasp.dependencycheck.suppression;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
-import java.util.logging.Logger;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Identifier;
 import org.owasp.dependencycheck.dependency.Vulnerability;
@@ -31,10 +30,6 @@ import org.owasp.dependencycheck.dependency.Vulnerability;
  */
 public class SuppressionRule {
 
-    /**
-     * The Logger for use throughout the class
-     */
-    private static final Logger LOGGER = Logger.getLogger(SuppressionRule.class.getName());
     /**
      * The file path for the suppression.
      */
@@ -285,14 +280,11 @@ public class SuppressionRule {
             return;
         }
         if (gav != null) {
-            LOGGER.info(this.toString());
             final Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
             boolean gavFound = false;
             while (itr.hasNext()) {
                 final Identifier i = itr.next();
-                LOGGER.info(String.format("%nChecking %s for gav:%s", i.getValue(), this.gav));
                 if (identifierMatches("maven", this.gav, i)) {
-                    LOGGER.info("GAV Matched!");
                     gavFound = true;
                     break;
                 }
@@ -306,17 +298,8 @@ public class SuppressionRule {
             final Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
             while (itr.hasNext()) {
                 final Identifier i = itr.next();
-                if (this.gav != null) {
-                    LOGGER.info(String.format("%nProcessesing %s", i.getValue()));
-                }
                 for (PropertyType c : this.cpe) {
-                    if (this.gav != null) {
-                        LOGGER.info(String.format("%nChecking %s for cpe:%s", i.getValue(), c.getValue()));
-                    }
                     if (identifierMatches("cpe", c, i)) {
-                        if (this.gav != null) {
-                            LOGGER.info(String.format("%nRemoving %s", i.getValue()));
-                        }
                         dependency.addSuppressedIdentifier(i);
                         itr.remove();
                         break;
@@ -372,7 +355,7 @@ public class SuppressionRule {
     boolean cpeHasNoVersion(PropertyType c) {
         if (c.isRegex()) {
             return false;
-        } // cpe:/a:jboss:jboss:1.0.0
+        }
         if (countCharacter(c.getValue(), ':') == 3) {
             return true;
         }
@@ -399,6 +382,7 @@ public class SuppressionRule {
     /**
      * Determines if the cpeEntry specified as a PropertyType matches the given Identifier.
      *
+     * @param identifierType the type of identifier ("cpe", "maven", etc.)
      * @param suppressionEntry a suppression rule entry
      * @param identifier a CPE identifier to check
      * @return true if the entry matches; otherwise false
@@ -420,9 +404,14 @@ public class SuppressionRule {
         return false;
     }
 
+    /**
+     * Standard toString implementation.
+     *
+     * @return a string representation of this object
+     */
     @Override
     public String toString() {
-        StringBuilder sb = new StringBuilder();
+        final StringBuilder sb = new StringBuilder();
         sb.append("SuppressionRule{");
         if (filePath != null) {
             sb.append("filePath=").append(filePath).append(",");
@@ -464,5 +453,4 @@ public class SuppressionRule {
         sb.append("}");
         return sb.toString();
     }
-
 }

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java

@@ -1,17 +1,19 @@
 /*
- * Copyright 2014 OWASP.
+ * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
+ *
+ * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.utils;
 
@@ -33,7 +35,7 @@ import static org.owasp.dependencycheck.utils.FileUtils.getFileExtension;
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
-public class ExtractionUtil {
+public final class ExtractionUtil {
 
     /**
      * The logger.