diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java index 5f3894aeb..6fa41e556 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * Copyright (c) 2014 Jeremy Long. All Rights Reserved. + * Copyright (c) 2014 Steve Springett. All Rights Reserved. */ package org.owasp.dependencycheck.agent; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java index ef4044543..bb75da624 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java @@ -531,7 +531,6 @@ public class CPEAnalyzer implements Analyzer { if (dbVer == null //special case, no version specified - everything is vulnerable || evVer.equals(dbVer)) { //yeah! exact match - //final String url = String.format("http://web.nvd.nist.gov/view/vuln/search?cpe=%s", URLEncoder.encode(vs.getName(), "UTF-8")); final String url = String.format(NVD_SEARCH_URL, URLEncoder.encode(vs.getName(), "UTF-8")); final IdentifierMatch match = new IdentifierMatch("cpe", vs.getName(), url, IdentifierConfidence.EXACT_MATCH, conf); collected.add(match); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index a89daaa72..5b6e77eef 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -571,7 +571,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { groupid = parentGroupId; } } - String originalGroupID = groupid; + final String originalGroupID = groupid; if (groupid != null && !groupid.isEmpty()) { if (groupid.startsWith("org.") || groupid.startsWith("com.")) { @@ -601,7 +601,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { artifactid = parentArtifactId; } } - String originalArtifactID = artifactid; + final String originalArtifactID = artifactid; if (artifactid != null && !artifactid.isEmpty()) { if (artifactid.startsWith("org.") || artifactid.startsWith("com.")) { artifactid = artifactid.substring(4); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index 131a28299..da6b2ae58 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -248,6 +248,7 @@ public class CveDB { /** * SQL Statement to retrieve a property from the database. */ + @SuppressWarnings("unused") private static final String SELECT_PROPERTY = "SELECT id, value FROM properties WHERE id = ?"; /** * SQL Statement to insert a new property. @@ -260,6 +261,7 @@ public class CveDB { /** * SQL Statement to delete a property. */ + @SuppressWarnings("unused") private static final String DELETE_PROPERTY = "DELETE FROM properties WHERE id = ?"; // diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java index 9e1261e31..958204e48 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java @@ -20,7 +20,6 @@ package org.owasp.dependencycheck.suppression; import java.util.ArrayList; import java.util.Iterator; import java.util.List; -import java.util.logging.Logger; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Identifier; import org.owasp.dependencycheck.dependency.Vulnerability; @@ -31,10 +30,6 @@ import org.owasp.dependencycheck.dependency.Vulnerability; */ public class SuppressionRule { - /** - * The Logger for use throughout the class - */ - private static final Logger LOGGER = Logger.getLogger(SuppressionRule.class.getName()); /** * The file path for the suppression. */ @@ -285,14 +280,11 @@ public class SuppressionRule { return; } if (gav != null) { - LOGGER.info(this.toString()); final Iterator itr = dependency.getIdentifiers().iterator(); boolean gavFound = false; while (itr.hasNext()) { final Identifier i = itr.next(); - LOGGER.info(String.format("%nChecking %s for gav:%s", i.getValue(), this.gav)); if (identifierMatches("maven", this.gav, i)) { - LOGGER.info("GAV Matched!"); gavFound = true; break; } @@ -306,17 +298,8 @@ public class SuppressionRule { final Iterator itr = dependency.getIdentifiers().iterator(); while (itr.hasNext()) { final Identifier i = itr.next(); - if (this.gav != null) { - LOGGER.info(String.format("%nProcessesing %s", i.getValue())); - } for (PropertyType c : this.cpe) { - if (this.gav != null) { - LOGGER.info(String.format("%nChecking %s for cpe:%s", i.getValue(), c.getValue())); - } if (identifierMatches("cpe", c, i)) { - if (this.gav != null) { - LOGGER.info(String.format("%nRemoving %s", i.getValue())); - } dependency.addSuppressedIdentifier(i); itr.remove(); break; @@ -372,7 +355,7 @@ public class SuppressionRule { boolean cpeHasNoVersion(PropertyType c) { if (c.isRegex()) { return false; - } // cpe:/a:jboss:jboss:1.0.0 + } if (countCharacter(c.getValue(), ':') == 3) { return true; } @@ -399,6 +382,7 @@ public class SuppressionRule { /** * Determines if the cpeEntry specified as a PropertyType matches the given Identifier. * + * @param identifierType the type of identifier ("cpe", "maven", etc.) * @param suppressionEntry a suppression rule entry * @param identifier a CPE identifier to check * @return true if the entry matches; otherwise false @@ -420,9 +404,14 @@ public class SuppressionRule { return false; } + /** + * Standard toString implementation. + * + * @return a string representation of this object + */ @Override public String toString() { - StringBuilder sb = new StringBuilder(); + final StringBuilder sb = new StringBuilder(); sb.append("SuppressionRule{"); if (filePath != null) { sb.append("filePath=").append(filePath).append(","); @@ -464,5 +453,4 @@ public class SuppressionRule { sb.append("}"); return sb.toString(); } - } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java index aae31e6f3..3f0ae2b03 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java @@ -1,17 +1,19 @@ /* - * Copyright 2014 OWASP. + * This file is part of dependency-check-core. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * + * Copyright (c) 2013 Jeremy Long. All Rights Reserved. */ package org.owasp.dependencycheck.utils; @@ -33,7 +35,7 @@ import static org.owasp.dependencycheck.utils.FileUtils.getFileExtension; * * @author Jeremy Long */ -public class ExtractionUtil { +public final class ExtractionUtil { /** * The logger.