cleanup from reviews. Mostly formatting

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java

@@ -154,7 +154,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
     @Override
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
-    	    dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
+		dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
         final File file = dependency.getActualFile();
         final String name = file.getName();
         String contents;

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java

@@ -43,10 +43,10 @@ import org.owasp.dependencycheck.utils.Settings;
 @Experimental
 public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
 
-    /**
+	/**
-     * A descriptor for the type of dependencies processed or added by this analyzer
+	 * A descriptor for the type of dependencies processed or added by this analyzer
-     */
+	 */
-     public static final String DEPENDENCY_ECOSYSTEM = "CocoaPod";
+	public static final String DEPENDENCY_ECOSYSTEM = "CocoaPod";
   
     /**
      * The logger.
@@ -127,7 +127,7 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
 
-    		dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
+		dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
         String contents;
         try {
             contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java

@@ -46,10 +46,10 @@ import java.security.NoSuchAlgorithmException;
 @Experimental
 public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
 
-    /**
+	/**
-     * A descriptor for the type of dependencies processed or added by this analyzer
+	 * A descriptor for the type of dependencies processed or added by this analyzer
-     */
+	 */
-     public static final String DEPENDENCY_ECOSYSTEM = "Composer";
+	public static final String DEPENDENCY_ECOSYSTEM = "Composer";
 
     /**
      * The logger.
@@ -118,9 +118,7 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
                 final String filePath = String.format("%s:%s/%s/%s", dependency.getFilePath(), dep.getGroup(), dep.getProject(), dep.getVersion());        			
                 d.setName(dep.getProject());
                 d.setVersion(dep.getVersion());              
-                
+				d.setEcosystem(DEPENDENCY_ECOSYSTEM);
-                d.setEcosystem(DEPENDENCY_ECOSYSTEM);
-                
                 final MessageDigest sha1 = getSha1MessageDigest();
                 d.setFilePath(filePath);
                 d.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes(Charset.defaultCharset()))));
@@ -133,13 +131,12 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
                 //make sure we only remove the main dependency if we went through this loop at least once.
                 	processedAtLeastOneDep = true;
                 }
-            //remove the dependency at the end because it's referenced in the loop itself.
+			// remove the dependency at the end because it's referenced in the loop itself.
-            //double check the name to be sure we only remove the generic entry.
+			// double check the name to be sure we only remove the generic entry.
-            if (processedAtLeastOneDep && dependency.getDisplayFileName().equalsIgnoreCase("composer.lock")) {
+			if (processedAtLeastOneDep && dependency.getDisplayFileName().equalsIgnoreCase("composer.lock")) {
-            		LOGGER.debug("Removing main redundant dependency {}",dependency.getDisplayFileName());
+				LOGGER.debug("Removing main redundant dependency {}", dependency.getDisplayFileName());
-            		engine.getDependencies().remove(dependency);   
+				engine.getDependencies().remove(dependency);
-
+			}
-            }
         } catch (IOException ex) {
             LOGGER.warn("Error opening dependency {}", dependency.getActualFilePath());
         } catch (ComposerException ce) {

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java

@@ -49,10 +49,10 @@ import org.owasp.dependencycheck.exception.InitializationException;
 @Experimental
 public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
 
-    /**
+	/**
-     * A descriptor for the type of dependencies processed or added by this analyzer
+	 * A descriptor for the type of dependencies processed or added by this analyzer
-     */
+	 */
-    public static final String DEPENDENCY_ECOSYSTEM = "npm";
+	public static final String DEPENDENCY_ECOSYSTEM = "npm";
  
 	/**
      * The logger.
@@ -125,39 +125,40 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
         return Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED;
     }
 
-    @Override
+	@Override
-    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
+	protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
-        dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
+		dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
-    		final File file = dependency.getActualFile();
+		final File file = dependency.getActualFile();
-        if (!file.isFile() || file.length()==0) {
+		if (!file.isFile() || file.length() == 0) {
-            return;
+			return;
-        }
+		}
-        try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
+		try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
-            final JsonObject json = jsonReader.readObject();
+			final JsonObject json = jsonReader.readObject();
-            final EvidenceCollection productEvidence = dependency.getProductEvidence();
+			final EvidenceCollection productEvidence = dependency.getProductEvidence();
-            final EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
+			final EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
-            if (json.containsKey("name")) {
+			if (json.containsKey("name")) {
-                final Object value = json.get("name");
+				final Object value = json.get("name");
-                if (value instanceof JsonString) {
+				if (value instanceof JsonString) {
-                    final String valueString = ((JsonString) value).getString();
+					final String valueString = ((JsonString) value).getString();
-                    productEvidence.addEvidence(PACKAGE_JSON, "name", valueString, Confidence.HIGHEST);
+					productEvidence.addEvidence(PACKAGE_JSON, "name", valueString, Confidence.HIGHEST);
-                    dependency.setName(valueString);
+					dependency.setName(valueString);
-                    vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString), Confidence.LOW);
+					vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString),
-                } else {
+							Confidence.LOW);
-                    LOGGER.warn("JSON value not string as expected: {}", value);
+				} else {
-                }
+					LOGGER.warn("JSON value not string as expected: {}", value);
-            }
+				}
-            addToEvidence(json, productEvidence, "description");
+			}
-            addToEvidence(json, vendorEvidence, "author");
+			addToEvidence(json, productEvidence, "description");
-            final String version = addToEvidence(json, dependency.getVersionEvidence(), "version");
+			addToEvidence(json, vendorEvidence, "author");
-            dependency.setVersion(version);
+			final String version = addToEvidence(json, dependency.getVersionEvidence(), "version");
+			dependency.setVersion(version);
 
-        } catch (JsonException e) {
+		} catch (JsonException e) {
-            LOGGER.warn("Failed to parse package.json file.", e);
+			LOGGER.warn("Failed to parse package.json file.", e);
-        } catch (IOException e) {
+		} catch (IOException e) {
-            throw new AnalysisException("Problem occurred while reading dependency file.", e);
+			throw new AnalysisException("Problem occurred while reading dependency file.", e);
-        }
+		}
-    }
+	}
 
     /**
      * Adds information to an evidence collection from the node json

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java

@@ -57,10 +57,10 @@ import java.util.concurrent.atomic.AtomicInteger;
 @Experimental
 public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
 
-    /**
+	/**
-     * A descriptor for the type of dependencies processed or added by this analyzer
+	 * A descriptor for the type of dependencies processed or added by this analyzer
-     */
+	 */
-    public static final String DEPENDENCY_ECOSYSTEM = "Python.Dist";
+	public static final String DEPENDENCY_ECOSYSTEM = "Python.Dist";
     
     /**
      * Name of egg metadata files to analyze.
@@ -189,7 +189,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
     	
-    	    dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
+		dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
         final File actualFile = dependency.getActualFile();
         if (WHL_FILTER.accept(actualFile)) {
             collectMetadataFromArchiveFormat(dependency, DIST_INFO_FILTER,
@@ -304,11 +304,9 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
                 "Version", Confidence.HIGHEST);
         addPropertyToEvidence(headers, dependency.getProductEvidence(), "Name",
                 Confidence.HIGHEST);
-        
+		dependency.setName(headers.getHeader("Name", null));
-        dependency.setName(headers.getHeader("Name", null));
+		dependency.setVersion(headers.getHeader("Version", null));
-        dependency.setVersion(headers.getHeader("Version", null));
+		final String url = headers.getHeader("Home-page", null);
-        
-        final String url = headers.getHeader("Home-page", null);
         final EvidenceCollection vendorEvidence = dependency
                 .getVendorEvidence();
         if (StringUtils.isNotBlank(url)) {

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java

@@ -47,9 +47,9 @@ import org.owasp.dependencycheck.exception.InitializationException;
 public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
 
 	/**
-     * A descriptor for the type of dependencies processed or added by this analyzer
+	 * A descriptor for the type of dependencies processed or added by this analyzer
-     */
+	 */
-    public static final String DEPENDENCY_ECOSYSTEM = "Python.Pkg";
+	public static final String DEPENDENCY_ECOSYSTEM = "Python.Pkg";
 
     /**
      * Used when compiling file scanning regex patterns.
@@ -178,7 +178,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
     @Override
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
-        dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
+		dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
     	    final File file = dependency.getActualFile();
         final File parent = file.getParentFile();
         final String parentName = parent.getName();
@@ -186,7 +186,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
             //by definition, the containing folder of __init__.py is considered the package, even the file is empty:
             //"The __init__.py files are required to make Python treat the directories as containing packages"
             //see section "6.4 Packages" from https://docs.python.org/2/tutorial/modules.html;
-            dependency.setName(parentName);
+			dependency.setName(parentName);
             dependency.getProductEvidence().addEvidence(file.getName(),
                     "PackageName", parentName, Confidence.HIGHEST);
 
@@ -329,17 +329,16 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
      * @param confidence in evidence
      * @return whether evidence was found
      */
-    private boolean gatherVersionEvidence(Pattern pattern, String contents,
+	private boolean gatherVersionEvidence(Pattern pattern, String contents, String source, EvidenceCollection evidence,
-            String source, EvidenceCollection evidence, String name,
+			String name, Confidence confidence, Dependency d) {
-            Confidence confidence,Dependency d) {
+		final Matcher matcher = pattern.matcher(contents);
-        final Matcher matcher = pattern.matcher(contents);
+		final boolean found = matcher.find();
-        final boolean found = matcher.find();
+		if (found) {
-        if (found) {
+			evidence.addEvidence(source, name, matcher.group(4), confidence);
-            evidence.addEvidence(source, name, matcher.group(4), confidence);
+			d.setVersion(matcher.group(4));
-            d.setVersion(matcher.group(4));
+		}
-        }
+		return found;
-        return found;
+	}
-    }
 
     @Override
     protected String getAnalyzerEnabledSettingKey() {

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java

@@ -49,9 +49,9 @@ import org.slf4j.LoggerFactory;
 public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
 
 	/**
-     * A descriptor for the type of dependencies processed or added by this analyzer
+	 * A descriptor for the type of dependencies processed or added by this analyzer
-     */
+	 */
-    public static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
+	public static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
   
 	/**
      * The logger.
@@ -137,7 +137,7 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
     @Override
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
-    	    dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
+		dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
         String contents;
         try {
             contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());
@@ -153,10 +153,10 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
             final EvidenceCollection vendor = dependency.getVendorEvidence();
             final EvidenceCollection product = dependency.getProductEvidence();
             final String name = addStringEvidence(product, contents, blockVariable, "name", "name", Confidence.HIGHEST);
-            if (!name.isEmpty()) {
+			if (!name.isEmpty()) {
-            		dependency.setName(name);
+				dependency.setName(name);
-                vendor.addEvidence(GEMSPEC, "name_project", name + "_project", Confidence.LOW);
+				vendor.addEvidence(GEMSPEC, "name_project", name + "_project", Confidence.LOW);
-            }
+			}
             addStringEvidence(product, contents, blockVariable, "summary", "summary", Confidence.LOW);
 
             addStringEvidence(vendor, contents, blockVariable, "author", "authors?", Confidence.HIGHEST);
@@ -164,17 +164,15 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
             addStringEvidence(vendor, contents, blockVariable, "homepage", "homepage", Confidence.HIGHEST);
             addStringEvidence(vendor, contents, blockVariable, "license", "licen[cs]es?", Confidence.HIGHEST);
 
-            final String value = addStringEvidence(dependency.getVersionEvidence(), contents,
+			final String value = addStringEvidence(dependency.getVersionEvidence(), contents, blockVariable, "version",
-                    blockVariable, "version", "version", Confidence.HIGHEST);            
+					"version", Confidence.HIGHEST);          
             if (value.length() < 1) {
                 addEvidenceFromVersionFile(dependency.getActualFile(), dependency.getVersionEvidence());
             }
-            else
+			else {
-            {
+				dependency.setVersion(value);
-            		dependency.setVersion(value);
+			}
-            }
         }
-
         setPackagePath(dependency);
     }
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java

@@ -43,10 +43,10 @@ import org.owasp.dependencycheck.utils.Settings;
 @Experimental
 public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
 
-    /**
+	/**
-     * A descriptor for the type of dependencies processed or added by this analyzer
+	 * A descriptor for the type of dependencies processed or added by this analyzer
-     */
+	 */
-    public static final String DEPENDENCY_ECOSYSTEM = "Swift.PM";
+	public static final String DEPENDENCY_ECOSYSTEM = "Swift.PM";
 
     /**
      * The name of the analyzer.
@@ -124,7 +124,7 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
 
-    	    dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);   
+		dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
   	
         String contents;
         try {
@@ -143,18 +143,19 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
             final EvidenceCollection product = dependency.getProductEvidence();
             final EvidenceCollection vendor = dependency.getVendorEvidence();
 
-            //SPM is currently under development for SWIFT 3. Its current metadata includes package name and dependencies.
+			// SPM is currently under development for SWIFT 3. Its current metadata includes
-            //Future interesting metadata: version, license, homepage, author, summary, etc.
+			// package name and dependencies.
-            final String name = addStringEvidence(product, packageDescription, "name", "name", Confidence.HIGHEST);
+			// Future interesting metadata: version, license, homepage, author, summary,
-            if (name != null && !name.isEmpty()) {
+			// etc.
-                vendor.addEvidence(SPM_FILE_NAME, "name_project", name, Confidence.HIGHEST);
+			final String name = addStringEvidence(product, packageDescription, "name", "name", Confidence.HIGHEST);
-                dependency.setName(name);
+			if (name != null && !name.isEmpty()) {
-            }
+				vendor.addEvidence(SPM_FILE_NAME, "name_project", name, Confidence.HIGHEST);
-            else
+				dependency.setName(name);
-            {
+			} else {
-            	    //if we can't get the name from the meta, then assume the name is the name of the parent folder containing the package.swift file.
+				// if we can't get the name from the meta, then assume the name is the name of
-            		dependency.setName(dependency.getActualFile().getParentFile().getName());
+				// the parent folder containing the package.swift file.
-            }
+				dependency.setName(dependency.getActualFile().getParentFile().getName());
+			}
         }
         setPackagePath(dependency);
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java

@@ -304,22 +304,18 @@ public class Dependency implements Serializable, Comparable<Dependency> {
      *
      * @return the file name to display
      */
-    public String getDisplayFileName() {
+	public String getDisplayFileName() {
-        if (displayName == null) {
+		if (displayName != null) {
-        	   if(name != null) {
+			return displayName;
-        		   if (version != null) {
+		}
-        			   return name + ":" + version;
+		if (name == null) {
-        		   }
+			return fileName;
-        		   else {
+		}
-        			   return name;
+		if (version == null) {
-        		   }
+			return name;
-        	   }	   
+		}
-        	   else { 
+		return name + ":" + version;
-        		   return this.fileName;
+	}
-        	   }	   
-        }
-        return this.displayName;
-    }
 
     /**
      * <p>
@@ -880,7 +876,8 @@ public class Dependency implements Serializable, Comparable<Dependency> {
 	}
 
 	/**
-	 * @param version the version to set
+	 * @param version
+	 *            the version to set
 	 */
 	public void setVersion(String version) {
 		this.version = version;
@@ -894,7 +891,8 @@ public class Dependency implements Serializable, Comparable<Dependency> {
 	}
 
 	/**
-	 * @param ecosystem the ecosystem to set
+	 * @param ecosystem
+	 *            the ecosystem to set
 	 */
 	public void setEcosystem(String ecosystem) {
 		this.ecosystem = ecosystem;

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java

@@ -140,16 +140,14 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
         
         //this one finds nothing so it falls through to the filename. Can we do better?
         assertEquals("OpenCVDetectPython.cmake",result.getDisplayFileName());       
-        
-        
     }
     
-    private void assertProductEvidence(Dependency result, String product) {
+	private void assertProductEvidence(Dependency result, String product) {
-    		assertEquals(product,result.getName());
+		assertEquals(product, result.getName());
-    	    assertTrue("Expected product evidence to contain \"" + product + "\".",
+		assertTrue("Expected product evidence to contain \"" + product + "\".",
-                result.getProductEvidence().toString().contains(product));
+				result.getProductEvidence().toString().contains(product));
-        assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
+		assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem());
-    }
+	}
 
     /**
      * Test whether expected version evidence is gathered from OpenCV's third party cmake files.
@@ -171,7 +169,6 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
         final Dependency last = dependencies.get(3);
         assertProductEvidence(last, "libavresample");
         assertVersionEvidence(last, "1.0.1");      
-        
     }
 
     private void assertVersionEvidence(Dependency result, String version) {

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java

@@ -101,7 +101,7 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {
 
         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
                 "composer.lock"));
-        ///test that we don't remove the parent if it's not redundant by name
+        //test that we don't remove the parent if it's not redundant by name
         result.setDisplayFileName("NotComposer.Lock");
         engine.getDependencies().add(result);
         analyzer.analyze(result, engine);