cleanup from reviews. Mostly formatting

2026-04-20 15:31:44 +02:00 · 2017-09-25 10:18:56 -04:00
parent e0af41e439
commit 4fc8dd59d2
11 changed files with 142 additions and 153 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java
@@ -118,9 +118,7 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
                final String filePath = String.format("%s:%s/%s/%s", dependency.getFilePath(), dep.getGroup(), dep.getProject(), dep.getVersion());        			
                d.setName(dep.getProject());
                d.setVersion(dep.getVersion());              
-                
 				d.setEcosystem(DEPENDENCY_ECOSYSTEM);
-                
                final MessageDigest sha1 = getSha1MessageDigest();
                d.setFilePath(filePath);
                d.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes(Charset.defaultCharset()))));
@@ -133,12 +131,11 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
                //make sure we only remove the main dependency if we went through this loop at least once.
                	processedAtLeastOneDep = true;
                }
-            //remove the dependency at the end because it's referenced in the loop itself.
-            //double check the name to be sure we only remove the generic entry.
+			// remove the dependency at the end because it's referenced in the loop itself.
+			// double check the name to be sure we only remove the generic entry.
 			if (processedAtLeastOneDep && dependency.getDisplayFileName().equalsIgnoreCase("composer.lock")) {
-            		LOGGER.debug("Removing main redundant dependency {}",dependency.getDisplayFileName());
+				LOGGER.debug("Removing main redundant dependency {}", dependency.getDisplayFileName());
 				engine.getDependencies().remove(dependency);
-
 			}
        } catch (IOException ex) {
            LOGGER.warn("Error opening dependency {}", dependency.getActualFilePath());
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
@@ -129,7 +129,7 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
 	protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
 		dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
 		final File file = dependency.getActualFile();
-        if (!file.isFile() || file.length()==0) {
+		if (!file.isFile() || file.length() == 0) {
 			return;
 		}
 		try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
@@ -142,7 +142,8 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
 					final String valueString = ((JsonString) value).getString();
 					productEvidence.addEvidence(PACKAGE_JSON, "name", valueString, Confidence.HIGHEST);
 					dependency.setName(valueString);
-                    vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString), Confidence.LOW);
+					vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString),
+							Confidence.LOW);
 				} else {
 					LOGGER.warn("JSON value not string as expected: {}", value);
 				}
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
@@ -304,10 +304,8 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
                "Version", Confidence.HIGHEST);
        addPropertyToEvidence(headers, dependency.getProductEvidence(), "Name",
                Confidence.HIGHEST);
-        
 		dependency.setName(headers.getHeader("Name", null));
 		dependency.setVersion(headers.getHeader("Version", null));
-        
 		final String url = headers.getHeader("Home-page", null);
        final EvidenceCollection vendorEvidence = dependency
                .getVendorEvidence();
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
@@ -329,9 +329,8 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
     * @param confidence in evidence
     * @return whether evidence was found
     */
-    private boolean gatherVersionEvidence(Pattern pattern, String contents,
-            String source, EvidenceCollection evidence, String name,
-            Confidence confidence,Dependency d) {
+	private boolean gatherVersionEvidence(Pattern pattern, String contents, String source, EvidenceCollection evidence,
+			String name, Confidence confidence, Dependency d) {
 		final Matcher matcher = pattern.matcher(contents);
 		final boolean found = matcher.find();
 		if (found) {
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java
@@ -164,17 +164,15 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
            addStringEvidence(vendor, contents, blockVariable, "homepage", "homepage", Confidence.HIGHEST);
            addStringEvidence(vendor, contents, blockVariable, "license", "licen[cs]es?", Confidence.HIGHEST);

-            final String value = addStringEvidence(dependency.getVersionEvidence(), contents,
-                    blockVariable, "version", "version", Confidence.HIGHEST);            
+			final String value = addStringEvidence(dependency.getVersionEvidence(), contents, blockVariable, "version",
+					"version", Confidence.HIGHEST);          
            if (value.length() < 1) {
                addEvidenceFromVersionFile(dependency.getActualFile(), dependency.getVersionEvidence());
            }
-            else
-            {
+			else {
 				dependency.setVersion(value);
 			}
        }
-
        setPackagePath(dependency);
    }

--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java
@@ -143,16 +143,17 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
            final EvidenceCollection product = dependency.getProductEvidence();
            final EvidenceCollection vendor = dependency.getVendorEvidence();

-            //SPM is currently under development for SWIFT 3. Its current metadata includes package name and dependencies.
-            //Future interesting metadata: version, license, homepage, author, summary, etc.
+			// SPM is currently under development for SWIFT 3. Its current metadata includes
+			// package name and dependencies.
+			// Future interesting metadata: version, license, homepage, author, summary,
+			// etc.
 			final String name = addStringEvidence(product, packageDescription, "name", "name", Confidence.HIGHEST);
 			if (name != null && !name.isEmpty()) {
 				vendor.addEvidence(SPM_FILE_NAME, "name_project", name, Confidence.HIGHEST);
 				dependency.setName(name);
-            }
-            else
-            {
-            	    //if we can't get the name from the meta, then assume the name is the name of the parent folder containing the package.swift file.
+			} else {
+				// if we can't get the name from the meta, then assume the name is the name of
+				// the parent folder containing the package.swift file.
 				dependency.setName(dependency.getActualFile().getParentFile().getName());
 			}
        }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
@@ -305,20 +305,16 @@ public class Dependency implements Serializable, Comparable<Dependency> {
     * @return the file name to display
     */
 	public String getDisplayFileName() {
-        if (displayName == null) {
-        	   if(name != null) {
-        		   if (version != null) {
-        			   return name + ":" + version;
+		if (displayName != null) {
+			return displayName;
 		}
-        		   else {
+		if (name == null) {
+			return fileName;
+		}
+		if (version == null) {
 			return name;
 		}
-        	   }	   
-        	   else { 
-        		   return this.fileName;
-        	   }	   
-        }
-        return this.displayName;
+		return name + ":" + version;
 	}

    /**
@@ -880,7 +876,8 @@ public class Dependency implements Serializable, Comparable<Dependency> {
 	}

 	/**
-	 * @param version the version to set
+	 * @param version
+	 *            the version to set
 	 */
 	public void setVersion(String version) {
 		this.version = version;
@@ -894,7 +891,8 @@ public class Dependency implements Serializable, Comparable<Dependency> {
 	}

 	/**
-	 * @param ecosystem the ecosystem to set
+	 * @param ecosystem
+	 *            the ecosystem to set
 	 */
 	public void setEcosystem(String ecosystem) {
 		this.ecosystem = ecosystem;
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java
@@ -140,15 +140,13 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
        
        //this one finds nothing so it falls through to the filename. Can we do better?
        assertEquals("OpenCVDetectPython.cmake",result.getDisplayFileName());       
-        
-        
    }
    
 	private void assertProductEvidence(Dependency result, String product) {
-    		assertEquals(product,result.getName());
+		assertEquals(product, result.getName());
 		assertTrue("Expected product evidence to contain \"" + product + "\".",
 				result.getProductEvidence().toString().contains(product));
-        assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem());
+		assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem());
 	}

    /**
@@ -171,7 +169,6 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
        final Dependency last = dependencies.get(3);
        assertProductEvidence(last, "libavresample");
        assertVersionEvidence(last, "1.0.1");      
-        
    }

    private void assertVersionEvidence(Dependency result, String version) {
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java
@@ -101,7 +101,7 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {

        final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
                "composer.lock"));
-        ///test that we don't remove the parent if it's not redundant by name
+        //test that we don't remove the parent if it's not redundant by name
        result.setDisplayFileName("NotComposer.Lock");
        engine.getDependencies().add(result);
        analyzer.analyze(result, engine);