checkstyle corrections

Former-commit-id: c49596f06b497f80dbe6b5b9656a5221312c7e3f

dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java

@@ -17,6 +17,11 @@
  */
 package org.owasp.dependencycheck.agent;
 
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
@@ -28,18 +33,11 @@ import org.owasp.dependencycheck.exception.ScanAgentException;
 import org.owasp.dependencycheck.reporting.ReportGenerator;
 import org.owasp.dependencycheck.utils.Settings;
 
-import java.io.File;
-import java.io.IOException;
-import java.util.List;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
 /**
- * This class provides a way to easily conduct a scan solely based on existing evidence metadata
+ * This class provides a way to easily conduct a scan solely based on existing evidence metadata rather than collecting
- * rather than collecting evidence from the files themselves. This class is based on the Ant task
+ * evidence from the files themselves. This class is based on the Ant task and Maven plugin with the exception that it
- * and Maven plugin with the exception that it takes a list of dependencies that can be
+ * takes a list of dependencies that can be programmatically added from data in a spreadsheet, database or some other
- * programmatically added from data in a spreadsheet, database or some other datasource and conduct
+ * datasource and conduct a scan based on this pre-defined evidence.
- * a scan based on this pre-defined evidence.
  *
  * <h2>Example:</h2>
  * <pre>
@@ -62,7 +60,6 @@ import java.util.logging.Logger;
 @SuppressWarnings("unused")
 public class DependencyCheckScanAgent {
 
-
     /**
      * System specific new line character.
      */
@@ -97,14 +94,16 @@ public class DependencyCheckScanAgent {
     private List<Dependency> dependencies;
 
     /**
-     * Returns a list of pre-determined dependencies
+     * Returns a list of pre-determined dependencies.
+     *
+     * @return returns a list of dependencies
      */
     public List<Dependency> getDependencies() {
         return dependencies;
     }
 
     /**
-     * Sets the list of dependencies to scan
+     * Sets the list of dependencies to scan.
      *
      * @param dependencies new value of dependencies
      */
@@ -742,7 +741,8 @@ public class DependencyCheckScanAgent {
      * Executes the Dependency-Check on the dependent libraries.
      *
      * @return the Engine used to scan the dependencies.
-     * @throws org.owasp.dependencycheck.data.nvdcve.DatabaseException thrown if there is an exception connecting to the database
+     * @throws org.owasp.dependencycheck.data.nvdcve.DatabaseException thrown if there is an exception connecting to the
+     * database
      */
     private Engine executeDependencyCheck() throws DatabaseException {
         populateSettings();
@@ -871,6 +871,9 @@ public class DependencyCheckScanAgent {
 
     /**
      * Executes the dependency-check and generates the report.
+     *
+     * @throws org.owasp.dependencycheck.exception.ScanAgentException thrown if there is an exception executing the
+     * scan.
      */
     public void execute() throws ScanAgentException {
         Engine engine = null;
@@ -899,6 +902,8 @@ public class DependencyCheckScanAgent {
      * configuration.
      *
      * @param dependencies the list of dependency objects
+     * @throws org.owasp.dependencycheck.exception.ScanAgentException thrown if there is an exception executing the
+     * scan.
      */
     private void checkForFailure(List<Dependency> dependencies) throws ScanAgentException {
         final StringBuilder ids = new StringBuilder();

dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/package-info.java

@@ -0,0 +1,13 @@
+/**
+ * <html>
+ * <head>
+ * <title>org.owasp.dependencycheck.agent</title>
+ * </head>
+ * <body>
+ * The agent package holds an agent API that can be used by other applications that have information about dependencies;
+ * but would rather implement something in their code directly rather then spawn a process to run the entire
+ * dependency-check engine. This basically provides programmatic access to running a scan.
+ * </body>
+ * </html>
+ */
+package org.owasp.dependencycheck.agent;

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java

@@ -220,8 +220,8 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
             final Process p = pb.start();
             // Try evacuating the error stream
             final BufferedReader rdr = new BufferedReader(new InputStreamReader(p.getErrorStream()));
-            String line = null;
+            String line;
-            while ((line = rdr.readLine()) != null) {
+            while (rdr.ready() && (line = rdr.readLine()) != null) {
                 // We expect this to complain
             }
             final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream());