diff --git a/pom.xml b/pom.xml index e3cabcda7..c99c9925d 100644 --- a/pom.xml +++ b/pom.xml @@ -37,13 +37,22 @@ along with DependencyCheck. If not, see . Jeremy Long jeremy.long@owasp.org - owasp + OWASP https://www.owasp.org/index.php/OWASP_Dependency_Check architect developer + + Steve Springett + Steve.Springett@owasp.org + OWASP + https://www.owasp.org/index.php/OWASP_Dependency_Check + + contributor + + scm:git:git@github.com:jeremylong/DependencyCheck.git diff --git a/src/main/java/org/owasp/dependencycheck/Engine.java b/src/main/java/org/owasp/dependencycheck/Engine.java index bb330c13b..82b7824fb 100644 --- a/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/src/main/java/org/owasp/dependencycheck/Engine.java @@ -52,16 +52,16 @@ public class Engine { /** * The list of dependencies. */ - private List dependencies = new ArrayList(); + private final List dependencies = new ArrayList(); /** * A Map of analyzers grouped by Analysis phase. */ - private EnumMap> analyzers = + private final EnumMap> analyzers = new EnumMap>(AnalysisPhase.class); /** * A set of extensions supported by the analyzers. */ - private Set extensions = new HashSet(); + private final Set extensions = new HashSet(); /** * Creates a new Engine. @@ -161,11 +161,13 @@ public class Engine { */ protected void scanDirectory(File dir) { final File[] files = dir.listFiles(); - for (File f : files) { - if (f.isDirectory()) { - scanDirectory(f); - } else { - scanFile(f); + if (files != null) { + for (File f : files) { + if (f.isDirectory()) { + scanDirectory(f); + } else { + scanFile(f); + } } } } diff --git a/src/main/java/org/owasp/dependencycheck/data/cwe/CweHandler.java b/src/main/java/org/owasp/dependencycheck/data/cwe/CweHandler.java index 662e86b3e..ee52da57c 100644 --- a/src/main/java/org/owasp/dependencycheck/data/cwe/CweHandler.java +++ b/src/main/java/org/owasp/dependencycheck/data/cwe/CweHandler.java @@ -33,7 +33,7 @@ public class CweHandler extends DefaultHandler { /** * a HashMap containing the CWE data. */ - private HashMap cwe = new HashMap(); + private final HashMap cwe = new HashMap(); /** * Returns the HashMap of CWE entries (CWE-ID, Full CWE Name). diff --git a/src/main/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzer.java b/src/main/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzer.java index bff1db9d5..8647585bf 100644 --- a/src/main/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzer.java @@ -41,7 +41,7 @@ public class FieldAnalyzer extends Analyzer { /** * The Lucene Version used. */ - private Version version; + private final Version version; /** * Creates a new FieldAnalyzer. diff --git a/src/main/java/org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.java b/src/main/java/org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.java index 46985c2be..faac5370b 100644 --- a/src/main/java/org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.java @@ -39,7 +39,7 @@ public class SearchFieldAnalyzer extends Analyzer { /** * The Lucene Version used. */ - private Version version; + private final Version version; /** * A local reference to the TokenPairConcatenatingFilter so that we * can clear any left over state if this analyzer is re-used. diff --git a/src/main/java/org/owasp/dependencycheck/data/lucene/SearchVersionAnalyzer.java b/src/main/java/org/owasp/dependencycheck/data/lucene/SearchVersionAnalyzer.java index 3ae7131c4..473c06514 100644 --- a/src/main/java/org/owasp/dependencycheck/data/lucene/SearchVersionAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/data/lucene/SearchVersionAnalyzer.java @@ -42,7 +42,7 @@ public class SearchVersionAnalyzer extends Analyzer { /** * The Lucene Version used. */ - private Version version; + private final Version version; /** * Creates a new SearchVersionAnalyzer. diff --git a/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java b/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java index dbaf6d675..363559935 100644 --- a/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java +++ b/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java @@ -50,7 +50,7 @@ public final class TokenPairConcatenatingFilter extends TokenFilter { /** * A list of words parsed. */ - private LinkedList words; + private final LinkedList words; /** * Constructs a new TokenPairConcatenatingFilter. diff --git a/src/main/java/org/owasp/dependencycheck/data/lucene/VersionAnalyzer.java b/src/main/java/org/owasp/dependencycheck/data/lucene/VersionAnalyzer.java index de30a0798..821548716 100644 --- a/src/main/java/org/owasp/dependencycheck/data/lucene/VersionAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/data/lucene/VersionAnalyzer.java @@ -42,7 +42,7 @@ public class VersionAnalyzer extends Analyzer { /** * The Lucene Version used. */ - private Version version; + private final Version version; /** * Creates a new VersionAnalyzer. diff --git a/src/main/java/org/owasp/dependencycheck/data/lucene/VersionTokenizingFilter.java b/src/main/java/org/owasp/dependencycheck/data/lucene/VersionTokenizingFilter.java index 053f5899b..e1b34d3bd 100644 --- a/src/main/java/org/owasp/dependencycheck/data/lucene/VersionTokenizingFilter.java +++ b/src/main/java/org/owasp/dependencycheck/data/lucene/VersionTokenizingFilter.java @@ -41,7 +41,7 @@ public final class VersionTokenizingFilter extends TokenFilter { /** * A collection of tokens to add to the stream. */ - private LinkedList tokens; + private final LinkedList tokens; /** * Constructs a new VersionTokenizingFilter. diff --git a/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java b/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java index 199286a66..78f5d86ba 100644 --- a/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java +++ b/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java @@ -166,8 +166,8 @@ public class DatabaseUpdater implements CachedWebDataSource { * @param file the file containing the NVD CVE XML * @param oldVersion contains the file containing the NVD CVE XML 1.2 * @throws ParserConfigurationException is thrown if there is a parser configuration exception - * @throws SAXException is thrown if there is a saxexception - * @throws IOException is thrown if there is a ioexception + * @throws SAXException is thrown if there is a SAXException + * @throws IOException is thrown if there is a IOException * @throws SQLException is thrown if there is a sql exception * @throws DatabaseException is thrown if there is a database exception */ diff --git a/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve12Handler.java b/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve12Handler.java index aa2bc79af..5c2e43ae8 100644 --- a/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve12Handler.java +++ b/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve12Handler.java @@ -69,7 +69,7 @@ public class NvdCve12Handler extends DefaultHandler { /** * The current element. */ - private Element current = new Element(); + private final Element current = new Element(); /** * a map of vulnerabilities. */ diff --git a/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve20Handler.java b/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve20Handler.java index 141c3a3d5..b3672cfe3 100644 --- a/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve20Handler.java +++ b/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve20Handler.java @@ -49,7 +49,7 @@ public class NvdCve20Handler extends DefaultHandler { /** * the current element. */ - private Element current = new Element(); + private final Element current = new Element(); /** * the text of the node. */ diff --git a/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java index b5aac6f89..a2a5ed8bb 100644 --- a/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java +++ b/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java @@ -72,15 +72,15 @@ public class Dependency implements Comparable { /** * A collection of vendor evidence. */ - private EvidenceCollection vendorEvidence; + private final EvidenceCollection vendorEvidence; /** * A collection of product evidence. */ - private EvidenceCollection productEvidence; + private final EvidenceCollection productEvidence; /** * A collection of version evidence. */ - private EvidenceCollection versionEvidence; + private final EvidenceCollection versionEvidence; /** * Constructs a new Dependency object. @@ -379,8 +379,8 @@ public class Dependency implements Comparable { if (str == null) { return false; } - - if (vendorEvidence.containsUsedString(str)) { + return versionEvidence.containsUsedString(str) || productEvidence.containsUsedString(str) || vendorEvidence.containsUsedString(str); + /*if (vendorEvidence.containsUsedString(str)) { return true; } if (productEvidence.containsUsedString(str)) { @@ -390,6 +390,7 @@ public class Dependency implements Comparable { return true; } return false; + */ } /** * A list of vulnerabilities for this dependency. diff --git a/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java b/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java index 6c550c2d8..e9e13660e 100644 --- a/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java +++ b/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java @@ -94,11 +94,11 @@ public class EvidenceCollection implements Iterable { /** * A collection of evidence. */ - private Set list; + private final Set list; /** * A collection of strings used to adjust Lucene's term weighting. */ - private Set weightedStrings; + private final Set weightedStrings; /** * Creates a new EvidenceCollection. diff --git a/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java b/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java index a334d3e3f..d64655071 100644 --- a/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java +++ b/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java @@ -69,11 +69,11 @@ public class ReportGenerator { /** * The Velocity Engine. */ - private VelocityEngine engine; + private final VelocityEngine engine; /** * The Velocity Engine Context. */ - private Context context; + private final Context context; /** * Constructs a new ReportGenerator. diff --git a/src/main/java/org/owasp/dependencycheck/utils/CliParser.java b/src/main/java/org/owasp/dependencycheck/utils/CliParser.java index 689d0daa7..c351010dc 100644 --- a/src/main/java/org/owasp/dependencycheck/utils/CliParser.java +++ b/src/main/java/org/owasp/dependencycheck/utils/CliParser.java @@ -44,7 +44,7 @@ public final class CliParser { /** * The options for the command line parser. */ - private Options options = createCommandLineOptions(); + private final Options options = createCommandLineOptions(); /** * Indicates whether the arguments are valid. */ diff --git a/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java b/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java index 2bf314315..4a8197818 100644 --- a/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java +++ b/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java @@ -33,7 +33,7 @@ import org.apache.commons.lang.StringUtils; * versionParts[2] = 3; *

*

Note, the parser contained in this class expects the version numbers to be - * separated by periods. If a different seperator is used the parser will likely + * separated by periods. If a different separator is used the parser will likely * fail.

* @author Jeremy Long (jeremy.long@owasp.org) */ diff --git a/src/main/java/org/owasp/dependencycheck/utils/Filter.java b/src/main/java/org/owasp/dependencycheck/utils/Filter.java index d2f0b9d96..f4d932d3c 100644 --- a/src/main/java/org/owasp/dependencycheck/utils/Filter.java +++ b/src/main/java/org/owasp/dependencycheck/utils/Filter.java @@ -31,7 +31,7 @@ public abstract class Filter { private class FilterIterator implements Iterator { - private Iterator iterator; + private final Iterator iterator; private T next; private FilterIterator(Iterator iterator) { diff --git a/src/test/java/org/owasp/dependencycheck/data/cpe/IndexTest.java b/src/test/java/org/owasp/dependencycheck/data/cpe/IndexTest.java index 86b252232..df0177a86 100644 --- a/src/test/java/org/owasp/dependencycheck/data/cpe/IndexTest.java +++ b/src/test/java/org/owasp/dependencycheck/data/cpe/IndexTest.java @@ -28,6 +28,7 @@ import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import static org.junit.Assert.*; /** @@ -61,7 +62,8 @@ public class IndexTest { try { instance.open(); } catch (IOException ex) { - Assert.fail(ex.getMessage()); + assertNull(ex.getMessage(), ex); + //Assert.fail(ex.getMessage()); } instance.close(); } @@ -76,6 +78,6 @@ public class IndexTest { Directory result = index.getDirectory(); String exp = File.separatorChar + "target" + File.separatorChar + "data" + File.separatorChar + "cpe"; - Assert.assertTrue(result.toString().contains(exp)); + assertTrue(result.toString().contains(exp)); } } diff --git a/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java b/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java index 140608e01..5a90c22f7 100644 --- a/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java +++ b/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java @@ -72,9 +72,9 @@ public class DependencyVersionUtilTest { String[] failingNames = { "no-version-identified.jar", "somelib-04aug2000r7-dev.jar", "no.version15.jar", "lib_1.0_spec-1.1.jar", "lib-api_1.0_spec-1.0.1.jar" }; - for (int i = 0; i < failingNames.length; i++) { - final DependencyVersion version = DependencyVersionUtil.parseVersionFromFileName(failingNames[i]); - assertNull("Found version in name that should have failed \"" + failingNames[i] + "\".", version); + for (String failingName : failingNames) { + final DependencyVersion version = DependencyVersionUtil.parseVersionFromFileName(failingName); + assertNull("Found version in name that should have failed \"" + failingName + "\".", version); } } }