Isolated sources of deprecation warnings, and added warning suppression annotations. Also added a minor Enumeration -> Enumeration<JarEntry> "fix"

Former-commit-id: ccfe52d9ed50977ce73b928b09232d8635d7fcf2
2026-01-15 16:23:37 +01:00 · 2015-06-17 15:51:06 -04:00
parent 1b4cb1379a
commit 5b1f632035
2 changed files with 24 additions and 4 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -122,6 +122,13 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
            "ipojo-components",
            "ipojo-extension",
            "eclipse-sourcereferences");
+    /**
+     * Deprecated Jar manifest attribute, that is, nonetheless, useful for
+     * analysis.
+     */
+    @SuppressWarnings("deprecation")
+    private static final String IMPLEMENTATION_VENDOR_ID = Attributes.Name.IMPLEMENTATION_VENDOR_ID
+            .toString();
    /**
     * item in some manifest, should be considered medium confidence.
     */
@@ -677,7 +684,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                    foundSomething = true;
                    vendorEvidence.addEvidence(source, key, value, Confidence.HIGH);
                    addMatchingValues(classInformation, value, vendorEvidence);
-                } else if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) {
+                } else if (key.equalsIgnoreCase(IMPLEMENTATION_VENDOR_ID)) {
                    foundSomething = true;
                    vendorEvidence.addEvidence(source, key, value, Confidence.MEDIUM);
                    addMatchingValues(classInformation, value, vendorEvidence);
@@ -926,9 +933,9 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
        JarFile jar = null;
        try {
            jar = new JarFile(dependency.getActualFilePath());
-            final Enumeration entries = jar.entries();
+            final Enumeration<JarEntry> entries = jar.entries();
            while (entries.hasMoreElements()) {
-                final JarEntry entry = (JarEntry) entries.nextElement();
+                final JarEntry entry = entries.nextElement();
                final String name = entry.getName().toLowerCase();
                //no longer stripping "|com\\.sun" - there are some com.sun jar files with CVEs.
                if (name.endsWith(".class") && !name.matches("^javax?\\..*$")) {
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
@@ -357,9 +357,22 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
            try {
                result = URLDecoder.decode(text, "ASCII");
            } catch (UnsupportedEncodingException ex1) {
-                result = URLDecoder.decode(text);
+                result = defaultUrlDecode(text);
            }
        }
        return result;
    }
+
+    /**
+     * Call {@link java.net.URLDecoder#decode(String)} to URL decode using the
+     * default encoding.
+     *
+     * @param text
+     *            www-form-encoded URL to decode
+     * @return the newly decoded String
+     */
+    @SuppressWarnings("deprecation")
+    private String defaultUrlDecode(final String text) {
+        return URLDecoder.decode(text);
+    }
 }