checkstyle corrections

2026-01-15 08:13:43 +01:00 · 2017-11-20 06:55:36 -05:00
parent e4b7f7aa8f
commit 5ebc2dc244
3 changed files with 9 additions and 5 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
@@ -464,6 +464,7 @@ public class DependencyBundlingAnalyzer extends AbstractDependencyComparingAnaly
    /**
     * Determine if the dependency ecosystem is equal in the given dependencies.
     *
+     * @param ecoSystem the ecosystem to validate against
     * @param dependency a dependency to compare
     * @param nextDependency a dependency to compare
     * @return true if the ecosystem is equal in both dependencies; otherwise
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
@@ -102,10 +102,10 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
    protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException {
        if (engine.getMode() != Mode.EVIDENCE_COLLECTION) {
            try {
-                Settings settings = engine.getSettings();
+                final Settings settings = engine.getSettings();
                final String[] tmp = settings.getArray(Settings.KEYS.ECOSYSTEM_SKIP_NVDCVE);
                if (tmp != null) {
-                    List<String> skipEcosystems = Arrays.asList(tmp);
+                    final List<String> skipEcosystems = Arrays.asList(tmp);
                    if (skipEcosystems.contains(DEPENDENCY_ECOSYSTEM)
                            && !settings.getBoolean(Settings.KEYS.ANALYZER_NSP_PACKAGE_ENABLED)) {
                        LOGGER.debug("NodePackageAnalyzer enabled without a corresponding vulnerability analyzer");
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java
@@ -20,7 +20,6 @@ package org.owasp.dependencycheck.analyzer;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
-import java.util.Set;
 import javax.annotation.concurrent.ThreadSafe;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
@@ -46,7 +45,11 @@ public class NvdCveAnalyzer extends AbstractAnalyzer {
     * The Logger for use throughout the class
     */
    private static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(NvdCveAnalyzer.class);
-    
+    /**
+     * The list of ecosystems to skip during analysis. These are skipped because
+     * there is generally a more accurate vulnerability analyzer in the
+     * pipeline.
+     */
    private List<String> skipEcosystems;

    /**
@@ -80,7 +83,7 @@ public class NvdCveAnalyzer extends AbstractAnalyzer {
        if (skipEcosystems.contains(dependency.getEcosystem())) {
            return;
        }
-        
+
        final CveDB cveDB = engine.getDatabase();
        for (Identifier id : dependency.getIdentifiers()) {
            if ("cpe".equals(id.getType())) {