diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java index 97f53611b..ccf1bd030 100644 --- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java @@ -69,9 +69,8 @@ public class Check extends Update { * Whether the CMake analyzer should be enabled. */ private Boolean cmakeAnalyzerEnabled; - /** - * Whether or not the openssl analyzer is enabled. + * Whether or not the Open SSL analyzer is enabled. */ private Boolean opensslAnalyzerEnabled; /** @@ -90,7 +89,6 @@ public class Check extends Update { * Whether or not the nexus analyzer is enabled. */ private Boolean nexusAnalyzerEnabled; - /** * The URL of a Nexus server's REST API end point * (http://domain/nexus/service/local). @@ -109,7 +107,7 @@ public class Check extends Update { * The path to Mono for .NET assembly analysis on non-windows systems. */ private String pathToMono; - + /** * The application name for the report. * @@ -121,7 +119,6 @@ public class Check extends Update { * The name of the project being analyzed. */ private String projectName = "dependency-check"; - /** * Specifies the destination directory for the generated Dependency-Check * report. @@ -189,7 +186,8 @@ public class Check extends Update { /** * Whether or not the .NET Assembly Analyzer is enabled. */ - private Boolean assemblyAnalyzerEnabled; /** + private Boolean assemblyAnalyzerEnabled; + /** * Whether the autoconf analyzer should be enabled. */ private Boolean autoconfAnalyzerEnabled; @@ -213,9 +211,9 @@ public class Check extends Update { */ private Resources path = null; /** - * Reference to path/fileset to convert + * Reference to path/file set to convert */ - private Reference refid = null; + private Reference refId = null; /** * Add an arbitrary ResourceCollection. @@ -225,7 +223,7 @@ public class Check extends Update { */ public void add(ResourceCollection rc) { if (isReference()) { - throw new BuildException("Nested elements are not allowed when using the refid attribute."); + throw new BuildException("Nested elements are not allowed when using the refId attribute."); } getPath().add(rc); } @@ -245,12 +243,12 @@ public class Check extends Update { } /** - * Learn whether the refid attribute of this element been set. + * Learn whether the refId attribute of this element been set. * - * @return true if refid is valid. + * @return true if refId is valid. */ public boolean isReference() { - return refid != null; + return refId != null; } /** @@ -259,11 +257,11 @@ public class Check extends Update { * * @param r the reference to a path, fileset, dirset or filelist. */ - public void setRefid(Reference r) { + public void setRefId(Reference r) { if (path != null) { - throw new BuildException("Nested elements are not allowed when using the refid attribute."); + throw new BuildException("Nested elements are not allowed when using the refId attribute."); } - refid = r; + refId = r; } /** @@ -274,9 +272,9 @@ public class Check extends Update { */ private void dealWithReferences() throws BuildException { if (isReference()) { - final Object o = refid.getReferencedObject(getProject()); + final Object o = refId.getReferencedObject(getProject()); if (!(o instanceof ResourceCollection)) { - throw new BuildException("refid '" + refid.getRefId() + throw new BuildException("refId '" + refId.getRefId() + "' does not refer to a resource collection."); } getPath().add((ResourceCollection) o); @@ -284,7 +282,6 @@ public class Check extends Update { } // END COPY from org.apache.tools.ant.taskdefs - /** * Construct a new DependencyCheckTask. */ @@ -317,6 +314,7 @@ public class Check extends Update { public void setApplicationName(String applicationName) { this.applicationName = applicationName; } + /** * Get the value of projectName. * @@ -470,6 +468,7 @@ public class Check extends Update { public void setHintsFile(String hintsFile) { this.hintsFile = hintsFile; } + /** * Get the value of showSummary. * @@ -670,9 +669,9 @@ public class Check extends Update { } /** - * Returns if the cocoapods analyyzer is enabled. + * Returns if the cocoapods analyzer is enabled. * - * @return if the cocoapods analyyzer is enabled + * @return if the cocoapods analyzer is enabled */ public boolean isCocoapodsAnalyzerEnabled() { return cocoapodsAnalyzerEnabled; @@ -950,7 +949,7 @@ public class Check extends Update { //TODO shouldn't this be a fatal exception log("Unable to retrieve DB Properties", ex, Project.MSG_DEBUG); } - + final ReportGenerator reporter = new ReportGenerator(getProjectName(), engine.getDependencies(), engine.getAnalyzers(), prop); reporter.generateReports(reportOutputDirectory, reportFormat); diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java index 9a488719d..5be1c2d92 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java @@ -249,7 +249,7 @@ public final class CliParser { final Option excludes = Option.builder().argName("pattern").hasArg().longOpt(ARGUMENT.EXCLUDE) .desc("Specify and exclusion pattern. This option can be specified multiple times" - + " and it accepts Ant style excludsions.") + + " and it accepts Ant style exclusions.") .build(); final Option props = Option.builder(ARGUMENT.PROP_SHORT).argName("file").hasArg().longOpt(ARGUMENT.PROP) @@ -286,7 +286,7 @@ public final class CliParser { .build(); final Option experimentalEnabled = Option.builder().longOpt(ARGUMENT.EXPERIMENTAL) - .desc("Enables the experimental analzers.") + .desc("Enables the experimental analyzers.") .build(); final Option failOnCVSS = Option.builder().argName("score").hasArg().longOpt(ARGUMENT.FAIL_ON_CVSS) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java index 5b786b0fc..7c2c18d2f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java @@ -63,7 +63,7 @@ public class AnalyzerService { try { experimentalEnabled = Settings.getBoolean(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, false); } catch (InvalidSettingException ex) { - LOGGER.error("invalide experimental setting", ex); + LOGGER.error("invalid experimental setting", ex); } while (iterator.hasNext()) { final Analyzer a = iterator.next(); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index 6078b6a25..d964f5cc3 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -98,7 +98,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { /** * The set of things we can handle with Zip methods */ - private static final Set ZIPPABLES = newHashSet("zip", "ear", "war", "jar", "sar", "apk", "nupkg"); + private static final Set KNOWN_ZIP_EXT = newHashSet("zip", "ear", "war", "jar", "sar", "apk", "nupkg"); /** * The set of file extensions supported by this analyzer. Note for * developers, any additions to this list will need to be explicitly handled @@ -110,9 +110,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS); if (additionalZipExt != null) { final String[] ext = additionalZipExt.split("\\s*,\\s*"); - Collections.addAll(ZIPPABLES, ext); + Collections.addAll(KNOWN_ZIP_EXT, ext); } - EXTENSIONS.addAll(ZIPPABLES); + EXTENSIONS.addAll(KNOWN_ZIP_EXT); } /** @@ -303,11 +303,11 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { */ private void addDisguisedJarsToDependencies(Dependency dependency, Engine engine) throws AnalysisException { if (ZIP_FILTER.accept(dependency.getActualFile()) && isZipFileActuallyJarFile(dependency)) { - final File tdir = getNextTempDirectory(); + final File tempDir = getNextTempDirectory(); final String fileName = dependency.getFileName(); LOGGER.info("The zip file '{}' appears to be a JAR file, making a copy and analyzing it as a JAR.", fileName); - final File tmpLoc = new File(tdir, fileName.substring(0, fileName.length() - 3) + "jar"); + final File tmpLoc = new File(tempDir, fileName.substring(0, fileName.length() - 3) + "jar"); //store the archives sha1 and change it so that the engine doesn't think the zip and jar file are the same // and add it is a related dependency. final String archiveSha1 = dependency.getSha1sum(); @@ -399,7 +399,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { GzipCompressorInputStream gin = null; BZip2CompressorInputStream bzin = null; try { - if (ZIPPABLES.contains(archiveExt)) { + if (KNOWN_ZIP_EXT.contains(archiveExt)) { in = new BufferedInputStream(fis); ensureReadableJar(archiveExt, in); zin = new ZipArchiveInputStream(in); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java index 824bb58b9..04149fc40 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java @@ -183,7 +183,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { LOGGER.error("Failed to read the Assembly Analyzer results. " + "On some systems mono-runtime and mono-devel need to be installed."); LOGGER.error("----------------------------------------------------"); - throw new AnalysisException("Couldn't parse Assembly Analzyzer results (GrokAssembly)", saxe); + throw new AnalysisException("Couldn't parse Assembly Analyzer results (GrokAssembly)", saxe); } // This shouldn't happen @@ -202,7 +202,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { tempFile = File.createTempFile("GKA", ".exe", Settings.getTempDirectory()); } catch (IOException ex) { setEnabled(false); - throw new InitializationException("Unable to create temporary file for the assembly analyzerr", ex); + throw new InitializationException("Unable to create temporary file for the assembly analyzer", ex); } FileOutputStream fos = null; InputStream is = null; @@ -248,7 +248,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { // // We need to create a non-fatal warning error type that will // get added to the report. - //TOOD this idea needs to get replicated to the bundle audit analyzer. + //TODO this idea needs to get replicated to the bundle audit analyzer. if (args == null) { setEnabled(false); LOGGER.error("----------------------------------------------------"); @@ -366,7 +366,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { return true; } } catch (IOException | InterruptedException ex) { - LOGGER.debug("Path seach failed for " + file, ex); + LOGGER.debug("Path search failed for " + file, ex); } return false; } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java index 5e4d82f87..455e6689c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java @@ -208,7 +208,7 @@ public class CPEAnalyzer extends AbstractAnalyzer { * @throws ParseException is thrown when the Lucene query cannot be parsed. */ protected void determineCPE(Dependency dependency) throws CorruptIndexException, IOException, ParseException { - //TODO test dojo-war against this. we shold get dojo-toolkit:dojo-toolkit AND dojo-toolkit:toolkit + //TODO test dojo-war against this. we should get dojo-toolkit:dojo-toolkit AND dojo-toolkit:toolkit String vendors = ""; String products = ""; for (Confidence confidence : Confidence.values()) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java index d0f92469c..c38070e30 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java @@ -103,14 +103,14 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { * false */ private boolean checkEnabled() { - boolean retval = false; + boolean retVal = false; try { if (Settings.getBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED)) { if (!Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED) || NexusAnalyzer.DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL))) { LOGGER.debug("Enabling the Central analyzer"); - retval = true; + retVal = true; } else { LOGGER.info("Nexus analyzer is enabled, disabling the Central Analyzer"); } @@ -120,7 +120,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { } catch (InvalidSettingException ise) { LOGGER.warn("Invalid setting. Disabling the Central analyzer"); } - return retval; + return retVal; } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java index b52adb255..63e19aa10 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java @@ -172,7 +172,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer { exitValue = process.waitFor(); } catch (InterruptedException ex) { setEnabled(false); - final String msg = String.format("Bundle-audit process was interupted. Disabling %s", ANALYZER_NAME); + final String msg = String.format("Bundle-audit process was interrupted. Disabling %s", ANALYZER_NAME); throw new InitializationException(msg); } if (0 == exitValue) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.java index 7098149f1..23002517e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.java @@ -39,7 +39,7 @@ import org.slf4j.LoggerFactory; */ public class VersionFilterAnalyzer extends AbstractAnalyzer { - // + // /** * Evidence source. */ diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java index 09abaa2bc..314e321fb 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java @@ -128,11 +128,11 @@ public class CentralSearch { final String a = xpath.evaluate("./str[@name='a']", docs.item(i)); LOGGER.trace("ArtifactId: {}", a); final String v = xpath.evaluate("./str[@name='v']", docs.item(i)); - NodeList atts = (NodeList) xpath.evaluate("./arr[@name='ec']/str", docs.item(i), XPathConstants.NODESET); + NodeList attributes = (NodeList) xpath.evaluate("./arr[@name='ec']/str", docs.item(i), XPathConstants.NODESET); boolean pomAvailable = false; boolean jarAvailable = false; - for (int x = 0; x < atts.getLength(); x++) { - final String tmp = xpath.evaluate(".", atts.item(x)); + for (int x = 0; x < attributes.getLength(); x++) { + final String tmp = xpath.evaluate(".", attributes.item(x)); if (".pom".equals(tmp)) { pomAvailable = true; } else if (".jar".equals(tmp)) { @@ -140,10 +140,10 @@ public class CentralSearch { } } - atts = (NodeList) xpath.evaluate("./arr[@name='tags']/str", docs.item(i), XPathConstants.NODESET); + attributes = (NodeList) xpath.evaluate("./arr[@name='tags']/str", docs.item(i), XPathConstants.NODESET); boolean useHTTPS = false; - for (int x = 0; x < atts.getLength(); x++) { - final String tmp = xpath.evaluate(".", atts.item(x)); + for (int x = 0; x < attributes.getLength(); x++) { + final String tmp = xpath.evaluate(".", attributes.item(x)); if ("https".equals(tmp)) { useHTTPS = true; } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerDependency.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerDependency.java index 09dd97d9a..2ab329abe 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerDependency.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerDependency.java @@ -18,7 +18,7 @@ package org.owasp.dependencycheck.data.composer; /** - * Reperesents a dependency (GAV, right now) from a Composer dependency. + * Represents a dependency (GAV, right now) from a Composer dependency. * * @author colezlaw */ diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java index eb0843e2a..0803276d1 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java @@ -81,7 +81,7 @@ public class ComposerLockParser { final String group = groupName.substring(0, groupName.indexOf('/')); final String project = groupName.substring(groupName.indexOf('/') + 1); String version = pkg.getString("version"); - // Some version nubmers begin with v - which doesn't end up matching CPE's + // Some version numbers begin with v - which doesn't end up matching CPE's if (version.startsWith("v")) { version = version.substring(1); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java index a5918ca47..b901231b4 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java @@ -342,7 +342,7 @@ public final class ConnectionFactory { LOGGER.warn("A new version of dependency-check is available; consider upgrading"); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); } else if (e0 == c0 && e1 == c1) { - //do nothing - not sure how we got here, but just incase... + //do nothing - not sure how we got here, but just in case... } else { LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.", UPGRADE_HELP_URL); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java index c55bb5225..0178e2ffb 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java @@ -69,7 +69,7 @@ public class CpeUpdater { //extends BaseUpdater implements CachedWebDataSource { // return; // } // } catch (InvalidSettingException ex) { -// LOGGER.trace("inavlid setting UPDATE_NVDCVE_ENABLED", ex); +// LOGGER.trace("invalid setting UPDATE_NVDCVE_ENABLED", ex); // } // */ // diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java index 54870e859..123d326cc 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java @@ -30,7 +30,7 @@ import org.xml.sax.SAXException; import org.xml.sax.helpers.DefaultHandler; /** - * A SAX Handler that will parse the CPE XML and load it into the databse. + * A SAX Handler that will parse the CPE XML and load it into the database. * * @author Jeremy Long */ @@ -154,35 +154,10 @@ public class CPEHandler extends DefaultHandler { public void endElement(String uri, String localName, String qName) throws SAXException { current.setNode(qName); if (current.isSchemaVersionNode() && !CURRENT_SCHEMA_VERSION.equals(nodeText.toString())) { - throw new SAXException("ERROR: Unexpecgted CPE Schema Version, expected: " + throw new SAXException("ERROR: Unexpected CPE Schema Version, expected: " + CURRENT_SCHEMA_VERSION + ", file is: " + nodeText); } -// } else if (current.isCpeItemNode()) { -// //do nothing -// } else if (current.isTitleNode()) { -// //do nothing -// } else if (current.isCpeListNode()) { -// //do nothing -// } else if (current.isMetaNode()) { -// //do nothing -// } else if (current.isNotesNode()) { -// //do nothing -// } else if (current.isNoteNode()) { -// //do nothing -// } else if (current.isCheckNode()) { -// //do nothing -// } else if (current.isGeneratorNode()) { -// //do nothing -// } else if (current.isProductNameNode()) { -// //do nothing -// } else if (current.isProductVersionNode()) { -// //do nothing -// else if (current.isTimestampNode()) { -// //do nothing -// } else { -// throw new SAXException("ERROR STATE: Unexpected qName '" + qName + "'"); -// } } // diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java index 194950224..d9c4f26f1 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java @@ -18,7 +18,6 @@ package org.owasp.dependencycheck.data.update.nvd; import java.io.File; -import java.io.FileNotFoundException; import java.io.IOException; import java.sql.SQLException; import java.util.List; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java index cdfe7fc83..9d7662ebb 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java @@ -598,7 +598,7 @@ public class Dependency implements Serializable, Comparable { LOGGER.warn("Unable to read '{}' to determine hashes.", file.getName()); LOGGER.debug("", ex); } catch (NoSuchAlgorithmException ex) { - LOGGER.warn("Unable to use MD5 of SHA1 checksums."); + LOGGER.warn("Unable to use MD5 or SHA1 checksums."); LOGGER.debug("", ex); } this.setMd5sum(md5); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java index c921da7cf..fb45480b0 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java @@ -397,10 +397,10 @@ public class EvidenceCollection implements Serializable, Iterable { * *

* Example, given the following input:

- * 'Please visit https://www.somedomain.com/path1/path2/file.php?id=439' + * 'Please visit https://www.owasp.com/path1/path2/file.php?id=439' *

* The function would return:

- * 'Please visit somedomain path1 path2 file' + * 'Please visit owasp path1 path2 file' * * @param value the value that may contain a url * @return the modified string diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java index a23004db5..27d96adb0 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java @@ -280,7 +280,7 @@ public final class ExtractionUtil { if (!file.renameTo(gzip)) { throw new IOException("Unable to rename '" + file.getPath() + "'"); } - final File newfile = new File(originalPath); + final File newFile = new File(originalPath); final byte[] buffer = new byte[4096]; @@ -288,7 +288,7 @@ public final class ExtractionUtil { FileOutputStream out = null; try { cin = new GZIPInputStream(new FileInputStream(gzip)); - out = new FileOutputStream(newfile); + out = new FileOutputStream(newFile); int len; while ((len = cin.read(buffer)) > 0) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintRule.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintRule.java index ab59344f4..e92cbdda9 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintRule.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintRule.java @@ -255,7 +255,7 @@ public class HintRule { return removeVersion; } /** - * Adds a given version to the list of evidence to matche. + * Adds a given version to the list of evidence to match. * * @param source the source of the evidence * @param name the name of the evidence diff --git a/dependency-check-core/src/main/resources/data/dbStatements.properties b/dependency-check-core/src/main/resources/data/dbStatements.properties index d7c4eb276..87098536e 100644 --- a/dependency-check-core/src/main/resources/data/dbStatements.properties +++ b/dependency-check-core/src/main/resources/data/dbStatements.properties @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# Copyright (c) 2015 The OWASP Foundatio. All Rights Reserved. +# Copyright (c) 2015 The OWASP Foundation. All Rights Reserved. DELETE_REFERENCE=DELETE FROM reference WHERE cveid = ? DELETE_SOFTWARE=DELETE FROM software WHERE cveid = ? diff --git a/dependency-check-core/src/main/resources/schema/nvdcve/2_0/scap-core_0.1.xsd b/dependency-check-core/src/main/resources/schema/nvdcve/2_0/scap-core_0.1.xsd index 41d1ce5f6..c9a09f82f 100644 --- a/dependency-check-core/src/main/resources/schema/nvdcve/2_0/scap-core_0.1.xsd +++ b/dependency-check-core/src/main/resources/schema/nvdcve/2_0/scap-core_0.1.xsd @@ -133,7 +133,7 @@ - + diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java index 4d1f481ed..62c333efe 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java @@ -64,7 +64,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo { * and generates the subsequent reports. * * @throws MojoExecutionException thrown if there is ane exception running - * the mojo + * the Mojo * @throws MojoFailureException thrown if dependency-check is configured to * fail the build */ @@ -118,7 +118,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo { } File outputDir = getCorrectOutputDirectory(this.getProject()); if (outputDir == null) { - //in some regards we shouldn't be writting this, but we are anyway. + //in some regards we shouldn't be writing this, but we are anyway. //we shouldn't write this because nothing is configured to generate this report. outputDir = new File(this.getProject().getBuild().getDirectory()); } @@ -165,7 +165,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo { mpp = mpp.getCanonicalFile(); if (mpp.compareTo(mod.getBasedir()) == 0 && descendants.add(mod) && getLog().isDebugEnabled()) { - getLog().debug(String.format("Decendent module %s added", mod.getName())); + getLog().debug(String.format("Descendant module %s added", mod.getName())); } } catch (IOException ex) { @@ -180,14 +180,14 @@ public class AggregateMojo extends BaseDependencyCheckMojo { for (MavenProject p : getReactorProjects()) { if (project.equals(p.getParent()) || descendants.contains(p.getParent())) { if (descendants.add(p) && getLog().isDebugEnabled()) { - getLog().debug(String.format("Decendent %s added", p.getName())); + getLog().debug(String.format("Descendant %s added", p.getName())); } for (MavenProject modTest : getReactorProjects()) { if (p.getModules() != null && p.getModules().contains(modTest.getName()) && descendants.add(modTest) && getLog().isDebugEnabled()) { - getLog().debug(String.format("Decendent %s added", modTest.getName())); + getLog().debug(String.format("Descendant %s added", modTest.getName())); } } } @@ -209,7 +209,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo { } for (MavenProject addedDescendant : addedDescendants) { if (descendants.add(addedDescendant) && getLog().isDebugEnabled()) { - getLog().debug(String.format("Decendent module %s added", addedDescendant.getName())); + getLog().debug(String.format("Descendant module %s added", addedDescendant.getName())); } } } @@ -259,7 +259,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo { @Override public boolean canGenerateReport() { - return true; //aggregate always returns true for now - we can look at a more complicated/acurate solution later + return true; //aggregate always returns true for now - we can look at a more complicated/accurate solution later } /** diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index 0860088fb..f7f9ec76f 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -109,7 +109,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma @Parameter(readonly = true, required = true, property = "reactorProjects") private List reactorProjects; /** - * The entry point towards a Maven version independent way of resolving artifacts (handles both Maven 3.0 sonatype and Maven 3.1+ eclipse Aether implementations). + * The entry point towards a Maven version independent way of resolving artifacts (handles both Maven 3.0 + * Sonatype and Maven 3.1+ eclipse Aether implementations). */ @Component private ArtifactResolver artifactResolver; @@ -603,7 +604,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma */ protected File getDataFile(MavenProject current) { if (getLog().isDebugEnabled()) { - getLog().debug(String.format("Getting data filefor %s using key '%s'", current.getName(), getDataFileContextKey())); + getLog().debug(String.format("Getting data file for %s using key '%s'", current.getName(), getDataFileContextKey())); } final Object obj = current.getContextValue(getDataFileContextKey()); if (obj != null) { @@ -718,7 +719,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma } /** - * Executes the dependency-check scan and generates the necassary report. + * Executes the dependency-check scan and generates the necessary report. * * @throws MojoExecutionException thrown if there is an exception running * the scan @@ -1160,7 +1161,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma * Writes the scan data to disk. This is used to serialize the scan data * between the "check" and "aggregate" phase. * - * @param mp the mMven project for which the data file was created + * @param mp the Maven project for which the data file was created * @param writeTo the directory to write the data file * @param dependencies the list of dependencies to serialize */ diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedObjectInputStream.java similarity index 93% rename from dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedObjectInputStream.java index d5db918cc..abd10d4e6 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedObjectInputStream.java @@ -31,7 +31,7 @@ import java.util.List; * * @author Jeremy Long */ -public class ExpectedOjectInputStream extends ObjectInputStream { +public class ExpectedObjectInputStream extends ObjectInputStream { /** * The list of fully qualified class names that are able to be deserialized. @@ -46,7 +46,7 @@ public class ExpectedOjectInputStream extends ObjectInputStream { * @param expected the fully qualified class names of the classes that can be deserialized * @throws IOException thrown if there is an error reading from the stream */ - public ExpectedOjectInputStream(InputStream inputStream, String... expected) throws IOException { + public ExpectedObjectInputStream(InputStream inputStream, String... expected) throws IOException { super(inputStream); this.expected.addAll(Arrays.asList(expected)); } diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index 2f1e85f9a..84174243d 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -57,7 +57,7 @@ public final class Settings { private Properties props = null; /** - * A reference to the temporary directory; used incase it needs to be + * A reference to the temporary directory; used in case it needs to be * deleted during cleanup. */ private static File tempDirectory = null; diff --git a/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStreamTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ExpectedObjectInputStreamTest.java similarity index 81% rename from dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStreamTest.java rename to dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ExpectedObjectInputStreamTest.java index 210bf0c04..dc991c390 100644 --- a/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStreamTest.java +++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ExpectedObjectInputStreamTest.java @@ -26,15 +26,16 @@ import java.util.ArrayList; import java.util.List; import static org.junit.Assert.fail; import org.junit.Test; +import static org.junit.Assert.fail; /** * * @author jeremy */ -public class ExpectedOjectInputStreamTest { +public class ExpectedObjectInputStreamTest { /** - * Test of resolveClass method, of class ExpectedOjectInputStream. + * Test of resolveClass method, of class ExpectedObjectInputStream. */ @Test public void testResolveClass() { @@ -49,7 +50,7 @@ public class ExpectedOjectInputStreamTest { byte[] buf = mem.toByteArray(); out.close(); ByteArrayInputStream in = new ByteArrayInputStream(buf); - ExpectedOjectInputStream instance = new ExpectedOjectInputStream(in, "java.util.ArrayList", "org.owasp.dependencycheck.utils.SimplePojo", "java.lang.Integer", "java.lang.Number"); + ExpectedObjectInputStream instance = new ExpectedObjectInputStream(in, "java.util.ArrayList", "org.owasp.dependencycheck.utils.SimplePojo", "java.lang.Integer", "java.lang.Number"); instance.readObject(); } catch (IOException | ClassNotFoundException ex) { fail(ex.getMessage()); @@ -65,7 +66,7 @@ public class ExpectedOjectInputStreamTest { } /** - * Test of resolveClass method, of class ExpectedOjectInputStream. + * Test of resolveClass method, of class ExpectedObjectInputStream. */ @Test(expected = java.io.InvalidClassException.class) public void testResolveClassException() throws Exception { @@ -81,7 +82,7 @@ public class ExpectedOjectInputStreamTest { } ByteArrayInputStream in = new ByteArrayInputStream(buf); - ExpectedOjectInputStream instance = new ExpectedOjectInputStream(in, "java.util.ArrayList", "org.owasp.dependencycheck.utils.SimplePojo"); + ExpectedObjectInputStream instance = new ExpectedObjectInputStream(in, "java.util.ArrayList", "org.owasp.dependencycheck.utils.SimplePojo"); instance.readObject(); } }