github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-04-30 20:24:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

spelling corrections

Browse Source
This commit is contained in:
Jeremy Long
2017-03-11 14:15:24 -05:00
parent 1d32a6012a
commit 5ed6e838fc
27 changed files with 80 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java
View File

@@ -63,7 +63,7 @@ public class AnalyzerService {
try {
experimentalEnabled = Settings.getBoolean(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, false);
} catch (InvalidSettingException ex) {
LOGGER.error("invalide experimental setting", ex);
LOGGER.error("invalid experimental setting", ex);
}
while (iterator.hasNext()) {
final Analyzer a = iterator.next();

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -98,7 +98,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
/**
* The set of things we can handle with Zip methods
*/
private static final Set<String> ZIPPABLES = newHashSet("zip", "ear", "war", "jar", "sar", "apk", "nupkg");
private static final Set<String> KNOWN_ZIP_EXT = newHashSet("zip", "ear", "war", "jar", "sar", "apk", "nupkg");
/**
* The set of file extensions supported by this analyzer. Note for
* developers, any additions to this list will need to be explicitly handled
@@ -110,9 +110,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
if (additionalZipExt != null) {
final String[] ext = additionalZipExt.split("\\s*,\\s*");
Collections.addAll(ZIPPABLES, ext);
Collections.addAll(KNOWN_ZIP_EXT, ext);
}
EXTENSIONS.addAll(ZIPPABLES);
EXTENSIONS.addAll(KNOWN_ZIP_EXT);
}
/**
@@ -303,11 +303,11 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
*/
private void addDisguisedJarsToDependencies(Dependency dependency, Engine engine) throws AnalysisException {
if (ZIP_FILTER.accept(dependency.getActualFile()) && isZipFileActuallyJarFile(dependency)) {
final File tdir = getNextTempDirectory();
final File tempDir = getNextTempDirectory();
final String fileName = dependency.getFileName();
LOGGER.info("The zip file '{}' appears to be a JAR file, making a copy and analyzing it as a JAR.", fileName);
final File tmpLoc = new File(tdir, fileName.substring(0, fileName.length() - 3) + "jar");
final File tmpLoc = new File(tempDir, fileName.substring(0, fileName.length() - 3) + "jar");
//store the archives sha1 and change it so that the engine doesn't think the zip and jar file are the same
// and add it is a related dependency.
final String archiveSha1 = dependency.getSha1sum();
@@ -399,7 +399,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
GzipCompressorInputStream gin = null;
BZip2CompressorInputStream bzin = null;
try {
if (ZIPPABLES.contains(archiveExt)) {
if (KNOWN_ZIP_EXT.contains(archiveExt)) {
in = new BufferedInputStream(fis);
ensureReadableJar(archiveExt, in);
zin = new ZipArchiveInputStream(in);

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
View File

@@ -183,7 +183,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
LOGGER.error("Failed to read the Assembly Analyzer results. "
+ "On some systems mono-runtime and mono-devel need to be installed.");
LOGGER.error("----------------------------------------------------");
throw new AnalysisException("Couldn't parse Assembly Analzyzer results (GrokAssembly)", saxe);
throw new AnalysisException("Couldn't parse Assembly Analyzer results (GrokAssembly)", saxe);
}
// This shouldn't happen
@@ -202,7 +202,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
tempFile = File.createTempFile("GKA", ".exe", Settings.getTempDirectory());
} catch (IOException ex) {
setEnabled(false);
throw new InitializationException("Unable to create temporary file for the assembly analyzerr", ex);
throw new InitializationException("Unable to create temporary file for the assembly analyzer", ex);
}
FileOutputStream fos = null;
InputStream is = null;
@@ -248,7 +248,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
//
// We need to create a non-fatal warning error type that will
// get added to the report.
//TOOD this idea needs to get replicated to the bundle audit analyzer.
//TODO this idea needs to get replicated to the bundle audit analyzer.
if (args == null) {
setEnabled(false);
LOGGER.error("----------------------------------------------------");
@@ -366,7 +366,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
return true;
}
} catch (IOException | InterruptedException ex) {
LOGGER.debug("Path seach failed for " + file, ex);
LOGGER.debug("Path search failed for " + file, ex);
}
return false;
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
View File

@@ -208,7 +208,7 @@ public class CPEAnalyzer extends AbstractAnalyzer {
* @throws ParseException is thrown when the Lucene query cannot be parsed.
*/
protected void determineCPE(Dependency dependency) throws CorruptIndexException, IOException, ParseException {
//TODO test dojo-war against this. we shold get dojo-toolkit:dojo-toolkit AND dojo-toolkit:toolkit
//TODO test dojo-war against this. we should get dojo-toolkit:dojo-toolkit AND dojo-toolkit:toolkit
String vendors = "";
String products = "";
for (Confidence confidence : Confidence.values()) {

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
View File

@@ -103,14 +103,14 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
* <code>false</code>
*/
private boolean checkEnabled() {
boolean retval = false;
boolean retVal = false;
try {
if (Settings.getBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED)) {
if (!Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED)
|| NexusAnalyzer.DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL))) {
LOGGER.debug("Enabling the Central analyzer");
retval = true;
retVal = true;
} else {
LOGGER.info("Nexus analyzer is enabled, disabling the Central Analyzer");
}
@@ -120,7 +120,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
} catch (InvalidSettingException ise) {
LOGGER.warn("Invalid setting. Disabling the Central analyzer");
}
return retval;
return retVal;
}
/**

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View File

@@ -172,7 +172,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
exitValue = process.waitFor();
} catch (InterruptedException ex) {
setEnabled(false);
final String msg = String.format("Bundle-audit process was interupted. Disabling %s", ANALYZER_NAME);
final String msg = String.format("Bundle-audit process was interrupted. Disabling %s", ANALYZER_NAME);
throw new InitializationException(msg);
}
if (0 == exitValue) {

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.java
View File

@@ -39,7 +39,7 @@ import org.slf4j.LoggerFactory;
*/
public class VersionFilterAnalyzer extends AbstractAnalyzer {
//<editor-fold defaultstate="collapsed" desc="Constaints">
//<editor-fold defaultstate="collapsed" desc="Constants">
/**
* Evidence source.
*/

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java
View File

@@ -128,11 +128,11 @@ public class CentralSearch {
final String a = xpath.evaluate("./str[@name='a']", docs.item(i));
LOGGER.trace("ArtifactId: {}", a);
final String v = xpath.evaluate("./str[@name='v']", docs.item(i));
NodeList atts = (NodeList) xpath.evaluate("./arr[@name='ec']/str", docs.item(i), XPathConstants.NODESET);
NodeList attributes = (NodeList) xpath.evaluate("./arr[@name='ec']/str", docs.item(i), XPathConstants.NODESET);
boolean pomAvailable = false;
boolean jarAvailable = false;
for (int x = 0; x < atts.getLength(); x++) {
final String tmp = xpath.evaluate(".", atts.item(x));
for (int x = 0; x < attributes.getLength(); x++) {
final String tmp = xpath.evaluate(".", attributes.item(x));
if (".pom".equals(tmp)) {
pomAvailable = true;
} else if (".jar".equals(tmp)) {
@@ -140,10 +140,10 @@ public class CentralSearch {
}
}
atts = (NodeList) xpath.evaluate("./arr[@name='tags']/str", docs.item(i), XPathConstants.NODESET);
attributes = (NodeList) xpath.evaluate("./arr[@name='tags']/str", docs.item(i), XPathConstants.NODESET);
boolean useHTTPS = false;
for (int x = 0; x < atts.getLength(); x++) {
final String tmp = xpath.evaluate(".", atts.item(x));
for (int x = 0; x < attributes.getLength(); x++) {
final String tmp = xpath.evaluate(".", attributes.item(x));
if ("https".equals(tmp)) {
useHTTPS = true;
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerDependency.java
View File

@@ -18,7 +18,7 @@
package org.owasp.dependencycheck.data.composer;
/**
* Reperesents a dependency (GAV, right now) from a Composer dependency.
* Represents a dependency (GAV, right now) from a Composer dependency.
*
* @author colezlaw
*/

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java
View File

@@ -81,7 +81,7 @@ public class ComposerLockParser {
final String group = groupName.substring(0, groupName.indexOf('/'));
final String project = groupName.substring(groupName.indexOf('/') + 1);
String version = pkg.getString("version");
// Some version nubmers begin with v - which doesn't end up matching CPE's
// Some version numbers begin with v - which doesn't end up matching CPE's
if (version.startsWith("v")) {
version = version.substring(1);
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
View File

@@ -342,7 +342,7 @@ public final class ConnectionFactory {
LOGGER.warn("A new version of dependency-check is available; consider upgrading");
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
} else if (e0 == c0 && e1 == c1) {
//do nothing - not sure how we got here, but just incase...
//do nothing - not sure how we got here, but just in case...
} else {
LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.",
UPGRADE_HELP_URL);

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java
View File

@@ -69,7 +69,7 @@ public class CpeUpdater { //extends BaseUpdater implements CachedWebDataSource {
// return;
// }
// } catch (InvalidSettingException ex) {
// LOGGER.trace("inavlid setting UPDATE_NVDCVE_ENABLED", ex);
// LOGGER.trace("invalid setting UPDATE_NVDCVE_ENABLED", ex);
// }
// */
//

29
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java
View File

@@ -30,7 +30,7 @@ import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
/**
* A SAX Handler that will parse the CPE XML and load it into the databse.
* A SAX Handler that will parse the CPE XML and load it into the database.
*
* @author Jeremy Long
*/
@@ -154,35 +154,10 @@ public class CPEHandler extends DefaultHandler {
public void endElement(String uri, String localName, String qName) throws SAXException {
current.setNode(qName);
if (current.isSchemaVersionNode() && !CURRENT_SCHEMA_VERSION.equals(nodeText.toString())) {
throw new SAXException("ERROR: Unexpecgted CPE Schema Version, expected: "
throw new SAXException("ERROR: Unexpected CPE Schema Version, expected: "
+ CURRENT_SCHEMA_VERSION + ", file is: " + nodeText);
}
// } else if (current.isCpeItemNode()) {
// //do nothing
// } else if (current.isTitleNode()) {
// //do nothing
// } else if (current.isCpeListNode()) {
// //do nothing
// } else if (current.isMetaNode()) {
// //do nothing
// } else if (current.isNotesNode()) {
// //do nothing
// } else if (current.isNoteNode()) {
// //do nothing
// } else if (current.isCheckNode()) {
// //do nothing
// } else if (current.isGeneratorNode()) {
// //do nothing
// } else if (current.isProductNameNode()) {
// //do nothing
// } else if (current.isProductVersionNode()) {
// //do nothing
// else if (current.isTimestampNode()) {
// //do nothing
// } else {
// throw new SAXException("ERROR STATE: Unexpected qName '" + qName + "'");
// }
}
// <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">

1
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java
View File

@@ -18,7 +18,6 @@
package org.owasp.dependencycheck.data.update.nvd;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.sql.SQLException;
import java.util.List;

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View File

@@ -598,7 +598,7 @@ public class Dependency implements Serializable, Comparable<Dependency> {
LOGGER.warn("Unable to read '{}' to determine hashes.", file.getName());
LOGGER.debug("", ex);
} catch (NoSuchAlgorithmException ex) {
LOGGER.warn("Unable to use MD5 of SHA1 checksums.");
LOGGER.warn("Unable to use MD5 or SHA1 checksums.");
LOGGER.debug("", ex);
}
this.setMd5sum(md5);

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java
View File

@@ -397,10 +397,10 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
*
* <p>
* Example, given the following input:</p>
* <code>'Please visit https://www.somedomain.com/path1/path2/file.php?id=439'</code>
* <code>'Please visit https://www.owasp.com/path1/path2/file.php?id=439'</code>
* <p>
* The function would return:</p>
* <code>'Please visit somedomain path1 path2 file'</code>
* <code>'Please visit owasp path1 path2 file'</code>
*
* @param value the value that may contain a url
* @return the modified string

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java
View File

@@ -280,7 +280,7 @@ public final class ExtractionUtil {
if (!file.renameTo(gzip)) {
throw new IOException("Unable to rename '" + file.getPath() + "'");
}
final File newfile = new File(originalPath);
final File newFile = new File(originalPath);
final byte[] buffer = new byte[4096];
@@ -288,7 +288,7 @@ public final class ExtractionUtil {
FileOutputStream out = null;
try {
cin = new GZIPInputStream(new FileInputStream(gzip));
out = new FileOutputStream(newfile);
out = new FileOutputStream(newFile);
int len;
while ((len = cin.read(buffer)) > 0) {

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintRule.java
View File

@@ -255,7 +255,7 @@ public class HintRule {
return removeVersion;
}
/**
* Adds a given version to the list of evidence to matche.
* Adds a given version to the list of evidence to match.
*
* @param source the source of the evidence
* @param name the name of the evidence

2
dependency-check-core/src/main/resources/data/dbStatements.properties
View File

@@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Copyright (c) 2015 The OWASP Foundatio. All Rights Reserved.
# Copyright (c) 2015 The OWASP Foundation. All Rights Reserved.
DELETE_REFERENCE=DELETE FROM reference WHERE cveid = ?
DELETE_SOFTWARE=DELETE FROM software WHERE cveid = ?

2
dependency-check-core/src/main/resources/schema/nvdcve/2_0/scap-core_0.1.xsd
View File

@@ -133,7 +133,7 @@
<xsd:simpleType name="cweNamePatternType">
<xsd:restriction base="xsd:token">
<xsd:pattern value="CWE-[1-9]\d{0,5}"></xsd:pattern>
<xsd:pattern value="CWE-[1-9]\d{0,5}"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:schema>