From fb2aff3310e45d9295426104ba7bfbb01089e6d6 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Fri, 6 Nov 2015 23:16:12 -0800 Subject: [PATCH 1/3] Upgraded dependencies. --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 3baa00e20..b76f90025 100644 --- a/pom.xml +++ b/pom.xml @@ -475,7 +475,7 @@ Copyright (c) 2012 - Jeremy Long com.google.code.findbugs annotations - 3.0.0 + 3.0.1u2 com.h2database @@ -607,7 +607,7 @@ Copyright (c) 2012 - Jeremy Long org.jmockit jmockit - 1.19 + 1.20 test From b346dfe0a3312afc8e5ef105f6453f0770e9517b Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Tue, 10 Nov 2015 00:09:01 -0800 Subject: [PATCH 2/3] Minor code tweaks. --- .../analyzer/ArchiveAnalyzer.java | 9 +++---- .../analyzer/NexusAnalyzer.java | 2 +- .../analyzer/NvdCveAnalyzer.java | 2 +- .../data/nvdcve/ConnectionFactory.java | 3 +-- .../dependencycheck/utils/ExtractionUtil.java | 24 ++++++++----------- .../dependencycheck/maven/AggregateMojo.java | 2 +- .../maven/BaseDependencyCheckMojo.java | 1 - .../utils/URLConnectionFactory.java | 3 +-- 8 files changed, 18 insertions(+), 28 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index 1855bb006..750b99432 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -26,7 +26,6 @@ import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.util.ArrayList; -import java.util.Arrays; import java.util.Collections; import java.util.Enumeration; import java.util.HashSet; @@ -416,11 +415,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { FileOutputStream fos = null; try { final File parent = file.getParentFile(); - if (!parent.isDirectory()) { - if (!parent.mkdirs()) { - final String msg = String.format("Unable to build directory '%s'.", parent.getAbsolutePath()); - throw new AnalysisException(msg); - } + if (!parent.isDirectory() && !parent.mkdirs()) { + final String msg = String.format("Unable to build directory '%s'.", parent.getAbsolutePath()); + throw new AnalysisException(msg); } fos = new FileOutputStream(file); IOUtils.copy(input, fos); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java index 9c6b3aea6..c23322d76 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java @@ -104,7 +104,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { */ boolean retval = false; try { - if ((!DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL))) + if (!DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL)) && Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED)) { LOGGER.info("Enabling Nexus analyzer"); retval = true; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java index e252c5481..249dd4855 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java @@ -73,7 +73,7 @@ public class NvdCveAnalyzer implements Analyzer { * @return true or false. */ public boolean isOpen() { - return (cveDB != null); + return cveDB != null; } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java index 02197a9ca..1016248c9 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java @@ -27,7 +27,6 @@ import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; -import java.util.logging.Level; import org.apache.commons.io.IOUtils; import org.owasp.dependencycheck.utils.DBUtils; import org.owasp.dependencycheck.utils.DependencyVersion; @@ -302,7 +301,7 @@ public final class ConnectionFactory { Statement statement = null; try { statement = conn.createStatement(); - boolean success = statement.execute(dbStructureUpdate); + final boolean success = statement.execute(dbStructureUpdate); if (!success && statement.getUpdateCount() <= 0) { throw new DatabaseException(String.format("Unable to upgrade the database schema to %s", schema)); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java index 342ce4522..e4b56ae20 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java @@ -182,13 +182,11 @@ public final class ExtractionUtil { while ((entry = input.getNextEntry()) != null) { if (entry.isDirectory()) { final File dir = new File(destination, entry.getName()); - if (!dir.exists()) { - if (!dir.mkdirs()) { - final String msg = String.format( - "Unable to create directory '%s'.", - dir.getAbsolutePath()); - throw new AnalysisException(msg); - } + if (!dir.exists() && !dir.mkdirs()) { + final String msg = String.format( + "Unable to create directory '%s'.", + dir.getAbsolutePath()); + throw new AnalysisException(msg); } } else { extractFile(input, destination, filter, entry); @@ -264,13 +262,11 @@ public final class ExtractionUtil { private static void createParentFile(final File file) throws ExtractionException { final File parent = file.getParentFile(); - if (!parent.isDirectory()) { - if (!parent.mkdirs()) { - final String msg = String.format( - "Unable to build directory '%s'.", - parent.getAbsolutePath()); - throw new ExtractionException(msg); - } + if (!parent.isDirectory() && !parent.mkdirs()) { + final String msg = String.format( + "Unable to build directory '%s'.", + parent.getAbsolutePath()); + throw new ExtractionException(msg); } } } diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java index 99948b058..e6a1e41d9 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java @@ -174,7 +174,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo { } } } - Set addedDescendants = new HashSet(); + final Set addedDescendants = new HashSet(); for (MavenProject dec : descendants) { for (String mod : dec.getModules()) { try { diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index 4a88f2142..0a0fe288f 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -26,7 +26,6 @@ import java.io.IOException; import java.io.InputStream; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; -import java.io.OutputStream; import java.util.List; import java.util.Locale; import org.apache.maven.artifact.Artifact; diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java index 85e6457fe..c11e3ecf9 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java @@ -52,7 +52,6 @@ public final class URLConnectionFactory { @SuppressFBWarnings(value = "RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE", justification = "Just being extra safe") public static HttpURLConnection createHttpURLConnection(URL url) throws URLConnectionFailureException { HttpURLConnection conn = null; - Proxy proxy; final String proxyUrl = Settings.getString(Settings.KEYS.PROXY_SERVER); try { if (proxyUrl != null) { @@ -74,7 +73,7 @@ public final class URLConnectionFactory { Authenticator.setDefault(auth); } - proxy = new Proxy(Proxy.Type.HTTP, address); + final Proxy proxy = new Proxy(Proxy.Type.HTTP, address); conn = (HttpURLConnection) url.openConnection(proxy); } else { conn = (HttpURLConnection) url.openConnection(); From df569a5ae299a02f0c4a3104880d62f46be57c70 Mon Sep 17 00:00:00 2001 From: Hans Joachim Desserud Date: Sat, 14 Nov 2015 10:10:44 +0100 Subject: [PATCH 3/3] Upgraded slf4j to latest version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3baa00e20..dde4b9cd1 100644 --- a/pom.xml +++ b/pom.xml @@ -127,7 +127,7 @@ Copyright (c) 2012 - Jeremy Long 4.7.2 - 1.7.12 + 1.7.13 1.1.3 2.17 2.7