codacy, checkstyle, upgrades, etc.

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java

@@ -50,11 +50,30 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
      * The Logger.
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(FalsePositiveAnalyzer.class);
-
     /**
      * The file filter used to find DLL and EXE.
      */
     private static final FileFilter DLL_EXE_FILTER = FileFilterBuilder.newInstance().addExtensions("dll", "exe").build();
+    /**
+     * Regex to identify core java libraries and a few other commonly
+     * misidentified ones.
+     */
+    public static final Pattern CORE_JAVA = Pattern.compile("^cpe:/a:(sun|oracle|ibm):(j2[ems]e|"
+            + "java(_platform_micro_edition|_runtime_environment|_se|virtual_machine|se_development_kit|fx)?|"
+            + "jdk|jre|jsse)($|:.*)");
+    /**
+     * Regex to identify core jsf libraries.
+     */
+    public static final Pattern CORE_JAVA_JSF = Pattern.compile("^cpe:/a:(sun|oracle|ibm):jsf($|:.*)");
+    /**
+     * Regex to identify core java library files. This is currently incomplete.
+     */
+    public static final Pattern CORE_FILES = Pattern.compile("(^|/)((alt[-])?rt|jsse|jfxrt|jfr|jce|javaws|deploy|charsets)\\.jar$");
+    /**
+     * Regex to identify core jsf java library files. This is currently
+     * incomplete.
+     */
+    public static final Pattern CORE_JSF_FILES = Pattern.compile("(^|/)jsf[-][^/]*\\.jar$");
 
     //<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
     /**
@@ -214,27 +233,6 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
             }
         }
     }
-    /**
-     * Regex to identify core java libraries and a few other commonly
-     * misidentified ones.
-     */
-    public static final Pattern CORE_JAVA = Pattern.compile("^cpe:/a:(sun|oracle|ibm):(j2[ems]e|"
-            + "java(_platform_micro_edition|_runtime_environment|_se|virtual_machine|se_development_kit|fx)?|"
-            + "jdk|jre|jsse)($|:.*)");
-
-    /**
-     * Regex to identify core jsf libraries.
-     */
-    public static final Pattern CORE_JAVA_JSF = Pattern.compile("^cpe:/a:(sun|oracle|ibm):jsf($|:.*)");
-    /**
-     * Regex to identify core java library files. This is currently incomplete.
-     */
-    public static final Pattern CORE_FILES = Pattern.compile("(^|/)((alt[-])?rt|jsse|jfxrt|jfr|jce|javaws|deploy|charsets)\\.jar$");
-    /**
-     * Regex to identify core jsf java library files. This is currently
-     * incomplete.
-     */
-    public static final Pattern CORE_JSF_FILES = Pattern.compile("(^|/)jsf[-][^/]*\\.jar$");
 
     /**
      * Removes any CPE entries for the JDK/JRE unless the filename ends with

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java

@@ -61,6 +61,10 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
      * The types of files on which this will work.
      */
     private static final String SUPPORTED_EXTENSIONS = "nuspec";
+    /**
+     * The file filter used to determine which files this analyzer supports.
+     */
+    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(SUPPORTED_EXTENSIONS).build();
 
     /**
      * Initializes the analyzer once before any analysis is performed.
@@ -102,12 +106,6 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
         return ANALYSIS_PHASE;
     }
 
-    /**
-     * The file filter used to determine which files this analyzer supports.
-     */
-    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(
-            SUPPORTED_EXTENSIONS).build();
-
     /**
      * Returns the FileFilter
      *

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java

@@ -105,6 +105,11 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
      */
     private static final FileFilter PY_FILTER = new SuffixFileFilter(".py");
 
+    /**
+     * The file filter used to determine which files this analyzer supports.
+     */
+    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
+
     /**
      * Returns the name of the Python Package Analyzer.
      *
@@ -125,11 +130,6 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
         return AnalysisPhase.INFORMATION_COLLECTION;
     }
 
-    /**
-     * The file filter used to determine which files this analyzer supports.
-     */
-    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
-
     /**
      * Returns the FileFilter
      *

dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java

@@ -17,14 +17,22 @@
  */
 package org.owasp.dependencycheck.reporting;
 
-import java.io.*;
 import java.util.List;
 
 import com.google.gson.JsonSyntaxException;
 import com.google.gson.stream.JsonReader;
 import com.google.gson.stream.JsonToken;
-import static com.google.gson.stream.JsonToken.*;
 import com.google.gson.stream.JsonWriter;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.UnsupportedEncodingException;
 import java.math.BigDecimal;
 import java.nio.charset.StandardCharsets;
 import org.apache.velocity.VelocityContext;

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java

@@ -31,12 +31,6 @@ import java.util.regex.Pattern;
  * @author Jeremy Long
  */
 public final class UrlStringUtils {
-
-    /**
-     * Private constructor for a utility class.
-     */
-    private UrlStringUtils() {
-    }
     /**
      * A regular expression to test if a string contains a URL.
      */
@@ -45,7 +39,18 @@ public final class UrlStringUtils {
      * A regular expression to test if a string is a URL.
      */
     private static final Pattern IS_URL_TEST = Pattern.compile("^(ht|f)tps?://.*", Pattern.CASE_INSENSITIVE);
+    /**
+     * A listing of domain parts that should not be used as evidence. Yes, this
+     * is an incomplete list.
+     */
+    private static final Set<String> IGNORE_LIST = new HashSet<>(
+            Arrays.asList("www", "com", "org", "gov", "info", "name", "net", "pro", "tel", "mobi", "xxx"));
 
+    /**
+     * Private constructor for a utility class.
+     */
+    private UrlStringUtils() {
+    }
     /**
      * Tests if the text provided contains a URL. This is somewhat limited
      * search in that it only looks for (ftp|http|https)://
@@ -66,12 +71,6 @@ public final class UrlStringUtils {
     public static boolean isUrl(String text) {
         return IS_URL_TEST.matcher(text).matches();
     }
-    /**
-     * A listing of domain parts that should not be used as evidence. Yes, this
-     * is an incomplete list.
-     */
-    private static final Set<String> IGNORE_LIST = new HashSet<>(
-            Arrays.asList("www", "com", "org", "gov", "info", "name", "net", "pro", "tel", "mobi", "xxx"));
 
     /**
      * <p>

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/XmlEntity.java

@@ -12,7 +12,8 @@ import java.util.Map;
  *
  * @author https://stackoverflow.com/users/823393/oldcurmudgeon
  */
-public class XmlEntity {
+public final class XmlEntity {
+
     /**
      * The map of HTML entities.
      */
@@ -292,8 +293,8 @@ public class XmlEntity {
     /**
      * Converts a named XML entity into its HTML encoded Unicode code point.
      *
-     * @param s the named entity (note, this should not include the leading '&'
-     * or trailing ';'
+     * @param s the named entity (note, this should not include the leading
+     * '&' or trailing ';'
      * @return the HTML encoded Unicode code point representation of the named
      * entity
      */

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/XmlInputStream.java

@@ -162,7 +162,7 @@ public class XmlInputStream extends FilterInputStream {
                 throw new IOException("Invalid/Unknown reference '&" + reference + ";'");
             }
         } else {
-            // Did not terminate properly! 
+            // Did not terminate properly!
             // Perhaps an & on its own or a malformed reference.
             // Either way, escape the &
             pushBack.append("&").append(reference).append((char) ch);

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/Hints.java

@@ -31,6 +31,11 @@ public class Hints {
      */
     private List<HintRule> hintRules;
 
+    /**
+     * The duplicating hint rules.
+     */
+    private List<VendorDuplicatingHintRule> vendorDuplicatingHintRules;
+
     /**
      * Get the value of hintRules.
      *
@@ -49,11 +54,6 @@ public class Hints {
         this.hintRules = hintRules;
     }
 
-    /**
-     * The duplicating hint rules.
-     */
-    private List<VendorDuplicatingHintRule> vendorDuplicatingHintRules;
-
     /**
      * Get the value of vendorDuplicatingHintRules.
      *

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * Contains classes used to fix XML prior to parsing.
+ */
+package org.owasp.dependencycheck.xml;

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomHandler.java

@@ -74,11 +74,22 @@ public class PomHandler extends DefaultHandler {
      * The url element.
      */
     public static final String URL = "url";
-
     /**
      * The pom model.
      */
     private final Model model = new Model();
+    /**
+     * The stack of elements processed; used to determine the parent node.
+     */
+    private final Deque<String> stack = new ArrayDeque<>();
+    /**
+     * The license object.
+     */
+    private License license = null;
+    /**
+     * The current node text being extracted from the element.
+     */
+    private StringBuilder currentText;
 
     /**
      * Returns the model obtained from the pom.xml.
@@ -88,19 +99,6 @@ public class PomHandler extends DefaultHandler {
     public Model getModel() {
         return model;
     }
-    /**
-     * The stack of elements processed; used to determine the parent node.
-     */
-    private final Deque<String> stack = new ArrayDeque<>();
-    /**
-     * The license object.
-     */
-    private License license = null;
-
-    /**
-     * The current node text being extracted from the element.
-     */
-    private StringBuilder currentText;
 
     /**
      * Handles the start element event.
@@ -194,10 +192,8 @@ public class PomHandler extends DefaultHandler {
                     }
                     break;
                 case LICENSES:
-                    if (LICENSE.equals(qName)) {
-                        if (license != null) {
-                            model.addLicense(license);
-                        }
+                    if (LICENSE.equals(qName) && license != null) {
+                        model.addLicense(license);
                     }
                     break;
                 default:

dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIT.java

@@ -19,15 +19,11 @@ package org.owasp.dependencycheck;
 
 import java.io.File;
 import java.io.IOException;
-import static org.junit.Assert.assertTrue;
 
 import org.junit.Test;
-import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
-import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
 import org.owasp.dependencycheck.exception.ExceptionCollection;
 import org.owasp.dependencycheck.exception.ReportException;
-import org.owasp.dependencycheck.reporting.ReportGenerator;
 import org.owasp.dependencycheck.utils.InvalidSettingException;
 import org.owasp.dependencycheck.utils.Settings;
 import static org.junit.Assert.assertTrue;

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIT.java

@@ -58,7 +58,7 @@ public class CPEAnalyzerIT extends BaseDBTestCase {
 
         String vendor = "apache software foundation";
         String product = "struts 2 core";
-        String version = "2.1.2";
+        
         CPEAnalyzer instance = new CPEAnalyzer();
 
         String queryText = instance.buildSearch(vendor, product, null, null);

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBMySqlIT.java

@@ -19,10 +19,6 @@ package org.owasp.dependencycheck.data.nvdcve;
 
 import java.util.List;
 import java.util.Set;
-import static org.junit.Assert.assertFalse;
-
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
 
 import org.junit.Test;
 import org.owasp.dependencycheck.BaseTest;

dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIT.java

@@ -47,14 +47,10 @@ public class ReportGeneratorIT extends BaseDBTestCase {
     /**
      * Generates an XML report containing known vulnerabilities and realistic
      * data and validates the generated XML document against the XSD.
-     *
-     * @throws Exception
      */
     @Test
     public void testGenerateReport() {
         try {
-            String templateName = "XmlReport";
-
             File f = new File("target/test-reports");
             if (!f.exists()) {
                 f.mkdir();

dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/UrlStringUtilsTest.java

@@ -66,7 +66,7 @@ public class UrlStringUtilsTest {
         assertEquals(expResult, result);
         
         text = "http://github.com/jeremylong/DependencyCheck/something";
-        expResult = Arrays.asList("github", "jeremylong", "DependencyCheck", "something");;
+        expResult = Arrays.asList("github", "jeremylong", "DependencyCheck", "something");
         result = UrlStringUtils.extractImportantUrlData(text);
         assertEquals(expResult, result);
     }