checkstyle suggested changes

2026-01-14 15:53:36 +01:00 · 2017-11-18 16:32:40 -05:00
parent 7e1b6d0cc7
commit 804f8e38da
5 changed files with 58 additions and 11 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
@@ -461,14 +461,37 @@ public class DependencyBundlingAnalyzer extends AbstractDependencyComparingAnaly
        return filePath != null && filePath.matches(".*\\.(ear|war)[\\\\/].*");
    }

+    /**
+     * Determine if the dependency ecosystem is equal in the given dependencies.
+     *
+     * @param dependency a dependency to compare
+     * @param nextDependency a dependency to compare
+     * @return true if the ecosystem is equal in both dependencies; otherwise
+     * false
+     */
    private boolean ecoSystemIs(String ecoSystem, Dependency dependency, Dependency nextDependency) {
        return ecoSystem.equals(dependency.getEcosystem()) && ecoSystem.equals(nextDependency.getEcosystem());
    }

+    /**
+     * Determine if the dependency name is equal in the given dependencies.
+     *
+     * @param dependency a dependency to compare
+     * @param nextDependency a dependency to compare
+     * @return true if the name is equal in both dependencies; otherwise false
+     */
    private boolean namesAreEqual(Dependency dependency, Dependency nextDependency) {
        return dependency.getName() != null && dependency.getName().equals(nextDependency.getName());
    }

+    /**
+     * Determine if the dependency version is equal in the given dependencies.
+     *
+     * @param dependency a dependency to compare
+     * @param nextDependency a dependency to compare
+     * @return true if the version is equal in both dependencies; otherwise
+     * false
+     */
    private boolean versionsAreEqual(Dependency dependency, Dependency nextDependency) {
        return dependency.getVersion() != null && dependency.getVersion().equals(nextDependency.getVersion());
    }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyMergingAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyMergingAnalyzer.java
@@ -118,7 +118,8 @@ public class DependencyMergingAnalyzer extends AbstractDependencyComparingAnalyz
     * removed from the main analysis loop, this function adds to this
     * collection
     */
-    public static void mergeDependencies(final Dependency dependency, final Dependency relatedDependency, final Set<Dependency> dependenciesToRemove) {
+    public static void mergeDependencies(final Dependency dependency, final Dependency relatedDependency,
+            final Set<Dependency> dependenciesToRemove) {
        LOGGER.debug("Merging '{}' into '{}'", relatedDependency.getFilePath(), dependency.getFilePath());
        dependency.addRelatedDependency(relatedDependency);
        for (Evidence e : relatedDependency.getEvidence(EvidenceType.VENDOR)) {
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
@@ -142,6 +142,11 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
        }
    }

+    /**
+     * Collects evidence from the given JSON for the associated dependency.
+     * @param json the JSON that contains the evidence to collect
+     * @param dependency the dependency to add the evidence too
+     */
    public static void gatherEvidence(final JsonObject json, Dependency dependency) {
        if (json.containsKey("name")) {
            final Object value = json.get("name");
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
@@ -25,7 +25,6 @@ import org.owasp.dependencycheck.data.nsp.NspSearch;
 import org.owasp.dependencycheck.data.nsp.SanitizePackage;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
-import org.owasp.dependencycheck.dependency.Identifier;
 import org.owasp.dependencycheck.dependency.Vulnerability;
 import org.owasp.dependencycheck.dependency.VulnerableSoftware;
 import org.owasp.dependencycheck.utils.FileFilterBuilder;
@@ -36,7 +35,6 @@ import java.io.File;
 import java.io.FileFilter;
 import java.io.IOException;
 import java.net.MalformedURLException;
-import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
@@ -236,9 +234,9 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
                vs.setName(advisory.getModule() + ":" + advisory.getVulnerableVersions());
                vuln.setVulnerableSoftware(new HashSet<>(Arrays.asList(vs)));

-                Dependency existing = findDependency(engine, advisory.getModule(), advisory.getVersion());
+                final Dependency existing = findDependency(engine, advisory.getModule(), advisory.getVersion());
                if (existing == null) {
-                    Dependency nodeModule = createDependency(dependency, advisory.getModule(), advisory.getVersion(), "transitive");
+                    final Dependency nodeModule = createDependency(dependency, advisory.getModule(), advisory.getVersion(), "transitive");
                    nodeModule.addVulnerability(vuln);
                    engine.addDependency(nodeModule);
                } else {
@@ -257,6 +255,15 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
        }
    }

+    /**
+     * Construct a dependency object.
+     *
+     * @param dependency the parent dependency
+     * @param name the name of the dependency to create
+     * @param version the version of the dependency to create
+     * @param scope the scope of the dependency being created
+     * @return the generated dependency
+     */
    private Dependency createDependency(Dependency dependency, String name, String version, String scope) {
        final Dependency nodeModule = new Dependency(new File(dependency.getActualFile() + "?" + name), true);
        nodeModule.setEcosystem(DEPENDENCY_ECOSYSTEM);
@@ -308,7 +315,7 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
                if (entry.getValue() != null && entry.getValue().getValueType() == JsonValue.ValueType.STRING) {
                    version = ((JsonString) entry.getValue()).getString();
                }
-                Dependency existing = findDependency(engine, name, version);
+                final Dependency existing = findDependency(engine, name, version);
                if (existing == null) {
                    final Dependency nodeModule = createDependency(dependency, name, version, depType);
                    engine.addDependency(nodeModule);
@@ -353,6 +360,15 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
        }
    }

+    /**
+     * Locates the dependency from the list of dependencies that have been
+     * scanned by the engine.
+     *
+     * @param engine the dependency-check engine
+     * @param name the name of the dependency to find
+     * @param version the version of the dependency to find
+     * @return the identified dependency; otherwise null
+     */
    private Dependency findDependency(Engine engine, String name, String version) {
        for (Dependency d : engine.getDependencies()) {
            if (DEPENDENCY_ECOSYSTEM.equals(d.getEcosystem()) && name.equals(d.getName()) && version != null && d.getVersion() != null) {
@@ -374,16 +390,18 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
                        type = "*";
                        tmp = version;
                    }
-                    String[] v = tmp.split(" ")[0].split("\\.");
-                    String[] depVersion = dependencyVersion.split("\\.");
+                    final String[] v = tmp.split(" ")[0].split("\\.");
+                    final String[] depVersion = dependencyVersion.split("\\.");

                    if ("^".equals(type) && v[0].equals(depVersion[0])) {
                        return d;
-                    } else if ("~".equals(type) && v.length >= 2 && depVersion.length >= 2 && v[0].equals(depVersion[0]) && v[1].equals(depVersion[1])) {
+                    } else if ("~".equals(type) && v.length >= 2 && depVersion.length >= 2
+                            && v[0].equals(depVersion[0]) && v[1].equals(depVersion[1])) {
                        return d;
                    } else if (v[0].equals("*")
                            || (v.length >= 2 && v[0].equals(depVersion[0]) && v[1].equals("*"))
-                            || (v.length >= 3 && depVersion.length >= 2 && v[0].equals(depVersion[0]) && v[1].equals(depVersion[1]) && v[2].equals("*"))) {
+                            || (v.length >= 3 && depVersion.length >= 2 && v[0].equals(depVersion[0])
+                            && v[1].equals(depVersion[1]) && v[2].equals("*"))) {
                        return d;
                    }
                }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java
@@ -123,7 +123,7 @@ public class NspSearch {
                    try (InputStream in = new BufferedInputStream(conn.getInputStream());
                            JsonReader jsonReader = Json.createReader(in)) {
                        final JsonArray array = jsonReader.readArray();
-                        
+
                        if (array != null) {
                            for (int i = 0; i < array.size(); i++) {
                                final JsonObject object = array.getJsonObject(i);