From 8856ff04ec3281c3f0ae4adeba5f92c615857ca6 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 11 Mar 2017 12:46:58 -0500 Subject: [PATCH] code cleanup and java 7 exception handling improvements --- .../java/org/owasp/dependencycheck/Engine.java | 1 - .../analyzer/ArchiveAnalyzer.java | 3 --- .../dependencycheck/analyzer/JarAnalyzer.java | 17 +++-------------- .../data/update/EngineVersionCheck.java | 2 +- .../data/update/nvd/NvdCve20Handler.java | 4 +--- .../data/update/nvd/ProcessTask.java | 2 -- .../dependencycheck/xml/hints/HintParser.java | 5 +---- .../dependencycheck/xml/pom/PomParser.java | 5 +---- .../suppression/SuppressionErrorHandler.java | 8 +++++--- .../xml/suppression/SuppressionParser.java | 5 +---- 10 files changed, 13 insertions(+), 39 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index 25d938d63..14c9a4e2a 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -626,7 +626,6 @@ public class Engine implements FileFilter { * Initializes the given analyzer. * * @param analyzer the analyzer to initialize - * @return the initialized analyzer * @throws InitializationException thrown when there is a problem * initializing the analyzer */ diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index b0534be56..6078b6a25 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -571,9 +571,6 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { try { out = new FileOutputStream(outputFile); IOUtils.copy(inputStream, out); - } catch (FileNotFoundException ex) { - LOGGER.debug("", ex); - throw new ArchiveExtractionException(ex); } catch (IOException ex) { LOGGER.debug("", ex); throw new ArchiveExtractionException(ex); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index af3af0032..a060a8684 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -25,15 +25,8 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.io.Reader; import java.io.UnsupportedEncodingException; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.List; -import java.util.Map; +import java.util.*; import java.util.Map.Entry; -import java.util.Properties; -import java.util.Set; -import java.util.StringTokenizer; import java.util.concurrent.atomic.AtomicInteger; import java.util.jar.Attributes; import java.util.jar.JarEntry; @@ -350,8 +343,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @param path the path to the pom.xml within the JarFile * @param jar the JarFile to load the pom.properties from * @return a Properties object or null if no pom.properties was found - * @throws IOException thrown if there is an exception reading the - * pom.properties */ private Properties retrievePomProperties(String path, final JarFile jar) { Properties pomProperties = null; @@ -1127,7 +1118,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * package structure. Up to the first four levels of the package * structure are stored, excluding a leading "org" or "com". * Example:

- * ClassNameInformation obj = new ClassNameInformation("org.owasp.dependencycheck.analyzer.JarAnalyzer"); + * ClassNameInformation obj = new ClassNameInformation("org/owasp/dependencycheck/analyzer/JarAnalyzer"); * System.out.println(obj.getName()); * for (String p : obj.getPackageStructure()) * System.out.println(p); @@ -1155,9 +1146,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { if (tmp.length <= end) { end = tmp.length - 1; } - for (int i = start; i <= end; i++) { - packageStructure.add(tmp[i]); - } + packageStructure.addAll(Arrays.asList(tmp).subList(start, end + 1)); } else { packageStructure.add(name); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java index 436e4b89e..ad25e6ae4 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java @@ -98,7 +98,7 @@ public class EngineVersionCheck implements CachedWebDataSource { final boolean enabled = Settings.getBoolean(Settings.KEYS.UPDATE_VERSION_CHECK_ENABLED, true); final String original = Settings.getString(Settings.KEYS.CVE_ORIGINAL_MODIFIED_20_URL); final String current = Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL); - /** + /* * Only update if auto-update is enabled, the engine check is * enabled, and the NVD CVE URLs have not been modified (i.e. the * user has not configured them to point to an internal source). diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java index 96b64de9d..899985f8b 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java @@ -182,9 +182,7 @@ public class NvdCve20Handler extends DefaultHandler { totalNumberOfApplicationEntries += 1; try { saveEntry(vulnerability); - } catch (DatabaseException ex) { - throw new SAXException(ex); - } catch (CorruptIndexException ex) { + } catch (DatabaseException | CorruptIndexException ex) { throw new SAXException(ex); } catch (IOException ex) { throw new SAXException(ex); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java index 4054b7344..194950224 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java @@ -167,8 +167,6 @@ public class ProcessTask implements Callable { importXML(filePair.getFirst(), filePair.getSecond()); cveDB.commit(); properties.save(filePair.getNvdCveInfo()); - } catch (FileNotFoundException ex) { - throw new UpdateException(ex); } catch (ParserConfigurationException | SAXException | SQLException | DatabaseException | ClassNotFoundException | IOException ex) { throw new UpdateException(ex); } finally { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintParser.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintParser.java index ce881759c..0c523d74a 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintParser.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintParser.java @@ -156,7 +156,7 @@ public class HintParser { hints.setHintRules(handler.getHintRules()); hints.setVendorDuplicatingHintRules(handler.getVendorDuplicatingHintRules()); return hints; - } catch (ParserConfigurationException ex) { + } catch (ParserConfigurationException | FileNotFoundException ex) { LOGGER.debug("", ex); throw new HintParseException(ex); } catch (SAXException ex) { @@ -166,9 +166,6 @@ public class HintParser { LOGGER.debug("", ex); throw new HintParseException(ex); } - } catch (FileNotFoundException ex) { - LOGGER.debug("", ex); - throw new HintParseException(ex); } catch (IOException ex) { LOGGER.debug("", ex); throw new HintParseException(ex); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomParser.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomParser.java index 5218e3d7a..74e15571f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomParser.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomParser.java @@ -98,10 +98,7 @@ public class PomParser { final InputSource in = new InputSource(reader); xmlReader.parse(in); return handler.getModel(); - } catch (ParserConfigurationException | SAXException ex) { - LOGGER.debug("", ex); - throw new PomParseException(ex); - } catch (FileNotFoundException ex) { + } catch (ParserConfigurationException | SAXException | FileNotFoundException ex) { LOGGER.debug("", ex); throw new PomParseException(ex); } catch (IOException ex) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionErrorHandler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionErrorHandler.java index b4801b380..d476f1aaa 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionErrorHandler.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionErrorHandler.java @@ -18,6 +18,8 @@ package org.owasp.dependencycheck.xml.suppression; import org.owasp.dependencycheck.utils.XmlUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.xml.sax.ErrorHandler; import org.xml.sax.SAXException; import org.xml.sax.SAXParseException; @@ -32,7 +34,7 @@ public class SuppressionErrorHandler implements ErrorHandler { /** * The logger. */ - //private static final Logger LOGGER = LoggerFactory.getLogger(SuppressionErrorHandler.class); + private static final Logger LOGGER = LoggerFactory.getLogger(SuppressionErrorHandler.class); /** * Logs warnings. @@ -42,7 +44,7 @@ public class SuppressionErrorHandler implements ErrorHandler { */ @Override public void warning(SAXParseException ex) throws SAXException { - //LOGGER.debug("", ex); + LOGGER.trace("", ex); } /** @@ -60,7 +62,7 @@ public class SuppressionErrorHandler implements ErrorHandler { * Handles fatal exceptions. * * @param ex a fatal exception - * @throws SAXException is always + * @throws SAXException is always thrown */ @Override public void fatalError(SAXParseException ex) throws SAXException { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionParser.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionParser.java index 88a37dbe8..5a155618d 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionParser.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionParser.java @@ -136,7 +136,7 @@ public class SuppressionParser { final InputSource in = new InputSource(reader); xmlReader.parse(in); return handler.getSuppressionRules(); - } catch (ParserConfigurationException ex) { + } catch (ParserConfigurationException | FileNotFoundException ex) { LOGGER.debug("", ex); throw new SuppressionParseException(ex); } catch (SAXException ex) { @@ -146,9 +146,6 @@ public class SuppressionParser { LOGGER.debug("", ex); throw new SuppressionParseException(ex); } - } catch (FileNotFoundException ex) { - LOGGER.debug("", ex); - throw new SuppressionParseException(ex); } catch (IOException ex) { LOGGER.debug("", ex); throw new SuppressionParseException(ex);