diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
index f03c6c443..50582e3c0 100644
--- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
+++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
@@ -98,8 +98,8 @@ public class DependencyCheckTask extends Task {
}
/**
- * Returns the path. If the path has not been initialized yet, this class is synchronized, and will instantiate the
- * path object.
+ * Returns the path. If the path has not been initialized yet, this class is synchronized, and will instantiate the path
+ * object.
*
* @return the path
*/
@@ -215,9 +215,9 @@ public class DependencyCheckTask extends Task {
this.reportOutputDirectory = reportOutputDirectory;
}
/**
- * Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11
- * which means since the CVSS scores are 0-10, by default the build will never fail and the CVSS score is set to 11.
- * The valid range for the fail build on CVSS is 0 to 11, where anything above 10 will not cause the build to fail.
+ * Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which
+ * means since the CVSS scores are 0-10, by default the build will never fail and the CVSS score is set to 11. The valid range
+ * for the fail build on CVSS is 0 to 11, where anything above 10 will not cause the build to fail.
*/
private float failBuildOnCVSS = 11;
@@ -239,8 +239,8 @@ public class DependencyCheckTask extends Task {
this.failBuildOnCVSS = failBuildOnCVSS;
}
/**
- * Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to
- * false. Default is true.
+ * Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. Default
+ * is true.
*/
private boolean autoUpdate = true;
@@ -262,8 +262,8 @@ public class DependencyCheckTask extends Task {
this.autoUpdate = autoUpdate;
}
/**
- * The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this
- * within the Site plugin unless the externalReport is set to true. Default is HTML.
+ * The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the
+ * Site plugin unless the externalReport is set to true. Default is HTML.
*/
private String reportFormat = "HTML";
@@ -322,8 +322,7 @@ public class DependencyCheckTask extends Task {
* Set the value of proxyServer.
*
* @param proxyUrl new value of proxyServer
- * @deprecated use {@link org.owasp.dependencycheck.taskdefs.DependencyCheckTask#setProxyServer(java.lang.String)}
- * instead
+ * @deprecated use {@link org.owasp.dependencycheck.taskdefs.DependencyCheckTask#setProxyServer(java.lang.String)} instead
*/
@Deprecated
public void setProxyUrl(String proxyUrl) {
@@ -565,7 +564,7 @@ public class DependencyCheckTask extends Task {
private boolean centralAnalyzerEnabled = false;
/**
- * Get the value of centralAnalyzerEnabled
+ * Get the value of centralAnalyzerEnabled.
*
* @return the value of centralAnalyzerEnabled
*/
@@ -574,7 +573,7 @@ public class DependencyCheckTask extends Task {
}
/**
- * Set the value of centralAnalyzerEnabled
+ * Set the value of centralAnalyzerEnabled.
*
* @param centralAnalyzerEnabled new value of centralAnalyzerEnabled
*/
@@ -764,8 +763,8 @@ public class DependencyCheckTask extends Task {
}
/**
- * Additional ZIP File extensions to add analyze. This should be a comma-separated list of file extensions to treat
- * like ZIP files.
+ * Additional ZIP File extensions to add analyze. This should be a comma-separated list of file extensions to treat like ZIP
+ * files.
*/
private String zipExtensions;
@@ -980,8 +979,8 @@ public class DependencyCheckTask extends Task {
}
/**
- * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system
- * properties required to change the proxy server, port, and connection timeout.
+ * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system properties
+ * required to change the proxy server, port, and connection timeout.
*/
private void populateSettings() {
Settings.initialize();
diff --git a/dependency-check-ant/src/site/markdown/configuration.md b/dependency-check-ant/src/site/markdown/configuration.md
index b283590ce..d67507378 100644
--- a/dependency-check-ant/src/site/markdown/configuration.md
+++ b/dependency-check-ant/src/site/markdown/configuration.md
@@ -51,7 +51,7 @@ Property | Description
archiveAnalyzerEnabled | Sets whether the Archive Analyzer will be used. | true
zipExtensions | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |
jarAnalyzer | Sets whether the Jar Analyzer will be used. | true
-centralAnalyzerEnabled | Sets whether the Central Analyzer will be used. If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer (see below). | true
+centralAnalyzerEnabled | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer (see below). | true
nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true
nexusUrl | Defines the Nexus Pro URL. If not set the Nexus Analyzer will be disabled. |
nexusUsesProxy | Whether or not the defined proxy should be used when connecting to Nexus. | true
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index f2b35a4dc..30a2e4782 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -197,7 +197,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
maven-javadoc-plugin
2.9.1
- Copyright© 2012-14 Jeremy Long. All Rights Reserved.
+ Copyright© 2012-15 Jeremy Long. All Rights Reserved.
diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
index c2cb5e938..184a520df 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
@@ -84,8 +84,8 @@ public final class CliParser {
/**
* Validates that the command line arguments are valid.
*
- * @throws FileNotFoundException if there is a file specified by either the SCAN or CPE command line arguments that
- * does not exist.
+ * @throws FileNotFoundException if there is a file specified by either the SCAN or CPE command line arguments that does not
+ * exist.
* @throws ParseException is thrown if there is an exception parsing the command line.
*/
private void validateArgs() throws FileNotFoundException, ParseException {
@@ -112,8 +112,8 @@ public final class CliParser {
}
/**
- * Validates whether or not the path(s) points at a file that exists; if the path(s) does not point to an existing
- * file a FileNotFoundException is thrown.
+ * Validates whether or not the path(s) points at a file that exists; if the path(s) does not point to an existing file a
+ * FileNotFoundException is thrown.
*
* @param paths the paths to validate if they exists
* @param optType the option being validated (e.g. scan, out, etc.)
@@ -257,8 +257,8 @@ public final class CliParser {
}
/**
- * Adds the advanced command line options to the given options collection. These are split out for purposes of being
- * able to display two different help messages.
+ * Adds the advanced command line options to the given options collection. These are split out for purposes of being able to
+ * display two different help messages.
*
* @param options a collection of command line arguments
* @throws IllegalArgumentException thrown if there is an exception
@@ -324,7 +324,8 @@ public final class CliParser {
.create();
final Option disableCentralAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_CENTRAL)
- .withDescription("Disable the Central Analyzer. If this analyzer is disabled it is likely you also want to disable the Nexus Analyzer.")
+ .withDescription("Disable the Central Analyzer. If this analyzer is disabled it is likely you also want to disable "
+ + "the Nexus Analyzer.")
.create();
final Option disableNexusAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_NEXUS)
@@ -373,8 +374,8 @@ public final class CliParser {
}
/**
- * Adds the deprecated command line options to the given options collection. These are split out for purposes of not
- * including them in the help message. We need to add the deprecated options so as not to break existing scripts.
+ * Adds the deprecated command line options to the given options collection. These are split out for purposes of not including
+ * them in the help message. We need to add the deprecated options so as not to break existing scripts.
*
* @param options a collection of command line arguments
* @throws IllegalArgumentException thrown if there is an exception
@@ -484,8 +485,7 @@ public final class CliParser {
}
/**
- * Returns true if the Nexus Analyzer should use the configured proxy to connect to Nexus; otherwise false is
- * returned.
+ * Returns true if the Nexus Analyzer should use the configured proxy to connect to Nexus; otherwise false is returned.
*
* @return true if the Nexus Analyzer should use the configured proxy to connect to Nexus; otherwise false
*/
@@ -687,8 +687,7 @@ public final class CliParser {
}
/**
- * Checks if the auto update feature has been disabled. If it has been disabled via the command line this will
- * return false.
+ * Checks if the auto update feature has been disabled. If it has been disabled via the command line this will return false.
*
* @return if auto-update is allowed.
*/
diff --git a/dependency-check-cli/src/site/markdown/arguments.md b/dependency-check-cli/src/site/markdown/arguments.md
index e0db24506..a22f54786 100644
--- a/dependency-check-cli/src/site/markdown/arguments.md
+++ b/dependency-check-cli/src/site/markdown/arguments.md
@@ -25,7 +25,7 @@ Short | Argument Name | Paramete
| \-\-disableArchive | | Sets whether the Archive Analyzer will be used. | false
| \-\-zipExtensions | \ | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |
| \-\-disableJar | | Sets whether the Jar Analyzer will be used. | false
- | \-\-disableCentral | | Sets whether the Central Analyzer will be used. If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer. | false
+ | \-\-disableCentral | | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer. | false
| \-\-disableNexus | | Sets whether the Nexus Analyzer will be used. Note, this has been superceded by the Central Analyzer. However, you can configure the Nexus URL to utilize an internally hosted Nexus Pro server. | false
| \-\-nexus | \ | The url to the Nexus Pro Server. If not set the Nexus Analyzer will be disabled. |
| \-\-nexusUsesProxy | \ | Whether or not the defined proxy should be used when connecting to Nexus. | true
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index 196e80327..df16e546b 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -224,7 +224,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
maven-javadoc-plugin
2.9.1
- Copyright© 2012-14 Jeremy Long. All Rights Reserved.
+ Copyright© 2012-15 Jeremy Long. All Rights Reserved.
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
index c311c731a..cbe976018 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
@@ -209,9 +209,10 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
File pomFile = null;
try {
final File baseDir = Settings.getTempDirectory();
- pomFile = File.createTempFile("pom", "xml", baseDir);
+ pomFile = File.createTempFile("pom", ".xml", baseDir);
if (!pomFile.delete()) {
- final String msg = String.format("Unable to fetch pom.xml for %s from Central; this could result in undetected CPE/CVEs.", dependency.getFileName());
+ final String msg = String.format("Unable to fetch pom.xml for %s from Central; "
+ + "this could result in undetected CPE/CVEs.", dependency.getFileName());
LOGGER.warning(msg);
LOGGER.fine("Unable to delete temp file");
}
@@ -220,12 +221,13 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
analyzePOM(dependency, pomFile);
} catch (DownloadFailedException ex) {
- final String msg = String.format("Unable to download pom.xml for %s from Central; this could result in undetected CPE/CVEs.", dependency.getFileName());
+ final String msg = String.format("Unable to download pom.xml for %s from Central; "
+ + "this could result in undetected CPE/CVEs.", dependency.getFileName());
LOGGER.warning(msg);
} finally {
-// if (pomFile != null && !FileUtils.deleteQuietly(pomFile)) {
-// pomFile.deleteOnExit();
-// }
+ if (pomFile != null && !FileUtils.deleteQuietly(pomFile)) {
+ pomFile.deleteOnExit();
+ }
}
}
@@ -248,7 +250,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
* @throws AnalysisException is thrown if there is an exception parsing the pom
*/
protected void analyzePOM(Dependency dependency, File pomFile) throws AnalysisException {
- Model pom = pomUtil.readPom(pomFile);
+ final Model pom = pomUtil.readPom(pomFile);
String groupid = pom.getGroupId();
String parentGroupId = null;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
index ac8c38c91..98831ae85 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -46,13 +46,6 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.zip.ZipEntry;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.sax.SAXSource;
import org.jsoup.Jsoup;
import org.owasp.dependencycheck.Engine;
@@ -60,7 +53,6 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
-import org.owasp.dependencycheck.jaxb.pom.MavenNamespaceFilter;
import org.owasp.dependencycheck.jaxb.pom.PomUtils;
import org.owasp.dependencycheck.jaxb.pom.generated.License;
import org.owasp.dependencycheck.jaxb.pom.generated.Model;
@@ -69,9 +61,6 @@ import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.NonClosingStream;
import org.owasp.dependencycheck.utils.Settings;
import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-import org.xml.sax.XMLFilter;
-import org.xml.sax.XMLReader;
/**
* Used to load a JAR file and collect information that can be used to determine the associated CPE.
@@ -160,6 +149,9 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
*/
private static final Pattern HTML_DETECTION_PATTERN = Pattern.compile("\\<[a-z]+.*/?\\>", Pattern.CASE_INSENSITIVE);
+ /**
+ * The POM Utility for parsing POM files.
+ */
private PomUtils pomUtils = null;
//
@@ -1009,7 +1001,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @return the interpolated text.
*/
public static String interpolateString(String text, Properties properties) {
- Properties props = properties;
+ final Properties props = properties;
if (text == null) {
return text;
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/MavenArtifact.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/MavenArtifact.java
index 81dc9176c..ad020c1f3 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/MavenArtifact.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/MavenArtifact.java
@@ -27,7 +27,7 @@ public class MavenArtifact {
/**
* The base URL for download artifacts from Central.
*/
- private final String CENTRAL_CONTENT_URL = "http://search.maven.org/remotecontent?filepath=";
+ private static final String CENTRAL_CONTENT_URL = "http://search.maven.org/remotecontent?filepath=";
/**
* The groupId
@@ -87,11 +87,13 @@ public class MavenArtifact {
this.version = version;
if (jarAvailable) {
//org/springframework/spring-core/3.2.0.RELEASE/spring-core-3.2.0.RELEASE.pom
- this.artifactUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/" + version + "/" + artifactId + "-" + version + ".jar";
+ this.artifactUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/"
+ + version + "/" + artifactId + "-" + version + ".jar";
}
if (pomAvailable) {
//org/springframework/spring-core/3.2.0.RELEASE/spring-core-3.2.0.RELEASE.pom
- this.pomUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/" + version + "/" + artifactId + "-" + version + ".pom";
+ this.pomUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/"
+ + version + "/" + artifactId + "-" + version + ".pom";
}
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
index 6ab4bd1de..20473b646 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -27,7 +27,6 @@ import java.sql.Statement;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
-import java.util.Iterator;
import java.util.List;
import java.util.Map.Entry;
import java.util.Properties;
@@ -788,12 +787,13 @@ public class CveDB {
* @param identifiedVersion the identified version of the dependency being analyzed
* @return true if the identified version is affected, otherwise false
*/
- protected Entry getMatchingSoftware(HashMap vulnerableSoftware, String vendor, String product, DependencyVersion identifiedVersion) {
+ protected Entry getMatchingSoftware(HashMap vulnerableSoftware, String vendor, String product,
+ DependencyVersion identifiedVersion) {
final boolean isVersionTwoADifferentProduct = "apache".equals(vendor) && "struts".equals(product);
- HashSet majorVersionsAffectingAllPrevious = new HashSet();
- boolean matchesAnyPrevious = identifiedVersion == null || "-".equals(identifiedVersion.toString());
+ final HashSet majorVersionsAffectingAllPrevious = new HashSet();
+ final boolean matchesAnyPrevious = identifiedVersion == null || "-".equals(identifiedVersion.toString());
String majorVersionMatch = null;
for (Entry entry : vulnerableSoftware.entrySet()) {
final DependencyVersion v = parseDependencyVersion(entry.getKey());
@@ -814,7 +814,7 @@ public class CveDB {
return null;
}
- boolean canSkipVersions = majorVersionMatch != null && majorVersionsAffectingAllPrevious.size() > 1;
+ final boolean canSkipVersions = majorVersionMatch != null && majorVersionsAffectingAllPrevious.size() > 1;
//yes, we are iterating over this twice. The first time we are skipping versions those that affect all versions
//then later we process those that affect all versions. This could be done with sorting...
for (Entry entry : vulnerableSoftware.entrySet()) {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
index ccea3c04e..bad622829 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
@@ -605,7 +605,7 @@ public class Dependency implements Serializable, Comparable {
private Set projectReferences = new HashSet();
/**
- * Get the value of projectReferences
+ * Get the value of projectReferences.
*
* @return the value of projectReferences
*/
@@ -614,7 +614,7 @@ public class Dependency implements Serializable, Comparable {
}
/**
- * Set the value of projectReferences
+ * Set the value of projectReferences.
*
* @param projectReferences new value of projectReferences
*/
@@ -671,7 +671,7 @@ public class Dependency implements Serializable, Comparable {
private List availableVersions = new ArrayList();
/**
- * Get the value of availableVersions
+ * Get the value of availableVersions.
*
* @return the value of availableVersions
*/
@@ -680,7 +680,7 @@ public class Dependency implements Serializable, Comparable {
}
/**
- * Set the value of availableVersions
+ * Set the value of availableVersions.
*
* @param availableVersions new value of availableVersions
*/
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/PomUtils.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/PomUtils.java
index 65bb13b16..ac8d4d6e9 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/PomUtils.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/PomUtils.java
@@ -54,6 +54,9 @@ public class PomUtils {
*/
private Unmarshaller pomUnmarshaller;
+ /**
+ * Constructs a new POM Utility.
+ */
public PomUtils() {
try {
//final JAXBContext jaxbContext = JAXBContext.newInstance("org.owasp.dependencycheck.jaxb.pom.generated");
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index a5b6ad8cf..2fead7d15 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -140,7 +140,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
maven-javadoc-plugin
2.9.1
- Copyright© 2012-14 Jeremy Long. All Rights Reserved.
+ Copyright© 2012-15 Jeremy Long. All Rights Reserved.
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 33ad6aacb..2f19e4f4e 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -106,7 +106,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
maven-javadoc-plugin
2.9.1
- Copyright© 2012-14 Jeremy Long. All Rights Reserved.
+ Copyright© 2012-15 Jeremy Long. All Rights Reserved.
diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
index 3e029f01c..3f27dfea3 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
@@ -235,13 +235,20 @@ public final class Downloader {
return timestamp;
}
+ /**
+ * Analyzes the IOException, logs the appropriate information for debugging purposes, and then throws a
+ * DownloadFailedException that wraps the IO Exception.
+ *
+ * @param ex the original exception
+ * @throws DownloadFailedException a wrapper exception that contains the original exception as the cause
+ */
protected static void analyzeException(IOException ex) throws DownloadFailedException {
Throwable cause = ex;
do {
if (cause instanceof InvalidAlgorithmParameterException) {
- String keystore = System.getProperty("javax.net.ssl.keyStore");
- String version = System.getProperty("java.version");
- String vendor = System.getProperty("java.vendor");
+ final String keystore = System.getProperty("javax.net.ssl.keyStore");
+ final String version = System.getProperty("java.version");
+ final String vendor = System.getProperty("java.vendor");
LOGGER.info("Error making HTTPS request - InvalidAlgorithmParameterException");
LOGGER.info("There appears to be an issue with the installation of Java and the cacerts."
+ "See closed issue #177 here: https://github.com/jeremylong/DependencyCheck/issues/177");
diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
index 36f350bef..b0b40ece8 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
@@ -25,7 +25,6 @@ import java.net.PasswordAuthentication;
import java.net.Proxy;
import java.net.SocketAddress;
import java.net.URL;
-import java.net.URLConnection;
/**
* A URLConnection Factory to create new connections. This encapsulates several configuration checks to ensure that the connection
diff --git a/src/main/config/checkstyle-header.txt b/src/main/config/checkstyle-header.txt
index 042e0d16c..f188850eb 100644
--- a/src/main/config/checkstyle-header.txt
+++ b/src/main/config/checkstyle-header.txt
@@ -13,6 +13,6 @@
^ \* See the License for the specific language governing permissions and\s*$
^ \* limitations under the License\.\s*$
^ \*\s*$
-^ \* Copyright \(c\) 201[234] (Jeremy Long|Steve Springett)\. All Rights Reserved\.\s*$
+^ \* Copyright \(c\) 201[0-9] (Jeremy Long|Steve Springett)\. All Rights Reserved\.\s*$
^ \*/\s*$
^package