github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-05-01 12:44:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

general checkstyl, findbugs, and PMD corrections

Browse Source 
Former-commit-id: ec59d464725a33d8c07c79bf7128036a10fe1890
This commit is contained in:
Jeremy Long
2015-02-18 21:09:38 -05:00
parent 5a0e280899
commit 889f315c0a
17 changed files with 75 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
View File

@@ -209,9 +209,10 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
File pomFile = null;
try {
final File baseDir = Settings.getTempDirectory();
pomFile = File.createTempFile("pom", "xml", baseDir);
pomFile = File.createTempFile("pom", ".xml", baseDir);
if (!pomFile.delete()) {
final String msg = String.format("Unable to fetch pom.xml for %s from Central; this could result in undetected CPE/CVEs.", dependency.getFileName());
final String msg = String.format("Unable to fetch pom.xml for %s from Central; "
+ "this could result in undetected CPE/CVEs.", dependency.getFileName());
LOGGER.warning(msg);
LOGGER.fine("Unable to delete temp file");
}
@@ -220,12 +221,13 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
analyzePOM(dependency, pomFile);
} catch (DownloadFailedException ex) {
final String msg = String.format("Unable to download pom.xml for %s from Central; this could result in undetected CPE/CVEs.", dependency.getFileName());
final String msg = String.format("Unable to download pom.xml for %s from Central; "
+ "this could result in undetected CPE/CVEs.", dependency.getFileName());
LOGGER.warning(msg);
} finally {
// if (pomFile != null && !FileUtils.deleteQuietly(pomFile)) {
// pomFile.deleteOnExit();
// }
if (pomFile != null && !FileUtils.deleteQuietly(pomFile)) {
pomFile.deleteOnExit();
}
}
}
@@ -248,7 +250,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
* @throws AnalysisException is thrown if there is an exception parsing the pom
*/
protected void analyzePOM(Dependency dependency, File pomFile) throws AnalysisException {
Model pom = pomUtil.readPom(pomFile);
final Model pom = pomUtil.readPom(pomFile);
String groupid = pom.getGroupId();
String parentGroupId = null;

16
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -46,13 +46,6 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.zip.ZipEntry;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.sax.SAXSource;
import org.jsoup.Jsoup;
import org.owasp.dependencycheck.Engine;
@@ -60,7 +53,6 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
import org.owasp.dependencycheck.jaxb.pom.MavenNamespaceFilter;
import org.owasp.dependencycheck.jaxb.pom.PomUtils;
import org.owasp.dependencycheck.jaxb.pom.generated.License;
import org.owasp.dependencycheck.jaxb.pom.generated.Model;
@@ -69,9 +61,6 @@ import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.NonClosingStream;
import org.owasp.dependencycheck.utils.Settings;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLFilter;
import org.xml.sax.XMLReader;
/**
* Used to load a JAR file and collect information that can be used to determine the associated CPE.
@@ -160,6 +149,9 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
*/
private static final Pattern HTML_DETECTION_PATTERN = Pattern.compile("\\<[a-z]+.*/?\\>", Pattern.CASE_INSENSITIVE);
/**
* The POM Utility for parsing POM files.
*/
private PomUtils pomUtils = null;
//</editor-fold>
@@ -1009,7 +1001,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @return the interpolated text.
*/
public static String interpolateString(String text, Properties properties) {
Properties props = properties;
final Properties props = properties;
if (text == null) {
return text;
}

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/MavenArtifact.java
View File

@@ -27,7 +27,7 @@ public class MavenArtifact {
/**
* The base URL for download artifacts from Central.
*/
private final String CENTRAL_CONTENT_URL = "http://search.maven.org/remotecontent?filepath=";
private static final String CENTRAL_CONTENT_URL = "http://search.maven.org/remotecontent?filepath=";
/**
* The groupId
@@ -87,11 +87,13 @@ public class MavenArtifact {
this.version = version;
if (jarAvailable) {
//org/springframework/spring-core/3.2.0.RELEASE/spring-core-3.2.0.RELEASE.pom
this.artifactUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/" + version + "/" + artifactId + "-" + version + ".jar";
this.artifactUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/"
+ version + "/" + artifactId + "-" + version + ".jar";
}
if (pomAvailable) {
//org/springframework/spring-core/3.2.0.RELEASE/spring-core-3.2.0.RELEASE.pom
this.pomUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/" + version + "/" + artifactId + "-" + version + ".pom";
this.pomUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/"
+ version + "/" + artifactId + "-" + version + ".pom";
}
}

10
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -27,7 +27,6 @@ import java.sql.Statement;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map.Entry;
import java.util.Properties;
@@ -788,12 +787,13 @@ public class CveDB {
* @param identifiedVersion the identified version of the dependency being analyzed
* @return true if the identified version is affected, otherwise false
*/
protected Entry<String, Boolean> getMatchingSoftware(HashMap<String, Boolean> vulnerableSoftware, String vendor, String product, DependencyVersion identifiedVersion) {
protected Entry<String, Boolean> getMatchingSoftware(HashMap<String, Boolean> vulnerableSoftware, String vendor, String product,
DependencyVersion identifiedVersion) {
final boolean isVersionTwoADifferentProduct = "apache".equals(vendor) && "struts".equals(product);
HashSet<String> majorVersionsAffectingAllPrevious = new HashSet<String>();
boolean matchesAnyPrevious = identifiedVersion == null || "-".equals(identifiedVersion.toString());
final HashSet<String> majorVersionsAffectingAllPrevious = new HashSet<String>();
final boolean matchesAnyPrevious = identifiedVersion == null || "-".equals(identifiedVersion.toString());
String majorVersionMatch = null;
for (Entry<String, Boolean> entry : vulnerableSoftware.entrySet()) {
final DependencyVersion v = parseDependencyVersion(entry.getKey());
@@ -814,7 +814,7 @@ public class CveDB {
return null;
}
boolean canSkipVersions = majorVersionMatch != null && majorVersionsAffectingAllPrevious.size() > 1;
final boolean canSkipVersions = majorVersionMatch != null && majorVersionsAffectingAllPrevious.size() > 1;
//yes, we are iterating over this twice. The first time we are skipping versions those that affect all versions
//then later we process those that affect all versions. This could be done with sorting...
for (Entry<String, Boolean> entry : vulnerableSoftware.entrySet()) {

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View File

@@ -605,7 +605,7 @@ public class Dependency implements Serializable, Comparable<Dependency> {
private Set<String> projectReferences = new HashSet<String>();
/**
* Get the value of projectReferences
* Get the value of projectReferences.
*
* @return the value of projectReferences
*/
@@ -614,7 +614,7 @@ public class Dependency implements Serializable, Comparable<Dependency> {
}
/**
* Set the value of projectReferences
* Set the value of projectReferences.
*
* @param projectReferences new value of projectReferences
*/
@@ -671,7 +671,7 @@ public class Dependency implements Serializable, Comparable<Dependency> {
private List<String> availableVersions = new ArrayList<String>();
/**
* Get the value of availableVersions
* Get the value of availableVersions.
*
* @return the value of availableVersions
*/
@@ -680,7 +680,7 @@ public class Dependency implements Serializable, Comparable<Dependency> {
}
/**
* Set the value of availableVersions
* Set the value of availableVersions.
*
* @param availableVersions new value of availableVersions
*/

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/PomUtils.java
View File

@@ -54,6 +54,9 @@ public class PomUtils {
*/
private Unmarshaller pomUnmarshaller;
/**
* Constructs a new POM Utility.
*/
public PomUtils() {
try {
//final JAXBContext jaxbContext = JAXBContext.newInstance("org.owasp.dependencycheck.jaxb.pom.generated");