general checkstyl, findbugs, and PMD corrections

Former-commit-id: ec59d464725a33d8c07c79bf7128036a10fe1890

dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java

@@ -98,8 +98,8 @@ public class DependencyCheckTask extends Task {
     }
 
     /**
-     * Returns the path. If the path has not been initialized yet, this class is synchronized, and will instantiate the
+     * Returns the path. If the path has not been initialized yet, this class is synchronized, and will instantiate the path
-     * path object.
+     * object.
      *
      * @return the path
      */
@@ -215,9 +215,9 @@ public class DependencyCheckTask extends Task {
         this.reportOutputDirectory = reportOutputDirectory;
     }
     /**
-     * Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11
+     * Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which
-     * which means since the CVSS scores are 0-10, by default the build will never fail and the CVSS score is set to 11.
+     * means since the CVSS scores are 0-10, by default the build will never fail and the CVSS score is set to 11. The valid range
-     * The valid range for the fail build on CVSS is 0 to 11, where anything above 10 will not cause the build to fail.
+     * for the fail build on CVSS is 0 to 11, where anything above 10 will not cause the build to fail.
      */
     private float failBuildOnCVSS = 11;
 
@@ -239,8 +239,8 @@ public class DependencyCheckTask extends Task {
         this.failBuildOnCVSS = failBuildOnCVSS;
     }
     /**
-     * Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to
+     * Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. Default
-     * false. Default is true.
+     * is true.
      */
     private boolean autoUpdate = true;
 
@@ -262,8 +262,8 @@ public class DependencyCheckTask extends Task {
         this.autoUpdate = autoUpdate;
     }
     /**
-     * The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this
+     * The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the
-     * within the Site plugin unless the externalReport is set to true. Default is HTML.
+     * Site plugin unless the externalReport is set to true. Default is HTML.
      */
     private String reportFormat = "HTML";
 
@@ -322,8 +322,7 @@ public class DependencyCheckTask extends Task {
      * Set the value of proxyServer.
      *
      * @param proxyUrl new value of proxyServer
-     * @deprecated use {@link org.owasp.dependencycheck.taskdefs.DependencyCheckTask#setProxyServer(java.lang.String)}
+     * @deprecated use {@link org.owasp.dependencycheck.taskdefs.DependencyCheckTask#setProxyServer(java.lang.String)} instead
-     * instead
      */
     @Deprecated
     public void setProxyUrl(String proxyUrl) {
@@ -565,7 +564,7 @@ public class DependencyCheckTask extends Task {
     private boolean centralAnalyzerEnabled = false;
 
     /**
-     * Get the value of centralAnalyzerEnabled
+     * Get the value of centralAnalyzerEnabled.
      *
      * @return the value of centralAnalyzerEnabled
      */
@@ -574,7 +573,7 @@ public class DependencyCheckTask extends Task {
     }
 
     /**
-     * Set the value of centralAnalyzerEnabled
+     * Set the value of centralAnalyzerEnabled.
      *
      * @param centralAnalyzerEnabled new value of centralAnalyzerEnabled
      */
@@ -764,8 +763,8 @@ public class DependencyCheckTask extends Task {
     }
 
     /**
-     * Additional ZIP File extensions to add analyze. This should be a comma-separated list of file extensions to treat
+     * Additional ZIP File extensions to add analyze. This should be a comma-separated list of file extensions to treat like ZIP
-     * like ZIP files.
+     * files.
      */
     private String zipExtensions;
 
@@ -980,8 +979,8 @@ public class DependencyCheckTask extends Task {
     }
 
     /**
-     * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system
+     * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system properties
-     * properties required to change the proxy server, port, and connection timeout.
+     * required to change the proxy server, port, and connection timeout.
      */
     private void populateSettings() {
         Settings.initialize();

dependency-check-ant/src/site/markdown/configuration.md

@@ -51,7 +51,7 @@ Property                | Description
 archiveAnalyzerEnabled  | Sets whether the Archive Analyzer will be used.                           | true
 zipExtensions           | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |  
 jarAnalyzer             | Sets whether the Jar Analyzer will be used.                                   | true
-centralAnalyzerEnabled  | Sets whether the Central Analyzer will be used. If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer (see below).                                  | true
+centralAnalyzerEnabled  | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer (see below).                                  | true
 nexusAnalyzerEnabled    | Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true
 nexusUrl                | Defines the Nexus Pro URL. If not set the Nexus Analyzer will be disabled. |  
 nexusUsesProxy          | Whether or not the defined proxy should be used when connecting to Nexus. | true

dependency-check-cli/pom.xml

@@ -197,7 +197,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                 <artifactId>maven-javadoc-plugin</artifactId>
                 <version>2.9.1</version>
                 <configuration>
-                    <bottom>Copyright© 2012-14 Jeremy Long. All Rights Reserved.</bottom>
+                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
                 </configuration>
                 <reportSets>
                     <reportSet>

dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java

@@ -84,8 +84,8 @@ public final class CliParser {
     /**
      * Validates that the command line arguments are valid.
      *
-     * @throws FileNotFoundException if there is a file specified by either the SCAN or CPE command line arguments that
+     * @throws FileNotFoundException if there is a file specified by either the SCAN or CPE command line arguments that does not
-     * does not exist.
+     * exist.
      * @throws ParseException is thrown if there is an exception parsing the command line.
      */
     private void validateArgs() throws FileNotFoundException, ParseException {
@@ -112,8 +112,8 @@ public final class CliParser {
     }
 
     /**
-     * Validates whether or not the path(s) points at a file that exists; if the path(s) does not point to an existing
+     * Validates whether or not the path(s) points at a file that exists; if the path(s) does not point to an existing file a
-     * file a FileNotFoundException is thrown.
+     * FileNotFoundException is thrown.
      *
      * @param paths the paths to validate if they exists
      * @param optType the option being validated (e.g. scan, out, etc.)
@@ -257,8 +257,8 @@ public final class CliParser {
     }
 
     /**
-     * Adds the advanced command line options to the given options collection. These are split out for purposes of being
+     * Adds the advanced command line options to the given options collection. These are split out for purposes of being able to
-     * able to display two different help messages.
+     * display two different help messages.
      *
      * @param options a collection of command line arguments
      * @throws IllegalArgumentException thrown if there is an exception
@@ -324,7 +324,8 @@ public final class CliParser {
                 .create();
 
         final Option disableCentralAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_CENTRAL)
-                .withDescription("Disable the Central Analyzer. If this analyzer is disabled it is likely you also want to disable the Nexus Analyzer.")
+                .withDescription("Disable the Central Analyzer. If this analyzer is disabled it is likely you also want to disable "
+                        + "the Nexus Analyzer.")
                 .create();
 
         final Option disableNexusAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_NEXUS)
@@ -373,8 +374,8 @@ public final class CliParser {
     }
 
     /**
-     * Adds the deprecated command line options to the given options collection. These are split out for purposes of not
+     * Adds the deprecated command line options to the given options collection. These are split out for purposes of not including
-     * including them in the help message. We need to add the deprecated options so as not to break existing scripts.
+     * them in the help message. We need to add the deprecated options so as not to break existing scripts.
      *
      * @param options a collection of command line arguments
      * @throws IllegalArgumentException thrown if there is an exception
@@ -484,8 +485,7 @@ public final class CliParser {
     }
 
     /**
-     * Returns true if the Nexus Analyzer should use the configured proxy to connect to Nexus; otherwise false is
+     * Returns true if the Nexus Analyzer should use the configured proxy to connect to Nexus; otherwise false is returned.
-     * returned.
      *
      * @return true if the Nexus Analyzer should use the configured proxy to connect to Nexus; otherwise false
      */
@@ -687,8 +687,7 @@ public final class CliParser {
     }
 
     /**
-     * Checks if the auto update feature has been disabled. If it has been disabled via the command line this will
+     * Checks if the auto update feature has been disabled. If it has been disabled via the command line this will return false.
-     * return false.
      *
      * @return if auto-update is allowed.
      */

dependency-check-cli/src/site/markdown/arguments.md

@@ -25,7 +25,7 @@ Short  | Argument Name        | Paramete
        | \-\-disableArchive    |                 | Sets whether the Archive Analyzer will be used.                             | false
        | \-\-zipExtensions     | \<strings\>     | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | &nbsp;
        | \-\-disableJar        |                 | Sets whether the Jar Analyzer will be used.                                     | false
-       | \-\-disableCentral    |                 | Sets whether the Central Analyzer will be used. If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer. | false
+       | \-\-disableCentral    |                 | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer. | false
        | \-\-disableNexus      |                 | Sets whether the Nexus Analyzer will be used. Note, this has been superceded by the Central Analyzer. However, you can configure the Nexus URL to utilize an internally hosted Nexus Pro server. | false
        | \-\-nexus             | \<url\>         | The url to the Nexus Pro Server. If not set the Nexus Analyzer will be disabled. | &nbsp;
        | \-\-nexusUsesProxy    | \<true\|false\> | Whether or not the defined proxy should be used when connecting to Nexus.   | true

dependency-check-core/pom.xml

@@ -224,7 +224,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                 <artifactId>maven-javadoc-plugin</artifactId>
                 <version>2.9.1</version>
                 <configuration>
-                    <bottom>Copyright© 2012-14 Jeremy Long. All Rights Reserved.</bottom>
+                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
                 </configuration>
                 <reportSets>
                     <reportSet>

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java

@@ -209,9 +209,10 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
                     File pomFile = null;
                     try {
                         final File baseDir = Settings.getTempDirectory();
-                        pomFile = File.createTempFile("pom", "xml", baseDir);
+                        pomFile = File.createTempFile("pom", ".xml", baseDir);
                         if (!pomFile.delete()) {
-                            final String msg = String.format("Unable to fetch pom.xml for %s from Central; this could result in undetected CPE/CVEs.", dependency.getFileName());
+                            final String msg = String.format("Unable to fetch pom.xml for %s from Central; "
+                                    + "this could result in undetected CPE/CVEs.", dependency.getFileName());
                             LOGGER.warning(msg);
                             LOGGER.fine("Unable to delete temp file");
                         }
@@ -220,12 +221,13 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
                         analyzePOM(dependency, pomFile);
 
                     } catch (DownloadFailedException ex) {
-                        final String msg = String.format("Unable to download pom.xml for %s from Central; this could result in undetected CPE/CVEs.", dependency.getFileName());
+                        final String msg = String.format("Unable to download pom.xml for %s from Central; "
+                                + "this could result in undetected CPE/CVEs.", dependency.getFileName());
                         LOGGER.warning(msg);
                     } finally {
-//                        if (pomFile != null && !FileUtils.deleteQuietly(pomFile)) {
+                        if (pomFile != null && !FileUtils.deleteQuietly(pomFile)) {
-//                            pomFile.deleteOnExit();
+                            pomFile.deleteOnExit();
-//                        }
+                        }
                     }
                 }
 
@@ -248,7 +250,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
      * @throws AnalysisException is thrown if there is an exception parsing the pom
      */
     protected void analyzePOM(Dependency dependency, File pomFile) throws AnalysisException {
-        Model pom = pomUtil.readPom(pomFile);
+        final Model pom = pomUtil.readPom(pomFile);
 
         String groupid = pom.getGroupId();
         String parentGroupId = null;

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java

@@ -46,13 +46,6 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.regex.Pattern;
 import java.util.zip.ZipEntry;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
 import javax.xml.transform.sax.SAXSource;
 import org.jsoup.Jsoup;
 import org.owasp.dependencycheck.Engine;
@@ -60,7 +53,6 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.EvidenceCollection;
-import org.owasp.dependencycheck.jaxb.pom.MavenNamespaceFilter;
 import org.owasp.dependencycheck.jaxb.pom.PomUtils;
 import org.owasp.dependencycheck.jaxb.pom.generated.License;
 import org.owasp.dependencycheck.jaxb.pom.generated.Model;
@@ -69,9 +61,6 @@ import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.NonClosingStream;
 import org.owasp.dependencycheck.utils.Settings;
 import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-import org.xml.sax.XMLFilter;
-import org.xml.sax.XMLReader;
 
 /**
  * Used to load a JAR file and collect information that can be used to determine the associated CPE.
@@ -160,6 +149,9 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
      */
     private static final Pattern HTML_DETECTION_PATTERN = Pattern.compile("\\<[a-z]+.*/?\\>", Pattern.CASE_INSENSITIVE);
 
+    /**
+     * The POM Utility for parsing POM files.
+     */
     private PomUtils pomUtils = null;
     //</editor-fold>
 
@@ -1009,7 +1001,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
      * @return the interpolated text.
      */
     public static String interpolateString(String text, Properties properties) {
-        Properties props = properties;
+        final Properties props = properties;
         if (text == null) {
             return text;
         }

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/MavenArtifact.java

@@ -27,7 +27,7 @@ public class MavenArtifact {
     /**
      * The base URL for download artifacts from Central.
      */
-    private final String CENTRAL_CONTENT_URL = "http://search.maven.org/remotecontent?filepath=";
+    private static final String CENTRAL_CONTENT_URL = "http://search.maven.org/remotecontent?filepath=";
 
     /**
      * The groupId
@@ -87,11 +87,13 @@ public class MavenArtifact {
         this.version = version;
         if (jarAvailable) {
             //org/springframework/spring-core/3.2.0.RELEASE/spring-core-3.2.0.RELEASE.pom
-            this.artifactUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/" + version + "/" + artifactId + "-" + version + ".jar";
+            this.artifactUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/"
+                    + version + "/" + artifactId + "-" + version + ".jar";
         }
         if (pomAvailable) {
             //org/springframework/spring-core/3.2.0.RELEASE/spring-core-3.2.0.RELEASE.pom
-            this.pomUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/" + version + "/" + artifactId + "-" + version + ".pom";
+            this.pomUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/"
+                    + version + "/" + artifactId + "-" + version + ".pom";
         }
     }
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java

@@ -27,7 +27,6 @@ import java.sql.Statement;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Iterator;
 import java.util.List;
 import java.util.Map.Entry;
 import java.util.Properties;
@@ -788,12 +787,13 @@ public class CveDB {
      * @param identifiedVersion the identified version of the dependency being analyzed
      * @return true if the identified version is affected, otherwise false
      */
-    protected Entry<String, Boolean> getMatchingSoftware(HashMap<String, Boolean> vulnerableSoftware, String vendor, String product, DependencyVersion identifiedVersion) {
+    protected Entry<String, Boolean> getMatchingSoftware(HashMap<String, Boolean> vulnerableSoftware, String vendor, String product,
+            DependencyVersion identifiedVersion) {
 
         final boolean isVersionTwoADifferentProduct = "apache".equals(vendor) && "struts".equals(product);
 
-        HashSet<String> majorVersionsAffectingAllPrevious = new HashSet<String>();
+        final HashSet<String> majorVersionsAffectingAllPrevious = new HashSet<String>();
-        boolean matchesAnyPrevious = identifiedVersion == null || "-".equals(identifiedVersion.toString());
+        final boolean matchesAnyPrevious = identifiedVersion == null || "-".equals(identifiedVersion.toString());
         String majorVersionMatch = null;
         for (Entry<String, Boolean> entry : vulnerableSoftware.entrySet()) {
             final DependencyVersion v = parseDependencyVersion(entry.getKey());
@@ -814,7 +814,7 @@ public class CveDB {
             return null;
         }
 
-        boolean canSkipVersions = majorVersionMatch != null && majorVersionsAffectingAllPrevious.size() > 1;
+        final boolean canSkipVersions = majorVersionMatch != null && majorVersionsAffectingAllPrevious.size() > 1;
         //yes, we are iterating over this twice. The first time we are skipping versions those that affect all versions
         //then later we process those that affect all versions. This could be done with sorting...
         for (Entry<String, Boolean> entry : vulnerableSoftware.entrySet()) {

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java

@@ -605,7 +605,7 @@ public class Dependency implements Serializable, Comparable<Dependency> {
     private Set<String> projectReferences = new HashSet<String>();
 
     /**
-     * Get the value of projectReferences
+     * Get the value of projectReferences.
      *
      * @return the value of projectReferences
      */
@@ -614,7 +614,7 @@ public class Dependency implements Serializable, Comparable<Dependency> {
     }
 
     /**
-     * Set the value of projectReferences
+     * Set the value of projectReferences.
      *
      * @param projectReferences new value of projectReferences
      */
@@ -671,7 +671,7 @@ public class Dependency implements Serializable, Comparable<Dependency> {
     private List<String> availableVersions = new ArrayList<String>();
 
     /**
-     * Get the value of availableVersions
+     * Get the value of availableVersions.
      *
      * @return the value of availableVersions
      */
@@ -680,7 +680,7 @@ public class Dependency implements Serializable, Comparable<Dependency> {
     }
 
     /**
-     * Set the value of availableVersions
+     * Set the value of availableVersions.
      *
      * @param availableVersions new value of availableVersions
      */

dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/PomUtils.java

@@ -54,6 +54,9 @@ public class PomUtils {
      */
     private Unmarshaller pomUnmarshaller;
 
+    /**
+     * Constructs a new POM Utility.
+     */
     public PomUtils() {
         try {
             //final JAXBContext jaxbContext = JAXBContext.newInstance("org.owasp.dependencycheck.jaxb.pom.generated");

dependency-check-maven/pom.xml

@@ -140,7 +140,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                 <artifactId>maven-javadoc-plugin</artifactId>
                 <version>2.9.1</version>
                 <configuration>
-                    <bottom>Copyright© 2012-14 Jeremy Long. All Rights Reserved.</bottom>
+                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
                 </configuration>
                 <reportSets>
                     <reportSet>

dependency-check-utils/pom.xml

@@ -106,7 +106,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                 <artifactId>maven-javadoc-plugin</artifactId>
                 <version>2.9.1</version>
                 <configuration>
-                    <bottom>Copyright© 2012-14 Jeremy Long. All Rights Reserved.</bottom>
+                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
                 </configuration>
                 <reportSets>
                     <reportSet>

dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java

@@ -235,13 +235,20 @@ public final class Downloader {
         return timestamp;
     }
 
+    /**
+     * Analyzes the IOException, logs the appropriate information for debugging purposes, and then throws a
+     * DownloadFailedException that wraps the IO Exception.
+     *
+     * @param ex the original exception
+     * @throws DownloadFailedException a wrapper exception that contains the original exception as the cause
+     */
     protected static void analyzeException(IOException ex) throws DownloadFailedException {
         Throwable cause = ex;
         do {
             if (cause instanceof InvalidAlgorithmParameterException) {
-                String keystore = System.getProperty("javax.net.ssl.keyStore");
+                final String keystore = System.getProperty("javax.net.ssl.keyStore");
-                String version = System.getProperty("java.version");
+                final String version = System.getProperty("java.version");
-                String vendor = System.getProperty("java.vendor");
+                final String vendor = System.getProperty("java.vendor");
                 LOGGER.info("Error making HTTPS request - InvalidAlgorithmParameterException");
                 LOGGER.info("There appears to be an issue with the installation of Java and the cacerts."
                         + "See closed issue #177 here: https://github.com/jeremylong/DependencyCheck/issues/177");

dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java

@@ -25,7 +25,6 @@ import java.net.PasswordAuthentication;
 import java.net.Proxy;
 import java.net.SocketAddress;
 import java.net.URL;
-import java.net.URLConnection;
 
 /**
  * A URLConnection Factory to create new connections. This encapsulates several configuration checks to ensure that the connection

src/main/config/checkstyle-header.txt

@@ -13,6 +13,6 @@
 ^ \* See the License for the specific language governing permissions and\s*$
 ^ \* limitations under the License\.\s*$
 ^ \*\s*$
-^ \* Copyright \(c\) 201[234] (Jeremy Long|Steve Springett)\. All Rights Reserved\.\s*$
+^ \* Copyright \(c\) 201[0-9] (Jeremy Long|Steve Springett)\. All Rights Reserved\.\s*$
 ^ \*/\s*$
 ^package