mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 07:43:40 +01:00
checkstyle/pmd/findbugs corrections
This commit is contained in:
Jeremy Long
@@ -35,7 +35,6 @@ import java.io.IOException;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.logging.Level;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
|
||||
@@ -628,9 +628,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
JarFile jar = null;
|
||||
try {
|
||||
jar = new JarFile(dependency.getActualFilePath());
|
||||
|
||||
final Manifest manifest = jar.getManifest();
|
||||
|
||||
if (manifest == null) {
|
||||
//don't log this for javadoc or sources jar files
|
||||
if (!dependency.getFileName().toLowerCase().endsWith("-sources.jar")
|
||||
@@ -642,17 +640,15 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
Attributes atts = manifest.getMainAttributes();
|
||||
|
||||
final EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
|
||||
final EvidenceCollection productEvidence = dependency.getProductEvidence();
|
||||
final EvidenceCollection versionEvidence = dependency.getVersionEvidence();
|
||||
|
||||
String source = "Manifest";
|
||||
|
||||
String specificationVersion = null;
|
||||
boolean hasImplementationVersion = false;
|
||||
|
||||
Attributes atts = manifest.getMainAttributes();
|
||||
for (Entry<Object, Object> entry : atts.entrySet()) {
|
||||
String key = entry.getKey().toString();
|
||||
String value = atts.getValue(key);
|
||||
@@ -708,7 +704,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
// addMatchingValues(classInformation, value, productEvidence);
|
||||
} else {
|
||||
key = key.toLowerCase();
|
||||
|
||||
if (!IGNORE_KEYS.contains(key)
|
||||
&& !key.endsWith("jdk")
|
||||
&& !key.contains("lastmodified")
|
||||
@@ -724,8 +719,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
foundSomething = true;
|
||||
if (key.contains("version")) {
|
||||
if (!key.contains("specification")) {
|
||||
//versionEvidence.addEvidence(source, key, value, Confidence.LOW);
|
||||
//} else {
|
||||
versionEvidence.addEvidence(source, key, value, Confidence.MEDIUM);
|
||||
}
|
||||
} else if ("build-id".equals(key)) {
|
||||
@@ -778,14 +771,14 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
}
|
||||
}
|
||||
|
||||
Map<String, Attributes> entries = manifest.getEntries();
|
||||
final Map<String, Attributes> entries = manifest.getEntries();
|
||||
for (Iterator<String> it = entries.keySet().iterator(); it.hasNext();) {
|
||||
String name = it.next();
|
||||
final String name = it.next();
|
||||
source = "manifest: " + name;
|
||||
atts = entries.get(name);
|
||||
for (Entry<Object, Object> entry : atts.entrySet()) {
|
||||
String key = entry.getKey().toString();
|
||||
String value = atts.getValue(key);
|
||||
final String key = entry.getKey().toString();
|
||||
final String value = atts.getValue(key);
|
||||
if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
|
||||
foundSomething = true;
|
||||
productEvidence.addEvidence(source, key, value, Confidence.MEDIUM);
|
||||
@@ -804,7 +797,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (specificationVersion != null && !hasImplementationVersion) {
|
||||
foundSomething = true;
|
||||
versionEvidence.addEvidence(source, "specification-version", specificationVersion, Confidence.HIGH);
|
||||
|
||||
@@ -280,7 +280,9 @@ public final class ConnectionFactory {
|
||||
* @param currentDbVersion the current schema version of the database
|
||||
* @throws DatabaseException thrown if there is an exception upgrading the database schema
|
||||
*/
|
||||
private static void updateSchema(Connection conn, DependencyVersion appExpectedVersion, DependencyVersion currentDbVersion) throws DatabaseException {
|
||||
private static void updateSchema(Connection conn, DependencyVersion appExpectedVersion, DependencyVersion currentDbVersion)
|
||||
throws DatabaseException {
|
||||
|
||||
final String databaseProductName;
|
||||
try {
|
||||
databaseProductName = conn.getMetaData().getDatabaseProductName();
|
||||
@@ -320,17 +322,18 @@ public final class ConnectionFactory {
|
||||
IOUtils.closeQuietly(is);
|
||||
}
|
||||
} else {
|
||||
int e0 = Integer.parseInt(appExpectedVersion.getVersionParts().get(0));
|
||||
int c0 = Integer.parseInt(currentDbVersion.getVersionParts().get(0));
|
||||
int e1 = Integer.parseInt(appExpectedVersion.getVersionParts().get(1));
|
||||
int c1 = Integer.parseInt(currentDbVersion.getVersionParts().get(1));
|
||||
final int e0 = Integer.parseInt(appExpectedVersion.getVersionParts().get(0));
|
||||
final int c0 = Integer.parseInt(currentDbVersion.getVersionParts().get(0));
|
||||
final int e1 = Integer.parseInt(appExpectedVersion.getVersionParts().get(1));
|
||||
final int c1 = Integer.parseInt(currentDbVersion.getVersionParts().get(1));
|
||||
if (e0 == c0 && e1 < c1) {
|
||||
LOGGER.warn("A new version of dependency-check is available; consider upgrading");
|
||||
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
} else if (e0 == c0 && e1 == c1) {
|
||||
//do nothing - not sure how we got here, but just incase...
|
||||
} else {
|
||||
LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.", UPGRADE_HELP_URL);
|
||||
LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.",
|
||||
UPGRADE_HELP_URL);
|
||||
throw new DatabaseException("Database schema is out of date");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,9 +18,6 @@
|
||||
package org.owasp.dependencycheck.data.update;
|
||||
|
||||
import java.net.MalformedURLException;
|
||||
import java.sql.CallableStatement;
|
||||
import java.sql.ResultSet;
|
||||
import java.sql.SQLException;
|
||||
import java.util.Calendar;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
@@ -28,7 +25,6 @@ import java.util.concurrent.ExecutionException;
|
||||
import java.util.concurrent.ExecutorService;
|
||||
import java.util.concurrent.Executors;
|
||||
import java.util.concurrent.Future;
|
||||
import static org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.DB_SCHEMA_VERSION;
|
||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
|
||||
@@ -39,10 +35,7 @@ import org.owasp.dependencycheck.data.update.nvd.DownloadTask;
|
||||
import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo;
|
||||
import org.owasp.dependencycheck.data.update.nvd.ProcessTask;
|
||||
import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
|
||||
import org.owasp.dependencycheck.exception.NoDataException;
|
||||
import org.owasp.dependencycheck.utils.DateUtil;
|
||||
import org.owasp.dependencycheck.utils.DependencyVersion;
|
||||
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
|
||||
import org.owasp.dependencycheck.utils.DownloadFailedException;
|
||||
import org.owasp.dependencycheck.utils.InvalidSettingException;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
@@ -134,7 +127,9 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks the CPE Index to ensure documents exists.
|
||||
* Checks the CVE Index to ensure data exists and analysis can continue.
|
||||
*
|
||||
* @return true if the database contains data
|
||||
*/
|
||||
private boolean dataExists() {
|
||||
CveDB cve = null;
|
||||
|
||||
@@ -27,7 +27,6 @@ import java.net.URL;
|
||||
import java.util.concurrent.Callable;
|
||||
import java.util.concurrent.ExecutorService;
|
||||
import java.util.concurrent.Future;
|
||||
import java.util.logging.Level;
|
||||
import java.util.zip.GZIPInputStream;
|
||||
import org.apache.commons.io.FileUtils;
|
||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
@@ -242,7 +241,7 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
|
||||
try {
|
||||
is = new FileInputStream(file);
|
||||
|
||||
byte[] buf = new byte[5];
|
||||
final byte[] buf = new byte[5];
|
||||
int read = 0;
|
||||
try {
|
||||
read = is.read(buf);
|
||||
|
||||
@@ -125,9 +125,14 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
|
||||
Settings.cleanup();
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the last project in the reactor - taking into account skipped projects.
|
||||
*
|
||||
* @return the last projecct in the reactor
|
||||
*/
|
||||
private MavenProject getLastProject() {
|
||||
for (int x = getReactorProjects().size() - 1; x >= 0; x--) {
|
||||
MavenProject p = getReactorProjects().get(x);
|
||||
final MavenProject p = getReactorProjects().get(x);
|
||||
if (!skipProject(p)) {
|
||||
return p;
|
||||
}
|
||||
@@ -136,8 +141,14 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests if the project is being skipped in the Maven site report.
|
||||
*
|
||||
* @param project a project in the reactor
|
||||
* @return true if the project is skipped; otherwise false
|
||||
*/
|
||||
private boolean skipProject(MavenProject project) {
|
||||
String skip = (String) project.getProperties().get("maven.site.skip");
|
||||
final String skip = (String) project.getProperties().get("maven.site.skip");
|
||||
return "true".equalsIgnoreCase(skip);
|
||||
}
|
||||
|
||||
|
||||
@@ -24,7 +24,6 @@ import java.io.FileNotFoundException;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.ObjectInputStream;
|
||||
import java.io.ObjectOutputStream;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
|
||||
@@ -33,9 +33,6 @@ import java.util.zip.GZIPInputStream;
|
||||
import java.util.zip.InflaterInputStream;
|
||||
|
||||
import static java.lang.String.format;
|
||||
import java.util.logging.Level;
|
||||
import static org.owasp.dependencycheck.utils.Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP;
|
||||
import static org.owasp.dependencycheck.utils.Settings.getBoolean;
|
||||
|
||||
/**
|
||||
* A utility to download files from the Internet.
|
||||
@@ -311,7 +308,7 @@ public final class Downloader {
|
||||
boolean quickQuery;
|
||||
|
||||
try {
|
||||
quickQuery = getBoolean(DOWNLOADER_QUICK_QUERY_TIMESTAMP, true);
|
||||
quickQuery = Settings.getBoolean(Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP, true);
|
||||
} catch (InvalidSettingException e) {
|
||||
quickQuery = true;
|
||||
}
|
||||
|
||||
@@ -36,7 +36,7 @@ public class ExpectedOjectInputStream extends ObjectInputStream {
|
||||
/**
|
||||
* The list of fully qualified class names that are able to be deserialized.
|
||||
*/
|
||||
List<String> expected = new ArrayList<String>();
|
||||
private List<String> expected = new ArrayList<String>();
|
||||
|
||||
/**
|
||||
* Constructs a new ExpectedOjectInputStream that can be used to securely deserialize an object by restricting the classes
|
||||
|
||||
@@ -105,19 +105,19 @@ public final class URLConnectionFactory {
|
||||
* @return matching result. true: match nonProxy
|
||||
*/
|
||||
private static boolean matchNonProxy(final URL url) {
|
||||
String host = url.getHost();
|
||||
final String host = url.getHost();
|
||||
|
||||
// code partially from org.apache.maven.plugins.site.AbstractDeployMojo#getProxyInfo
|
||||
final String nonProxyHosts = Settings.getString(Settings.KEYS.PROXY_NON_PROXY_HOSTS);
|
||||
if (null != nonProxyHosts) {
|
||||
final String[] nonProxies = nonProxyHosts.split( "(,)|(;)|(\\|)" );
|
||||
final String[] nonProxies = nonProxyHosts.split("(,)|(;)|(\\|)");
|
||||
for (final String nonProxyHost : nonProxies) {
|
||||
//if ( StringUtils.contains( nonProxyHost, "*" ) )
|
||||
if (null != nonProxyHost && nonProxyHost.contains("*")) {
|
||||
// Handle wildcard at the end, beginning or middle of the nonProxyHost
|
||||
final int pos = nonProxyHost.indexOf('*');
|
||||
String nonProxyHostPrefix = nonProxyHost.substring(0, pos);
|
||||
String nonProxyHostSuffix = nonProxyHost.substring(pos + 1);
|
||||
final String nonProxyHostPrefix = nonProxyHost.substring(0, pos);
|
||||
final String nonProxyHostSuffix = nonProxyHost.substring(pos + 1);
|
||||
// prefix*
|
||||
if (!StringUtils.isEmpty(nonProxyHostPrefix) && host.startsWith(nonProxyHostPrefix) && StringUtils.isEmpty(nonProxyHostSuffix)) {
|
||||
return true;
|
||||
@@ -127,11 +127,11 @@ public final class URLConnectionFactory {
|
||||
return true;
|
||||
}
|
||||
// prefix*suffix
|
||||
if (!StringUtils.isEmpty(nonProxyHostPrefix) && host.startsWith(nonProxyHostPrefix) && !StringUtils.isEmpty(nonProxyHostSuffix) && host.endsWith(nonProxyHostSuffix)) {
|
||||
if (!StringUtils.isEmpty(nonProxyHostPrefix) && host.startsWith(nonProxyHostPrefix) && !StringUtils.isEmpty(nonProxyHostSuffix)
|
||||
&& host.endsWith(nonProxyHostSuffix)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
else if (host.equals(nonProxyHost)) {
|
||||
} else if (host.equals(nonProxyHost)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -139,7 +139,6 @@ public final class URLConnectionFactory {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Utility method to create an HttpURLConnection. The use of a proxy here is optional as there may be cases where a proxy is
|
||||
* configured but we don't want to use it (for example, if there's an internal repository configured)
|
||||
|
||||
@@ -28,9 +28,10 @@
|
||||
<property name="allowLegacy" value="false"/>
|
||||
</module>
|
||||
|
||||
<module name="Translation">
|
||||
<!-- this causes a ton of noise due to how this is abused in core for dealing with database dialects.-->
|
||||
<!--module name="Translation">
|
||||
<property name="severity" value="warning"/>
|
||||
</module>
|
||||
</module-->
|
||||
|
||||
<module name="FileTabCharacter">
|
||||
<property name="eachLine" value="false"/>
|
||||
|
||||
Reference in New Issue
Block a user