From 8b58df3b34cf3dca1240518347d5f855e1204dba Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 5 Mar 2016 07:07:53 -0500 Subject: [PATCH] checkstyle/pmd/findbugs corrections --- .../analyzer/CMakeAnalyzer.java | 1 - .../dependencycheck/analyzer/JarAnalyzer.java | 18 +++++------------- .../data/nvdcve/ConnectionFactory.java | 15 +++++++++------ .../data/update/NvdCveUpdater.java | 11 +++-------- .../data/update/nvd/DownloadTask.java | 3 +-- .../dependencycheck/maven/AggregateMojo.java | 15 +++++++++++++-- .../maven/BaseDependencyCheckMojo.java | 1 - .../dependencycheck/utils/Downloader.java | 5 +---- .../utils/ExpectedOjectInputStream.java | 2 +- .../utils/URLConnectionFactory.java | 15 +++++++-------- src/main/config/checkstyle-checks.xml | 5 +++-- 11 files changed, 43 insertions(+), 48 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java index 4d957be82..93dff511d 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java @@ -35,7 +35,6 @@ import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.util.logging.Level; import java.util.regex.Matcher; import java.util.regex.Pattern; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index e7af1e02a..c76e8199b 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -628,9 +628,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { JarFile jar = null; try { jar = new JarFile(dependency.getActualFilePath()); - final Manifest manifest = jar.getManifest(); - if (manifest == null) { //don't log this for javadoc or sources jar files if (!dependency.getFileName().toLowerCase().endsWith("-sources.jar") @@ -642,17 +640,15 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { } return false; } - Attributes atts = manifest.getMainAttributes(); - final EvidenceCollection vendorEvidence = dependency.getVendorEvidence(); final EvidenceCollection productEvidence = dependency.getProductEvidence(); final EvidenceCollection versionEvidence = dependency.getVersionEvidence(); String source = "Manifest"; - String specificationVersion = null; boolean hasImplementationVersion = false; + Attributes atts = manifest.getMainAttributes(); for (Entry entry : atts.entrySet()) { String key = entry.getKey().toString(); String value = atts.getValue(key); @@ -708,7 +704,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { // addMatchingValues(classInformation, value, productEvidence); } else { key = key.toLowerCase(); - if (!IGNORE_KEYS.contains(key) && !key.endsWith("jdk") && !key.contains("lastmodified") @@ -724,8 +719,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { foundSomething = true; if (key.contains("version")) { if (!key.contains("specification")) { - //versionEvidence.addEvidence(source, key, value, Confidence.LOW); - //} else { versionEvidence.addEvidence(source, key, value, Confidence.MEDIUM); } } else if ("build-id".equals(key)) { @@ -778,14 +771,14 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { } } - Map entries = manifest.getEntries(); + final Map entries = manifest.getEntries(); for (Iterator it = entries.keySet().iterator(); it.hasNext();) { - String name = it.next(); + final String name = it.next(); source = "manifest: " + name; atts = entries.get(name); for (Entry entry : atts.entrySet()) { - String key = entry.getKey().toString(); - String value = atts.getValue(key); + final String key = entry.getKey().toString(); + final String value = atts.getValue(key); if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_TITLE.toString())) { foundSomething = true; productEvidence.addEvidence(source, key, value, Confidence.MEDIUM); @@ -804,7 +797,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { } } } - if (specificationVersion != null && !hasImplementationVersion) { foundSomething = true; versionEvidence.addEvidence(source, "specification-version", specificationVersion, Confidence.HIGH); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java index be892e24a..8961b1533 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java @@ -280,7 +280,9 @@ public final class ConnectionFactory { * @param currentDbVersion the current schema version of the database * @throws DatabaseException thrown if there is an exception upgrading the database schema */ - private static void updateSchema(Connection conn, DependencyVersion appExpectedVersion, DependencyVersion currentDbVersion) throws DatabaseException { + private static void updateSchema(Connection conn, DependencyVersion appExpectedVersion, DependencyVersion currentDbVersion) + throws DatabaseException { + final String databaseProductName; try { databaseProductName = conn.getMetaData().getDatabaseProductName(); @@ -320,17 +322,18 @@ public final class ConnectionFactory { IOUtils.closeQuietly(is); } } else { - int e0 = Integer.parseInt(appExpectedVersion.getVersionParts().get(0)); - int c0 = Integer.parseInt(currentDbVersion.getVersionParts().get(0)); - int e1 = Integer.parseInt(appExpectedVersion.getVersionParts().get(1)); - int c1 = Integer.parseInt(currentDbVersion.getVersionParts().get(1)); + final int e0 = Integer.parseInt(appExpectedVersion.getVersionParts().get(0)); + final int c0 = Integer.parseInt(currentDbVersion.getVersionParts().get(0)); + final int e1 = Integer.parseInt(appExpectedVersion.getVersionParts().get(1)); + final int c1 = Integer.parseInt(currentDbVersion.getVersionParts().get(1)); if (e0 == c0 && e1 < c1) { LOGGER.warn("A new version of dependency-check is available; consider upgrading"); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); } else if (e0 == c0 && e1 == c1) { //do nothing - not sure how we got here, but just incase... } else { - LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.", UPGRADE_HELP_URL); + LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.", + UPGRADE_HELP_URL); throw new DatabaseException("Database schema is out of date"); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java index 263f0943f..0a3bd196f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java @@ -18,9 +18,6 @@ package org.owasp.dependencycheck.data.update; import java.net.MalformedURLException; -import java.sql.CallableStatement; -import java.sql.ResultSet; -import java.sql.SQLException; import java.util.Calendar; import java.util.HashSet; import java.util.Set; @@ -28,7 +25,6 @@ import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.Future; -import static org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.DB_SCHEMA_VERSION; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties; @@ -39,10 +35,7 @@ import org.owasp.dependencycheck.data.update.nvd.DownloadTask; import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo; import org.owasp.dependencycheck.data.update.nvd.ProcessTask; import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve; -import org.owasp.dependencycheck.exception.NoDataException; import org.owasp.dependencycheck.utils.DateUtil; -import org.owasp.dependencycheck.utils.DependencyVersion; -import org.owasp.dependencycheck.utils.DependencyVersionUtil; import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.Settings; @@ -134,7 +127,9 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource { } /** - * Checks the CPE Index to ensure documents exists. + * Checks the CVE Index to ensure data exists and analysis can continue. + * + * @return true if the database contains data */ private boolean dataExists() { CveDB cve = null; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java index ab6ea3a8f..1ec66a517 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java @@ -27,7 +27,6 @@ import java.net.URL; import java.util.concurrent.Callable; import java.util.concurrent.ExecutorService; import java.util.concurrent.Future; -import java.util.logging.Level; import java.util.zip.GZIPInputStream; import org.apache.commons.io.FileUtils; import org.owasp.dependencycheck.data.nvdcve.CveDB; @@ -242,7 +241,7 @@ public class DownloadTask implements Callable> { try { is = new FileInputStream(file); - byte[] buf = new byte[5]; + final byte[] buf = new byte[5]; int read = 0; try { read = is.read(buf); diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java index 2e9285fb4..92c4142ff 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java @@ -125,9 +125,14 @@ public class AggregateMojo extends BaseDependencyCheckMojo { Settings.cleanup(); } + /** + * Gets the last project in the reactor - taking into account skipped projects. + * + * @return the last projecct in the reactor + */ private MavenProject getLastProject() { for (int x = getReactorProjects().size() - 1; x >= 0; x--) { - MavenProject p = getReactorProjects().get(x); + final MavenProject p = getReactorProjects().get(x); if (!skipProject(p)) { return p; } @@ -136,8 +141,14 @@ public class AggregateMojo extends BaseDependencyCheckMojo { return null; } + /** + * Tests if the project is being skipped in the Maven site report. + * + * @param project a project in the reactor + * @return true if the project is skipped; otherwise false + */ private boolean skipProject(MavenProject project) { - String skip = (String) project.getProperties().get("maven.site.skip"); + final String skip = (String) project.getProperties().get("maven.site.skip"); return "true".equalsIgnoreCase(skip); } diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index fd319b90f..b26543b76 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -24,7 +24,6 @@ import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; -import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.util.List; import java.util.Locale; diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java index f4c35a0b8..32b636d52 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java @@ -33,9 +33,6 @@ import java.util.zip.GZIPInputStream; import java.util.zip.InflaterInputStream; import static java.lang.String.format; -import java.util.logging.Level; -import static org.owasp.dependencycheck.utils.Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP; -import static org.owasp.dependencycheck.utils.Settings.getBoolean; /** * A utility to download files from the Internet. @@ -311,7 +308,7 @@ public final class Downloader { boolean quickQuery; try { - quickQuery = getBoolean(DOWNLOADER_QUICK_QUERY_TIMESTAMP, true); + quickQuery = Settings.getBoolean(Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP, true); } catch (InvalidSettingException e) { quickQuery = true; } diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java index 7b1272e05..bdd57677e 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java @@ -36,7 +36,7 @@ public class ExpectedOjectInputStream extends ObjectInputStream { /** * The list of fully qualified class names that are able to be deserialized. */ - List expected = new ArrayList(); + private List expected = new ArrayList(); /** * Constructs a new ExpectedOjectInputStream that can be used to securely deserialize an object by restricting the classes diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java index 10da9464b..cbeb00a64 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java @@ -105,19 +105,19 @@ public final class URLConnectionFactory { * @return matching result. true: match nonProxy */ private static boolean matchNonProxy(final URL url) { - String host = url.getHost(); + final String host = url.getHost(); // code partially from org.apache.maven.plugins.site.AbstractDeployMojo#getProxyInfo final String nonProxyHosts = Settings.getString(Settings.KEYS.PROXY_NON_PROXY_HOSTS); if (null != nonProxyHosts) { - final String[] nonProxies = nonProxyHosts.split( "(,)|(;)|(\\|)" ); + final String[] nonProxies = nonProxyHosts.split("(,)|(;)|(\\|)"); for (final String nonProxyHost : nonProxies) { //if ( StringUtils.contains( nonProxyHost, "*" ) ) if (null != nonProxyHost && nonProxyHost.contains("*")) { // Handle wildcard at the end, beginning or middle of the nonProxyHost final int pos = nonProxyHost.indexOf('*'); - String nonProxyHostPrefix = nonProxyHost.substring(0, pos); - String nonProxyHostSuffix = nonProxyHost.substring(pos + 1); + final String nonProxyHostPrefix = nonProxyHost.substring(0, pos); + final String nonProxyHostSuffix = nonProxyHost.substring(pos + 1); // prefix* if (!StringUtils.isEmpty(nonProxyHostPrefix) && host.startsWith(nonProxyHostPrefix) && StringUtils.isEmpty(nonProxyHostSuffix)) { return true; @@ -127,11 +127,11 @@ public final class URLConnectionFactory { return true; } // prefix*suffix - if (!StringUtils.isEmpty(nonProxyHostPrefix) && host.startsWith(nonProxyHostPrefix) && !StringUtils.isEmpty(nonProxyHostSuffix) && host.endsWith(nonProxyHostSuffix)) { + if (!StringUtils.isEmpty(nonProxyHostPrefix) && host.startsWith(nonProxyHostPrefix) && !StringUtils.isEmpty(nonProxyHostSuffix) + && host.endsWith(nonProxyHostSuffix)) { return true; } - } - else if (host.equals(nonProxyHost)) { + } else if (host.equals(nonProxyHost)) { return true; } } @@ -139,7 +139,6 @@ public final class URLConnectionFactory { return false; } - /** * Utility method to create an HttpURLConnection. The use of a proxy here is optional as there may be cases where a proxy is * configured but we don't want to use it (for example, if there's an internal repository configured) diff --git a/src/main/config/checkstyle-checks.xml b/src/main/config/checkstyle-checks.xml index 1c1238554..3cb0cd41e 100644 --- a/src/main/config/checkstyle-checks.xml +++ b/src/main/config/checkstyle-checks.xml @@ -28,9 +28,10 @@ - + +