checkstyle/pmd/findbugs corrections

2026-01-16 16:46:55 +01:00 · 2016-03-05 07:07:53 -05:00
parent 0d2a090e1f
commit 8b58df3b34
11 changed files with 43 additions and 48 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
@@ -35,7 +35,6 @@ import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.logging.Level;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;

--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -628,9 +628,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
        JarFile jar = null;
        try {
            jar = new JarFile(dependency.getActualFilePath());
-
            final Manifest manifest = jar.getManifest();
-
            if (manifest == null) {
                //don't log this for javadoc or sources jar files
                if (!dependency.getFileName().toLowerCase().endsWith("-sources.jar")
@@ -642,17 +640,15 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                }
                return false;
            }
-            Attributes atts = manifest.getMainAttributes();
-
            final EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
            final EvidenceCollection productEvidence = dependency.getProductEvidence();
            final EvidenceCollection versionEvidence = dependency.getVersionEvidence();

            String source = "Manifest";
-
            String specificationVersion = null;
            boolean hasImplementationVersion = false;

+            Attributes atts = manifest.getMainAttributes();
            for (Entry<Object, Object> entry : atts.entrySet()) {
                String key = entry.getKey().toString();
                String value = atts.getValue(key);
@@ -708,7 +704,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
 //                    addMatchingValues(classInformation, value, productEvidence);
                } else {
                    key = key.toLowerCase();
-
                    if (!IGNORE_KEYS.contains(key)
                            && !key.endsWith("jdk")
                            && !key.contains("lastmodified")
@@ -724,8 +719,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                        foundSomething = true;
                        if (key.contains("version")) {
                            if (!key.contains("specification")) {
-                                //versionEvidence.addEvidence(source, key, value, Confidence.LOW);
-                                //} else {
                                versionEvidence.addEvidence(source, key, value, Confidence.MEDIUM);
                            }
                        } else if ("build-id".equals(key)) {
@@ -778,14 +771,14 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                }
            }

-            Map<String, Attributes> entries = manifest.getEntries();
+            final Map<String, Attributes> entries = manifest.getEntries();
            for (Iterator<String> it = entries.keySet().iterator(); it.hasNext();) {
-                String name = it.next();
+                final String name = it.next();
                source = "manifest: " + name;
                atts = entries.get(name);
                for (Entry<Object, Object> entry : atts.entrySet()) {
-                    String key = entry.getKey().toString();
-                    String value = atts.getValue(key);
+                    final String key = entry.getKey().toString();
+                    final String value = atts.getValue(key);
                    if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
                        foundSomething = true;
                        productEvidence.addEvidence(source, key, value, Confidence.MEDIUM);
@@ -804,7 +797,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                    }
                }
            }
-
            if (specificationVersion != null && !hasImplementationVersion) {
                foundSomething = true;
                versionEvidence.addEvidence(source, "specification-version", specificationVersion, Confidence.HIGH);
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
@@ -280,7 +280,9 @@ public final class ConnectionFactory {
     * @param currentDbVersion the current schema version of the database
     * @throws DatabaseException thrown if there is an exception upgrading the database schema
     */
-    private static void updateSchema(Connection conn, DependencyVersion appExpectedVersion, DependencyVersion currentDbVersion) throws DatabaseException {
+    private static void updateSchema(Connection conn, DependencyVersion appExpectedVersion, DependencyVersion currentDbVersion)
+            throws DatabaseException {
+
        final String databaseProductName;
        try {
            databaseProductName = conn.getMetaData().getDatabaseProductName();
@@ -320,17 +322,18 @@ public final class ConnectionFactory {
                IOUtils.closeQuietly(is);
            }
        } else {
-            int e0 = Integer.parseInt(appExpectedVersion.getVersionParts().get(0));
-            int c0 = Integer.parseInt(currentDbVersion.getVersionParts().get(0));
-            int e1 = Integer.parseInt(appExpectedVersion.getVersionParts().get(1));
-            int c1 = Integer.parseInt(currentDbVersion.getVersionParts().get(1));
+            final int e0 = Integer.parseInt(appExpectedVersion.getVersionParts().get(0));
+            final int c0 = Integer.parseInt(currentDbVersion.getVersionParts().get(0));
+            final int e1 = Integer.parseInt(appExpectedVersion.getVersionParts().get(1));
+            final int c1 = Integer.parseInt(currentDbVersion.getVersionParts().get(1));
            if (e0 == c0 && e1 < c1) {
                LOGGER.warn("A new version of dependency-check is available; consider upgrading");
                Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
            } else if (e0 == c0 && e1 == c1) {
                //do nothing - not sure how we got here, but just incase...
            } else {
-                LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.", UPGRADE_HELP_URL);
+                LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.",
+                        UPGRADE_HELP_URL);
                throw new DatabaseException("Database schema is out of date");
            }
        }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
@@ -18,9 +18,6 @@
 package org.owasp.dependencycheck.data.update;

 import java.net.MalformedURLException;
-import java.sql.CallableStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
 import java.util.Calendar;
 import java.util.HashSet;
 import java.util.Set;
@@ -28,7 +25,6 @@ import java.util.concurrent.ExecutionException;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.concurrent.Future;
-import static org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.DB_SCHEMA_VERSION;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
@@ -39,10 +35,7 @@ import org.owasp.dependencycheck.data.update.nvd.DownloadTask;
 import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo;
 import org.owasp.dependencycheck.data.update.nvd.ProcessTask;
 import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
-import org.owasp.dependencycheck.exception.NoDataException;
 import org.owasp.dependencycheck.utils.DateUtil;
-import org.owasp.dependencycheck.utils.DependencyVersion;
-import org.owasp.dependencycheck.utils.DependencyVersionUtil;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.InvalidSettingException;
 import org.owasp.dependencycheck.utils.Settings;
@@ -134,7 +127,9 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
    }

    /**
-     * Checks the CPE Index to ensure documents exists.
+     * Checks the CVE Index to ensure data exists and analysis can continue.
+     *
+     * @return true if the database contains data
     */
    private boolean dataExists() {
        CveDB cve = null;
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java
@@ -27,7 +27,6 @@ import java.net.URL;
 import java.util.concurrent.Callable;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Future;
-import java.util.logging.Level;
 import java.util.zip.GZIPInputStream;
 import org.apache.commons.io.FileUtils;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
@@ -242,7 +241,7 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
        try {
            is = new FileInputStream(file);

-            byte[] buf = new byte[5];
+            final byte[] buf = new byte[5];
            int read = 0;
            try {
                read = is.read(buf);