github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-24 10:01:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

checkstyle/pmd/findbugs corrections

Browse Source
This commit is contained in:
Jeremy Long
2016-03-05 07:07:53 -05:00
parent 0d2a090e1f
commit 8b58df3b34
11 changed files with 43 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
View File

@@ -35,7 +35,6 @@ import java.io.IOException;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.logging.Level;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;

18
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -628,9 +628,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
JarFile jar = null; JarFile jar = null;
try { try {
jar = new JarFile(dependency.getActualFilePath()); jar = new JarFile(dependency.getActualFilePath());
final Manifest manifest = jar.getManifest(); final Manifest manifest = jar.getManifest();
if (manifest == null) { if (manifest == null) {
//don't log this for javadoc or sources jar files //don't log this for javadoc or sources jar files
if (!dependency.getFileName().toLowerCase().endsWith("-sources.jar") if (!dependency.getFileName().toLowerCase().endsWith("-sources.jar")
@@ -642,17 +640,15 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} }
return false; return false;
} }
Attributes atts = manifest.getMainAttributes();
final EvidenceCollection vendorEvidence = dependency.getVendorEvidence(); final EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
final EvidenceCollection productEvidence = dependency.getProductEvidence(); final EvidenceCollection productEvidence = dependency.getProductEvidence();
final EvidenceCollection versionEvidence = dependency.getVersionEvidence(); final EvidenceCollection versionEvidence = dependency.getVersionEvidence();
String source = "Manifest"; String source = "Manifest";
String specificationVersion = null; String specificationVersion = null;
boolean hasImplementationVersion = false; boolean hasImplementationVersion = false;
Attributes atts = manifest.getMainAttributes();
for (Entry<Object, Object> entry : atts.entrySet()) { for (Entry<Object, Object> entry : atts.entrySet()) {
String key = entry.getKey().toString(); String key = entry.getKey().toString();
String value = atts.getValue(key); String value = atts.getValue(key);
@@ -708,7 +704,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
// addMatchingValues(classInformation, value, productEvidence); // addMatchingValues(classInformation, value, productEvidence);
} else { } else {
key = key.toLowerCase(); key = key.toLowerCase();
if (!IGNORE_KEYS.contains(key) if (!IGNORE_KEYS.contains(key)
&& !key.endsWith("jdk") && !key.endsWith("jdk")
&& !key.contains("lastmodified") && !key.contains("lastmodified")
@@ -724,8 +719,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
foundSomething = true; foundSomething = true;
if (key.contains("version")) { if (key.contains("version")) {
if (!key.contains("specification")) { if (!key.contains("specification")) {
//versionEvidence.addEvidence(source, key, value, Confidence.LOW);
//} else {
versionEvidence.addEvidence(source, key, value, Confidence.MEDIUM); versionEvidence.addEvidence(source, key, value, Confidence.MEDIUM);
} }
} else if ("build-id".equals(key)) { } else if ("build-id".equals(key)) {
@@ -778,14 +771,14 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} }
} }
Map<String, Attributes> entries = manifest.getEntries(); final Map<String, Attributes> entries = manifest.getEntries();
for (Iterator<String> it = entries.keySet().iterator(); it.hasNext();) { for (Iterator<String> it = entries.keySet().iterator(); it.hasNext();) {
String name = it.next(); final String name = it.next();
source = "manifest: " + name; source = "manifest: " + name;
atts = entries.get(name); atts = entries.get(name);
for (Entry<Object, Object> entry : atts.entrySet()) { for (Entry<Object, Object> entry : atts.entrySet()) {
String key = entry.getKey().toString(); final String key = entry.getKey().toString();
String value = atts.getValue(key); final String value = atts.getValue(key);
if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_TITLE.toString())) { if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
foundSomething = true; foundSomething = true;
productEvidence.addEvidence(source, key, value, Confidence.MEDIUM); productEvidence.addEvidence(source, key, value, Confidence.MEDIUM);
@@ -804,7 +797,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} }
} }
} }
if (specificationVersion != null && !hasImplementationVersion) { if (specificationVersion != null && !hasImplementationVersion) {
foundSomething = true; foundSomething = true;
versionEvidence.addEvidence(source, "specification-version", specificationVersion, Confidence.HIGH); versionEvidence.addEvidence(source, "specification-version", specificationVersion, Confidence.HIGH);

15
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
View File

@@ -280,7 +280,9 @@ public final class ConnectionFactory {
* @param currentDbVersion the current schema version of the database * @param currentDbVersion the current schema version of the database
* @throws DatabaseException thrown if there is an exception upgrading the database schema * @throws DatabaseException thrown if there is an exception upgrading the database schema
*/ */
private static void updateSchema(Connection conn, DependencyVersion appExpectedVersion, DependencyVersion currentDbVersion) throws DatabaseException { private static void updateSchema(Connection conn, DependencyVersion appExpectedVersion, DependencyVersion currentDbVersion)
throws DatabaseException {
final String databaseProductName; final String databaseProductName;
try { try {
databaseProductName = conn.getMetaData().getDatabaseProductName(); databaseProductName = conn.getMetaData().getDatabaseProductName();
@@ -320,17 +322,18 @@ public final class ConnectionFactory {
IOUtils.closeQuietly(is); IOUtils.closeQuietly(is);
} }
} else { } else {
int e0 = Integer.parseInt(appExpectedVersion.getVersionParts().get(0)); final int e0 = Integer.parseInt(appExpectedVersion.getVersionParts().get(0));
int c0 = Integer.parseInt(currentDbVersion.getVersionParts().get(0)); final int c0 = Integer.parseInt(currentDbVersion.getVersionParts().get(0));
int e1 = Integer.parseInt(appExpectedVersion.getVersionParts().get(1)); final int e1 = Integer.parseInt(appExpectedVersion.getVersionParts().get(1));
int c1 = Integer.parseInt(currentDbVersion.getVersionParts().get(1)); final int c1 = Integer.parseInt(currentDbVersion.getVersionParts().get(1));
if (e0 == c0 && e1 < c1) { if (e0 == c0 && e1 < c1) {
LOGGER.warn("A new version of dependency-check is available; consider upgrading"); LOGGER.warn("A new version of dependency-check is available; consider upgrading");
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
} else if (e0 == c0 && e1 == c1) { } else if (e0 == c0 && e1 == c1) {
//do nothing - not sure how we got here, but just incase... //do nothing - not sure how we got here, but just incase...
} else { } else {
LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.", UPGRADE_HELP_URL); LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.",
UPGRADE_HELP_URL);
throw new DatabaseException("Database schema is out of date"); throw new DatabaseException("Database schema is out of date");
} }
} }

11
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
View File

@@ -18,9 +18,6 @@
package org.owasp.dependencycheck.data.update; package org.owasp.dependencycheck.data.update;
import java.net.MalformedURLException; import java.net.MalformedURLException;
import java.sql.CallableStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Calendar; import java.util.Calendar;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
@@ -28,7 +25,6 @@ import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService; import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors; import java.util.concurrent.Executors;
import java.util.concurrent.Future; import java.util.concurrent.Future;
import static org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.DB_SCHEMA_VERSION;
import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException; import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties; import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
@@ -39,10 +35,7 @@ import org.owasp.dependencycheck.data.update.nvd.DownloadTask;
import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo; import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo;
import org.owasp.dependencycheck.data.update.nvd.ProcessTask; import org.owasp.dependencycheck.data.update.nvd.ProcessTask;
import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve; import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
import org.owasp.dependencycheck.exception.NoDataException;
import org.owasp.dependencycheck.utils.DateUtil; import org.owasp.dependencycheck.utils.DateUtil;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.DownloadFailedException;
import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.Settings;
@@ -134,7 +127,9 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
} }
/** /**
* Checks the CPE Index to ensure documents exists. * Checks the CVE Index to ensure data exists and analysis can continue.
*
* @return true if the database contains data
*/ */
private boolean dataExists() { private boolean dataExists() {
CveDB cve = null; CveDB cve = null;

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java
View File

@@ -27,7 +27,6 @@ import java.net.URL;
import java.util.concurrent.Callable; import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService; import java.util.concurrent.ExecutorService;
import java.util.concurrent.Future; import java.util.concurrent.Future;
import java.util.logging.Level;
import java.util.zip.GZIPInputStream; import java.util.zip.GZIPInputStream;
import org.apache.commons.io.FileUtils; import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.CveDB;
@@ -242,7 +241,7 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
try { try {
is = new FileInputStream(file); is = new FileInputStream(file);
byte[] buf = new byte[5]; final byte[] buf = new byte[5];
int read = 0; int read = 0;
try { try {
read = is.read(buf); read = is.read(buf);

15
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
View File

@@ -125,9 +125,14 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
Settings.cleanup(); Settings.cleanup();
} }
/**
* Gets the last project in the reactor - taking into account skipped projects.
*
* @return the last projecct in the reactor
*/
private MavenProject getLastProject() { private MavenProject getLastProject() {
for (int x = getReactorProjects().size() - 1; x >= 0; x--) { for (int x = getReactorProjects().size() - 1; x >= 0; x--) {
MavenProject p = getReactorProjects().get(x); final MavenProject p = getReactorProjects().get(x);
if (!skipProject(p)) { if (!skipProject(p)) {
return p; return p;
} }
@@ -136,8 +141,14 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
return null; return null;
} }
/**
* Tests if the project is being skipped in the Maven site report.
*
* @param project a project in the reactor
* @return true if the project is skipped; otherwise false
*/
private boolean skipProject(MavenProject project) { private boolean skipProject(MavenProject project) {
String skip = (String) project.getProperties().get("maven.site.skip"); final String skip = (String) project.getProperties().get("maven.site.skip");
return "true".equalsIgnoreCase(skip); return "true".equalsIgnoreCase(skip);
} }

1
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -24,7 +24,6 @@ import java.io.FileNotFoundException;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream; import java.io.ObjectOutputStream;
import java.util.List; import java.util.List;
import java.util.Locale; import java.util.Locale;

5
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
View File

@@ -33,9 +33,6 @@ import java.util.zip.GZIPInputStream;
import java.util.zip.InflaterInputStream; import java.util.zip.InflaterInputStream;
import static java.lang.String.format; import static java.lang.String.format;
import java.util.logging.Level;
import static org.owasp.dependencycheck.utils.Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP;
import static org.owasp.dependencycheck.utils.Settings.getBoolean;
/** /**
* A utility to download files from the Internet. * A utility to download files from the Internet.
@@ -311,7 +308,7 @@ public final class Downloader {
boolean quickQuery; boolean quickQuery;
try { try {
quickQuery = getBoolean(DOWNLOADER_QUICK_QUERY_TIMESTAMP, true); quickQuery = Settings.getBoolean(Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP, true);
} catch (InvalidSettingException e) { } catch (InvalidSettingException e) {
quickQuery = true; quickQuery = true;
} }

2
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java
View File

@@ -36,7 +36,7 @@ public class ExpectedOjectInputStream extends ObjectInputStream {
/** /**
* The list of fully qualified class names that are able to be deserialized. * The list of fully qualified class names that are able to be deserialized.
*/ */
List<String> expected = new ArrayList<String>(); private List<String> expected = new ArrayList<String>();
/** /**
* Constructs a new ExpectedOjectInputStream that can be used to securely deserialize an object by restricting the classes * Constructs a new ExpectedOjectInputStream that can be used to securely deserialize an object by restricting the classes

15
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
View File

@@ -105,19 +105,19 @@ public final class URLConnectionFactory {
* @return matching result. true: match nonProxy * @return matching result. true: match nonProxy
*/ */
private static boolean matchNonProxy(final URL url) { private static boolean matchNonProxy(final URL url) {
String host = url.getHost(); final String host = url.getHost();
// code partially from org.apache.maven.plugins.site.AbstractDeployMojo#getProxyInfo // code partially from org.apache.maven.plugins.site.AbstractDeployMojo#getProxyInfo
final String nonProxyHosts = Settings.getString(Settings.KEYS.PROXY_NON_PROXY_HOSTS); final String nonProxyHosts = Settings.getString(Settings.KEYS.PROXY_NON_PROXY_HOSTS);
if (null != nonProxyHosts) { if (null != nonProxyHosts) {
final String[] nonProxies = nonProxyHosts.split( "(,)|(;)|(\\|)" ); final String[] nonProxies = nonProxyHosts.split("(,)|(;)|(\\|)");
for (final String nonProxyHost : nonProxies) { for (final String nonProxyHost : nonProxies) {
//if ( StringUtils.contains( nonProxyHost, "*" ) ) //if ( StringUtils.contains( nonProxyHost, "*" ) )
if (null != nonProxyHost && nonProxyHost.contains("*")) { if (null != nonProxyHost && nonProxyHost.contains("*")) {
// Handle wildcard at the end, beginning or middle of the nonProxyHost // Handle wildcard at the end, beginning or middle of the nonProxyHost
final int pos = nonProxyHost.indexOf('*'); final int pos = nonProxyHost.indexOf('*');
String nonProxyHostPrefix = nonProxyHost.substring(0, pos); final String nonProxyHostPrefix = nonProxyHost.substring(0, pos);
String nonProxyHostSuffix = nonProxyHost.substring(pos + 1); final String nonProxyHostSuffix = nonProxyHost.substring(pos + 1);
// prefix* // prefix*
if (!StringUtils.isEmpty(nonProxyHostPrefix) && host.startsWith(nonProxyHostPrefix) && StringUtils.isEmpty(nonProxyHostSuffix)) { if (!StringUtils.isEmpty(nonProxyHostPrefix) && host.startsWith(nonProxyHostPrefix) && StringUtils.isEmpty(nonProxyHostSuffix)) {
return true; return true;
@@ -127,11 +127,11 @@ public final class URLConnectionFactory {
return true; return true;
} }
// prefix*suffix // prefix*suffix
if (!StringUtils.isEmpty(nonProxyHostPrefix) && host.startsWith(nonProxyHostPrefix) && !StringUtils.isEmpty(nonProxyHostSuffix) && host.endsWith(nonProxyHostSuffix)) { if (!StringUtils.isEmpty(nonProxyHostPrefix) && host.startsWith(nonProxyHostPrefix) && !StringUtils.isEmpty(nonProxyHostSuffix)
&& host.endsWith(nonProxyHostSuffix)) {
return true; return true;
} }
} } else if (host.equals(nonProxyHost)) {
else if (host.equals(nonProxyHost)) {
return true; return true;
} }
} }
@@ -139,7 +139,6 @@ public final class URLConnectionFactory {
return false; return false;
} }
/** /**
* Utility method to create an HttpURLConnection. The use of a proxy here is optional as there may be cases where a proxy is * Utility method to create an HttpURLConnection. The use of a proxy here is optional as there may be cases where a proxy is
* configured but we don't want to use it (for example, if there's an internal repository configured) * configured but we don't want to use it (for example, if there's an internal repository configured)

5
src/main/config/checkstyle-checks.xml
View File

@@ -28,9 +28,10 @@
<property name="allowLegacy" value="false"/> <property name="allowLegacy" value="false"/>
</module> </module>
<module name="Translation"> <!-- this causes a ton of noise due to how this is abused in core for dealing with database dialects.-->
<!--module name="Translation">
<property name="severity" value="warning"/> <property name="severity" value="warning"/>
</module> </module-->
<module name="FileTabCharacter"> <module name="FileTabCharacter">
<property name="eachLine" value="false"/> <property name="eachLine" value="false"/>