mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-15 08:13:43 +01:00
Jeremy Long
@@ -479,6 +479,7 @@ public class Engine implements FileFilter {
|
||||
* @param file a file extension
|
||||
* @return true or false depending on whether or not the file extension is supported
|
||||
*/
|
||||
@Override
|
||||
public boolean accept(File file) {
|
||||
if (file == null) {
|
||||
return false;
|
||||
|
||||
@@ -75,6 +75,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
||||
*
|
||||
* @return the name of the analyzer.
|
||||
*/
|
||||
@Override
|
||||
public String getName() {
|
||||
return ANALYZER_NAME;
|
||||
}
|
||||
@@ -84,6 +85,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
||||
*
|
||||
* @return the phase that the analyzer is intended to run in.
|
||||
*/
|
||||
@Override
|
||||
public AnalysisPhase getAnalysisPhase() {
|
||||
return ANALYSIS_PHASE;
|
||||
}
|
||||
|
||||
@@ -69,6 +69,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
|
||||
*
|
||||
* @return the name of the analyzer.
|
||||
*/
|
||||
@Override
|
||||
public String getName() {
|
||||
return ANALYZER_NAME;
|
||||
}
|
||||
@@ -78,6 +79,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
|
||||
*
|
||||
* @return the phase that the analyzer is intended to run in.
|
||||
*/
|
||||
@Override
|
||||
public AnalysisPhase getAnalysisPhase() {
|
||||
return ANALYSIS_PHASE;
|
||||
}
|
||||
@@ -378,18 +380,16 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
|
||||
*/
|
||||
private void addFalseNegativeCPEs(Dependency dependency) {
|
||||
//TODO move this to the hint analyzer
|
||||
final Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
|
||||
while (itr.hasNext()) {
|
||||
final Identifier i = itr.next();
|
||||
if ("cpe".equals(i.getType()) && i.getValue() != null
|
||||
&& (i.getValue().startsWith("cpe:/a:oracle:opensso:")
|
||||
|| i.getValue().startsWith("cpe:/a:oracle:opensso_enterprise:")
|
||||
|| i.getValue().startsWith("cpe:/a:sun:opensso_enterprise:")
|
||||
|| i.getValue().startsWith("cpe:/a:sun:opensso:"))) {
|
||||
final String newCpe = String.format("cpe:/a:sun:opensso_enterprise:%s", i.getValue().substring(22));
|
||||
final String newCpe2 = String.format("cpe:/a:oracle:opensso_enterprise:%s", i.getValue().substring(22));
|
||||
final String newCpe3 = String.format("cpe:/a:sun:opensso:%s", i.getValue().substring(22));
|
||||
final String newCpe4 = String.format("cpe:/a:oracle:opensso:%s", i.getValue().substring(22));
|
||||
for (final Identifier identifier : dependency.getIdentifiers()) {
|
||||
if ("cpe".equals(identifier.getType()) && identifier.getValue() != null
|
||||
&& (identifier.getValue().startsWith("cpe:/a:oracle:opensso:")
|
||||
|| identifier.getValue().startsWith("cpe:/a:oracle:opensso_enterprise:")
|
||||
|| identifier.getValue().startsWith("cpe:/a:sun:opensso_enterprise:")
|
||||
|| identifier.getValue().startsWith("cpe:/a:sun:opensso:"))) {
|
||||
final String newCpe = String.format("cpe:/a:sun:opensso_enterprise:%s", identifier.getValue().substring(22));
|
||||
final String newCpe2 = String.format("cpe:/a:oracle:opensso_enterprise:%s", identifier.getValue().substring(22));
|
||||
final String newCpe3 = String.format("cpe:/a:sun:opensso:%s", identifier.getValue().substring(22));
|
||||
final String newCpe4 = String.format("cpe:/a:oracle:opensso:%s", identifier.getValue().substring(22));
|
||||
try {
|
||||
dependency.addIdentifier("cpe",
|
||||
newCpe,
|
||||
|
||||
@@ -48,6 +48,7 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
*
|
||||
* @return the name of the analyzer.
|
||||
*/
|
||||
@Override
|
||||
public String getName() {
|
||||
return ANALYZER_NAME;
|
||||
}
|
||||
@@ -57,6 +58,7 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
*
|
||||
* @return the phase that the analyzer is intended to run in.
|
||||
*/
|
||||
@Override
|
||||
public AnalysisPhase getAnalysisPhase() {
|
||||
return ANALYSIS_PHASE;
|
||||
}
|
||||
|
||||
@@ -17,7 +17,6 @@
|
||||
*/
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import java.io.BufferedOutputStream;
|
||||
import java.io.File;
|
||||
import java.io.FileFilter;
|
||||
import java.io.FileOutputStream;
|
||||
@@ -195,6 +194,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
*
|
||||
* @return the phase that the analyzer is intended to run in.
|
||||
*/
|
||||
@Override
|
||||
public AnalysisPhase getAnalysisPhase() {
|
||||
return ANALYSIS_PHASE;
|
||||
}
|
||||
|
||||
@@ -489,7 +489,7 @@ public class CveDB {
|
||||
deleteReferences = getConnection().prepareStatement(statementBundle.getString("DELETE_REFERENCE"));
|
||||
deleteSoftware = getConnection().prepareStatement(statementBundle.getString("DELETE_SOFTWARE"));
|
||||
updateVulnerability = getConnection().prepareStatement(statementBundle.getString("UPDATE_VULNERABILITY"));
|
||||
final String ids[] = {"id"};
|
||||
final String[] ids = {"id"};
|
||||
insertVulnerability = getConnection().prepareStatement(statementBundle.getString("INSERT_VULNERABILITY"),
|
||||
//Statement.RETURN_GENERATED_KEYS);
|
||||
ids);
|
||||
|
||||
@@ -115,7 +115,7 @@ class DriverShim implements Driver {
|
||||
* @throws SQLFeatureNotSupportedException thrown if the feature is not supported
|
||||
* @see java.sql.Driver#getParentLogger()
|
||||
*/
|
||||
//@Override
|
||||
@Override
|
||||
public java.util.logging.Logger getParentLogger() throws SQLFeatureNotSupportedException {
|
||||
//return driver.getParentLogger();
|
||||
Method m = null;
|
||||
|
||||
@@ -697,6 +697,7 @@ public class Dependency implements Serializable, Comparable<Dependency> {
|
||||
* @param o a dependency to compare
|
||||
* @return an integer representing the natural ordering
|
||||
*/
|
||||
@Override
|
||||
public int compareTo(Dependency o) {
|
||||
return this.getFilePath().compareToIgnoreCase(o.getFilePath());
|
||||
}
|
||||
|
||||
@@ -235,6 +235,7 @@ public class Evidence implements Serializable, Comparable<Evidence> {
|
||||
* @param o the evidence being compared
|
||||
* @return an integer indicating the ordering of the two objects
|
||||
*/
|
||||
@Override
|
||||
public int compareTo(Evidence o) {
|
||||
if (o == null) {
|
||||
return 1;
|
||||
|
||||
@@ -51,6 +51,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
* Used to iterate over highest confidence evidence contained in the collection.
|
||||
*/
|
||||
private static final Filter<Evidence> HIGHEST_CONFIDENCE = new Filter<Evidence>() {
|
||||
@Override
|
||||
public boolean passes(Evidence evidence) {
|
||||
return evidence.getConfidence() == Confidence.HIGHEST;
|
||||
}
|
||||
@@ -59,6 +60,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
* Used to iterate over high confidence evidence contained in the collection.
|
||||
*/
|
||||
private static final Filter<Evidence> HIGH_CONFIDENCE = new Filter<Evidence>() {
|
||||
@Override
|
||||
public boolean passes(Evidence evidence) {
|
||||
return evidence.getConfidence() == Confidence.HIGH;
|
||||
}
|
||||
@@ -67,6 +69,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
* Used to iterate over medium confidence evidence contained in the collection.
|
||||
*/
|
||||
private static final Filter<Evidence> MEDIUM_CONFIDENCE = new Filter<Evidence>() {
|
||||
@Override
|
||||
public boolean passes(Evidence evidence) {
|
||||
return evidence.getConfidence() == Confidence.MEDIUM;
|
||||
}
|
||||
@@ -75,6 +78,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
* Used to iterate over low confidence evidence contained in the collection.
|
||||
*/
|
||||
private static final Filter<Evidence> LOW_CONFIDENCE = new Filter<Evidence>() {
|
||||
@Override
|
||||
public boolean passes(Evidence evidence) {
|
||||
return evidence.getConfidence() == Confidence.LOW;
|
||||
}
|
||||
@@ -83,6 +87,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
* Used to iterate over evidence that has was used (aka read) from the collection.
|
||||
*/
|
||||
private static final Filter<Evidence> EVIDENCE_USED = new Filter<Evidence>() {
|
||||
@Override
|
||||
public boolean passes(Evidence evidence) {
|
||||
return evidence.isUsed();
|
||||
}
|
||||
@@ -222,6 +227,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
*
|
||||
* @return an Iterator<Evidence>.
|
||||
*/
|
||||
@Override
|
||||
public Iterator<Evidence> iterator() {
|
||||
return list.iterator();
|
||||
}
|
||||
|
||||
@@ -221,6 +221,7 @@ public class Identifier implements Serializable, Comparable<Identifier> {
|
||||
* @param o the object being compared
|
||||
* @return an integer indicating the ordering
|
||||
*/
|
||||
@Override
|
||||
public int compareTo(Identifier o) {
|
||||
if (o == null) {
|
||||
return -1;
|
||||
|
||||
@@ -133,6 +133,7 @@ public class Reference implements Serializable, Comparable<Reference> {
|
||||
* @param o the Reference being compared
|
||||
* @return an integer indicating the ordering of the two objects
|
||||
*/
|
||||
@Override
|
||||
public int compareTo(Reference o) {
|
||||
if (source.equals(o.source)) {
|
||||
if (name.equals(o.name)) {
|
||||
|
||||
@@ -390,6 +390,7 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
|
||||
* @return a negative integer, zero, or a positive integer as this object is less than, equal to, or greater than
|
||||
* the specified vulnerability
|
||||
*/
|
||||
@Override
|
||||
public int compareTo(Vulnerability v) {
|
||||
return v.getName().compareTo(this.getName());
|
||||
}
|
||||
|
||||
@@ -39,6 +39,7 @@ public class VulnerabilityComparator implements Comparator<Vulnerability>, Seria
|
||||
* @param o2 a second vulnerability
|
||||
* @return the comparison
|
||||
*/
|
||||
@Override
|
||||
public int compare(Vulnerability o1, Vulnerability o2) {
|
||||
return o2.getName().compareTo(o1.getName());
|
||||
}
|
||||
|
||||
@@ -46,6 +46,7 @@ public class VelocityLoggerRedirect implements LogChute {
|
||||
*
|
||||
* @param rsvc the RuntimeServices
|
||||
*/
|
||||
@Override
|
||||
public void init(RuntimeServices rsvc) {
|
||||
// do nothing
|
||||
}
|
||||
@@ -57,6 +58,7 @@ public class VelocityLoggerRedirect implements LogChute {
|
||||
* @param level the logging level
|
||||
* @param message the message to be logged
|
||||
*/
|
||||
@Override
|
||||
public void log(int level, String message) {
|
||||
switch (level) {
|
||||
case TRACE_ID:
|
||||
@@ -87,6 +89,7 @@ public class VelocityLoggerRedirect implements LogChute {
|
||||
* @param message the message to be logged
|
||||
* @param t a throwable to log
|
||||
*/
|
||||
@Override
|
||||
public void log(int level, String message, Throwable t) {
|
||||
switch (level) {
|
||||
case TRACE_ID:
|
||||
@@ -115,6 +118,7 @@ public class VelocityLoggerRedirect implements LogChute {
|
||||
* @param level the logging level
|
||||
* @return true
|
||||
*/
|
||||
@Override
|
||||
public boolean isLevelEnabled(int level) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -103,6 +103,7 @@ public class DependencyVersion implements Iterable<String>, Comparable<Dependenc
|
||||
*
|
||||
* @return an iterator for the version parts
|
||||
*/
|
||||
@Override
|
||||
public Iterator<String> iterator() {
|
||||
return versionParts.iterator();
|
||||
}
|
||||
|
||||
@@ -18,7 +18,6 @@
|
||||
package org.owasp.dependencycheck.utils;
|
||||
|
||||
import java.io.BufferedInputStream;
|
||||
import java.io.BufferedOutputStream;
|
||||
import java.io.Closeable;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
@@ -26,7 +25,6 @@ import java.io.FileNotFoundException;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.FilenameFilter;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.zip.ZipEntry;
|
||||
import java.util.zip.ZipInputStream;
|
||||
|
||||
|
||||
@@ -23,6 +23,7 @@ public abstract class Filter<T> {
|
||||
public Iterable<T> filter(final Iterable<T> iterable) {
|
||||
return new Iterable<T>() {
|
||||
|
||||
@Override
|
||||
public Iterator<T> iterator() {
|
||||
return filter(iterable.iterator());
|
||||
}
|
||||
@@ -39,10 +40,12 @@ public abstract class Filter<T> {
|
||||
toNext();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasNext() {
|
||||
return next != null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public T next() {
|
||||
if (next == null) {
|
||||
throw new NoSuchElementException();
|
||||
@@ -52,6 +55,7 @@ public abstract class Filter<T> {
|
||||
return returnValue;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void remove() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
@@ -52,6 +52,7 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
|
||||
*
|
||||
* @throws Exception if there is a problem
|
||||
*/
|
||||
@Override
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
super.setUp();
|
||||
|
||||
@@ -17,39 +17,14 @@
|
||||
*/
|
||||
package org.owasp.dependencycheck.data.cpe;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public class IndexEntryTest extends TestCase {
|
||||
|
||||
@BeforeClass
|
||||
public static void setUpClass() throws Exception {
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
public static void tearDownClass() throws Exception {
|
||||
}
|
||||
|
||||
@Before
|
||||
@Override
|
||||
public void setUp() throws Exception {
|
||||
super.setUp();
|
||||
}
|
||||
|
||||
@After
|
||||
@Override
|
||||
public void tearDown() throws Exception {
|
||||
super.tearDown();
|
||||
}
|
||||
public class IndexEntryTest {
|
||||
|
||||
/**
|
||||
* Test of setName method, of class IndexEntry.
|
||||
|
||||
@@ -47,11 +47,13 @@ public class TokenPairConcatenatingFilterTest extends BaseTokenStreamTestCase {
|
||||
public static void tearDownClass() {
|
||||
}
|
||||
|
||||
@Override
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
super.setUp();
|
||||
}
|
||||
|
||||
@Override
|
||||
@After
|
||||
public void tearDown() throws Exception {
|
||||
super.tearDown();
|
||||
|
||||
@@ -64,6 +64,7 @@ public class FilterTest {
|
||||
}
|
||||
private static final Filter<String> TEST_FILTER
|
||||
= new Filter<String>() {
|
||||
@Override
|
||||
public boolean passes(String str) {
|
||||
return str.contains("keep");
|
||||
}
|
||||
|
||||
@@ -263,6 +263,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
|
||||
* @param locale the location
|
||||
* @return the report name
|
||||
*/
|
||||
@Override
|
||||
public String getName(Locale locale) {
|
||||
return "dependency-check:aggregate";
|
||||
}
|
||||
@@ -273,6 +274,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
|
||||
* @param locale The Locale to get the description for
|
||||
* @return the description
|
||||
*/
|
||||
@Override
|
||||
public String getDescription(Locale locale) {
|
||||
return "Generates an aggregate report of all child Maven projects providing details on any "
|
||||
+ "published vulnerabilities within project dependencies. This report is a best "
|
||||
|
||||
@@ -352,6 +352,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
|
||||
* @throws MavenReportException if a maven report exception occurs
|
||||
* @deprecated use {@link #generate(org.apache.maven.doxia.sink.Sink, java.util.Locale)} instead.
|
||||
*/
|
||||
@Override
|
||||
@Deprecated
|
||||
public final void generate(@SuppressWarnings("deprecation") org.codehaus.doxia.sink.Sink sink, Locale locale) throws MavenReportException {
|
||||
generate((Sink) sink, locale);
|
||||
@@ -519,6 +520,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
|
||||
*
|
||||
* @return the output name
|
||||
*/
|
||||
@Override
|
||||
public String getOutputName() {
|
||||
if ("HTML".equalsIgnoreCase(this.format) || "ALL".equalsIgnoreCase(this.format)) {
|
||||
return "dependency-check-report";
|
||||
@@ -537,6 +539,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
|
||||
*
|
||||
* @return the category name
|
||||
*/
|
||||
@Override
|
||||
public String getCategoryName() {
|
||||
return MavenReport.CATEGORY_PROJECT_REPORTS;
|
||||
}
|
||||
|
||||
@@ -95,6 +95,7 @@ public class CheckMojo extends BaseDependencyCheckMojo {
|
||||
* @param locale the location
|
||||
* @return the report name
|
||||
*/
|
||||
@Override
|
||||
public String getName(Locale locale) {
|
||||
return "dependency-check";
|
||||
}
|
||||
@@ -105,6 +106,7 @@ public class CheckMojo extends BaseDependencyCheckMojo {
|
||||
* @param locale The Locale to get the description for
|
||||
* @return the description
|
||||
*/
|
||||
@Override
|
||||
public String getDescription(Locale locale) {
|
||||
return "Generates a report providing details on any published vulnerabilities within project dependencies. "
|
||||
+ "This report is a best effort and may contain false positives and false negatives.";
|
||||
|
||||
@@ -89,6 +89,7 @@ public class PurgeMojo extends BaseDependencyCheckMojo {
|
||||
* @param locale the location
|
||||
* @return the report name
|
||||
*/
|
||||
@Override
|
||||
public String getName(Locale locale) {
|
||||
return "dependency-check-purge";
|
||||
}
|
||||
@@ -99,6 +100,7 @@ public class PurgeMojo extends BaseDependencyCheckMojo {
|
||||
* @param locale The Locale to get the description for
|
||||
* @return the description
|
||||
*/
|
||||
@Override
|
||||
public String getDescription(Locale locale) {
|
||||
return "Purges the local cache of the NVD dataT.";
|
||||
}
|
||||
|
||||
@@ -78,6 +78,7 @@ public class UpdateMojo extends BaseDependencyCheckMojo {
|
||||
* @param locale the location
|
||||
* @return the report name
|
||||
*/
|
||||
@Override
|
||||
public String getName(Locale locale) {
|
||||
return "dependency-check-update";
|
||||
}
|
||||
@@ -88,6 +89,7 @@ public class UpdateMojo extends BaseDependencyCheckMojo {
|
||||
* @param locale The Locale to get the description for
|
||||
* @return the description
|
||||
*/
|
||||
@Override
|
||||
public String getDescription(Locale locale) {
|
||||
return "Updates the local cache of the NVD data from NIST.";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user