Merge pull request #355 from hansjoachim/warnings

Warnings

dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java

@@ -479,6 +479,7 @@ public class Engine implements FileFilter {
      * @param file a file extension
      * @return true or false depending on whether or not the file extension is supported
      */
+    @Override
     public boolean accept(File file) {
         if (file == null) {
             return false;

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java

@@ -75,6 +75,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
      *
      * @return the name of the analyzer.
      */
+    @Override
     public String getName() {
         return ANALYZER_NAME;
     }
@@ -84,6 +85,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
      *
      * @return the phase that the analyzer is intended to run in.
      */
+    @Override
     public AnalysisPhase getAnalysisPhase() {
         return ANALYSIS_PHASE;
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java

@@ -69,6 +69,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
      *
      * @return the name of the analyzer.
      */
+    @Override
     public String getName() {
         return ANALYZER_NAME;
     }
@@ -78,6 +79,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
      *
      * @return the phase that the analyzer is intended to run in.
      */
+    @Override
     public AnalysisPhase getAnalysisPhase() {
         return ANALYSIS_PHASE;
     }
@@ -378,18 +380,16 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
      */
     private void addFalseNegativeCPEs(Dependency dependency) {
         //TODO move this to the hint analyzer
-        final Iterator<Identifier> itr = dependency.getIdentifiers().iterator();
+        for (final Identifier identifier : dependency.getIdentifiers()) {
-        while (itr.hasNext()) {
+            if ("cpe".equals(identifier.getType()) && identifier.getValue() != null
-            final Identifier i = itr.next();
+                    && (identifier.getValue().startsWith("cpe:/a:oracle:opensso:")
-            if ("cpe".equals(i.getType()) && i.getValue() != null
+                    || identifier.getValue().startsWith("cpe:/a:oracle:opensso_enterprise:")
-                    && (i.getValue().startsWith("cpe:/a:oracle:opensso:")
+                    || identifier.getValue().startsWith("cpe:/a:sun:opensso_enterprise:")
-                    || i.getValue().startsWith("cpe:/a:oracle:opensso_enterprise:")
+                    || identifier.getValue().startsWith("cpe:/a:sun:opensso:"))) {
-                    || i.getValue().startsWith("cpe:/a:sun:opensso_enterprise:")
+                final String newCpe = String.format("cpe:/a:sun:opensso_enterprise:%s", identifier.getValue().substring(22));
-                    || i.getValue().startsWith("cpe:/a:sun:opensso:"))) {
+                final String newCpe2 = String.format("cpe:/a:oracle:opensso_enterprise:%s", identifier.getValue().substring(22));
-                final String newCpe = String.format("cpe:/a:sun:opensso_enterprise:%s", i.getValue().substring(22));
+                final String newCpe3 = String.format("cpe:/a:sun:opensso:%s", identifier.getValue().substring(22));
-                final String newCpe2 = String.format("cpe:/a:oracle:opensso_enterprise:%s", i.getValue().substring(22));
+                final String newCpe4 = String.format("cpe:/a:oracle:opensso:%s", identifier.getValue().substring(22));
-                final String newCpe3 = String.format("cpe:/a:sun:opensso:%s", i.getValue().substring(22));
-                final String newCpe4 = String.format("cpe:/a:oracle:opensso:%s", i.getValue().substring(22));
                 try {
                     dependency.addIdentifier("cpe",
                             newCpe,

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java

@@ -48,6 +48,7 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
      *
      * @return the name of the analyzer.
      */
+    @Override
     public String getName() {
         return ANALYZER_NAME;
     }
@@ -57,6 +58,7 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
      *
      * @return the phase that the analyzer is intended to run in.
      */
+    @Override
     public AnalysisPhase getAnalysisPhase() {
         return ANALYSIS_PHASE;
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java

@@ -17,7 +17,6 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import java.io.BufferedOutputStream;
 import java.io.File;
 import java.io.FileFilter;
 import java.io.FileOutputStream;
@@ -195,6 +194,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
      *
      * @return the phase that the analyzer is intended to run in.
      */
+    @Override
     public AnalysisPhase getAnalysisPhase() {
         return ANALYSIS_PHASE;
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java

@@ -489,7 +489,7 @@ public class CveDB {
             deleteReferences = getConnection().prepareStatement(statementBundle.getString("DELETE_REFERENCE"));
             deleteSoftware = getConnection().prepareStatement(statementBundle.getString("DELETE_SOFTWARE"));
             updateVulnerability = getConnection().prepareStatement(statementBundle.getString("UPDATE_VULNERABILITY"));
-            final String ids[] = {"id"};
+            final String[] ids = {"id"};
             insertVulnerability = getConnection().prepareStatement(statementBundle.getString("INSERT_VULNERABILITY"),
                     //Statement.RETURN_GENERATED_KEYS);
                     ids);

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverShim.java

@@ -115,7 +115,7 @@ class DriverShim implements Driver {
      * @throws SQLFeatureNotSupportedException thrown if the feature is not supported
      * @see java.sql.Driver#getParentLogger()
      */
-    //@Override
+    @Override
     public java.util.logging.Logger getParentLogger() throws SQLFeatureNotSupportedException {
         //return driver.getParentLogger();
         Method m = null;

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java

@@ -697,6 +697,7 @@ public class Dependency implements Serializable, Comparable<Dependency> {
      * @param o a dependency to compare
      * @return an integer representing the natural ordering
      */
+    @Override
     public int compareTo(Dependency o) {
         return this.getFilePath().compareToIgnoreCase(o.getFilePath());
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java

@@ -235,6 +235,7 @@ public class Evidence implements Serializable, Comparable<Evidence> {
      * @param o the evidence being compared
      * @return an integer indicating the ordering of the two objects
      */
+    @Override
     public int compareTo(Evidence o) {
         if (o == null) {
             return 1;

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java

@@ -51,6 +51,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
      * Used to iterate over highest confidence evidence contained in the collection.
      */
     private static final Filter<Evidence> HIGHEST_CONFIDENCE = new Filter<Evidence>() {
+        @Override
         public boolean passes(Evidence evidence) {
             return evidence.getConfidence() == Confidence.HIGHEST;
         }
@@ -59,6 +60,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
      * Used to iterate over high confidence evidence contained in the collection.
      */
     private static final Filter<Evidence> HIGH_CONFIDENCE = new Filter<Evidence>() {
+        @Override
         public boolean passes(Evidence evidence) {
             return evidence.getConfidence() == Confidence.HIGH;
         }
@@ -67,6 +69,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
      * Used to iterate over medium confidence evidence contained in the collection.
      */
     private static final Filter<Evidence> MEDIUM_CONFIDENCE = new Filter<Evidence>() {
+        @Override
         public boolean passes(Evidence evidence) {
             return evidence.getConfidence() == Confidence.MEDIUM;
         }
@@ -75,6 +78,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
      * Used to iterate over low confidence evidence contained in the collection.
      */
     private static final Filter<Evidence> LOW_CONFIDENCE = new Filter<Evidence>() {
+        @Override
         public boolean passes(Evidence evidence) {
             return evidence.getConfidence() == Confidence.LOW;
         }
@@ -83,6 +87,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
      * Used to iterate over evidence that has was used (aka read) from the collection.
      */
     private static final Filter<Evidence> EVIDENCE_USED = new Filter<Evidence>() {
+        @Override
         public boolean passes(Evidence evidence) {
             return evidence.isUsed();
         }
@@ -222,6 +227,7 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
      *
      * @return an Iterator<Evidence>.
      */
+    @Override
     public Iterator<Evidence> iterator() {
         return list.iterator();
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Identifier.java

@@ -221,6 +221,7 @@ public class Identifier implements Serializable, Comparable<Identifier> {
      * @param o the object being compared
      * @return an integer indicating the ordering
      */
+    @Override
     public int compareTo(Identifier o) {
         if (o == null) {
             return -1;

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java

@@ -133,6 +133,7 @@ public class Reference implements Serializable, Comparable<Reference> {
      * @param o the Reference being compared
      * @return an integer indicating the ordering of the two objects
      */
+    @Override
     public int compareTo(Reference o) {
         if (source.equals(o.source)) {
             if (name.equals(o.name)) {

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java

@@ -390,6 +390,7 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
      * @return a negative integer, zero, or a positive integer as this object is less than, equal to, or greater than
      * the specified vulnerability
      */
+    @Override
     public int compareTo(Vulnerability v) {
         return v.getName().compareTo(this.getName());
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerabilityComparator.java

@@ -39,6 +39,7 @@ public class VulnerabilityComparator implements Comparator<Vulnerability>, Seria
      * @param o2 a second vulnerability
      * @return the comparison
      */
+    @Override
     public int compare(Vulnerability o1, Vulnerability o2) {
         return o2.getName().compareTo(o1.getName());
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/VelocityLoggerRedirect.java

@@ -46,6 +46,7 @@ public class VelocityLoggerRedirect implements LogChute {
      *
      * @param rsvc the RuntimeServices
      */
+    @Override
     public void init(RuntimeServices rsvc) {
         // do nothing
     }
@@ -57,6 +58,7 @@ public class VelocityLoggerRedirect implements LogChute {
      * @param level the logging level
      * @param message the message to be logged
      */
+    @Override
     public void log(int level, String message) {
         switch (level) {
             case TRACE_ID:
@@ -87,6 +89,7 @@ public class VelocityLoggerRedirect implements LogChute {
      * @param message the message to be logged
      * @param t a throwable to log
      */
+    @Override
     public void log(int level, String message, Throwable t) {
         switch (level) {
             case TRACE_ID:
@@ -115,6 +118,7 @@ public class VelocityLoggerRedirect implements LogChute {
      * @param level the logging level
      * @return true
      */
+    @Override
     public boolean isLevelEnabled(int level) {
         return true;
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java

@@ -103,6 +103,7 @@ public class DependencyVersion implements Iterable<String>, Comparable<Dependenc
      *
      * @return an iterator for the version parts
      */
+    @Override
     public Iterator<String> iterator() {
         return versionParts.iterator();
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java

@@ -18,7 +18,6 @@
 package org.owasp.dependencycheck.utils;
 
 import java.io.BufferedInputStream;
-import java.io.BufferedOutputStream;
 import java.io.Closeable;
 import java.io.File;
 import java.io.FileInputStream;
@@ -26,7 +25,6 @@ import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.FilenameFilter;
 import java.io.IOException;
-import java.io.InputStream;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Filter.java

@@ -23,6 +23,7 @@ public abstract class Filter<T> {
     public Iterable<T> filter(final Iterable<T> iterable) {
         return new Iterable<T>() {
 
+            @Override
             public Iterator<T> iterator() {
                 return filter(iterable.iterator());
             }
@@ -39,10 +40,12 @@ public abstract class Filter<T> {
             toNext();
         }
 
+        @Override
         public boolean hasNext() {
             return next != null;
         }
 
+        @Override
         public T next() {
             if (next == null) {
                 throw new NoSuchElementException();
@@ -52,6 +55,7 @@ public abstract class Filter<T> {
             return returnValue;
         }
 
+        @Override
         public void remove() {
             throw new UnsupportedOperationException();
         }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java

@@ -52,6 +52,7 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
      *
      * @throws Exception if there is a problem
      */
+    @Override
     @Before
     public void setUp() throws Exception {
         super.setUp();

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/cpe/IndexEntryTest.java

@@ -17,39 +17,14 @@
  */
 package org.owasp.dependencycheck.data.cpe;
 
-import junit.framework.TestCase;
-import org.junit.After;
-import org.junit.AfterClass;
 import org.junit.Assert;
-import org.junit.Before;
-import org.junit.BeforeClass;
 import org.junit.Test;
 
 /**
  *
  * @author Jeremy Long
  */
-public class IndexEntryTest extends TestCase {
+public class IndexEntryTest {
-
-    @BeforeClass
-    public static void setUpClass() throws Exception {
-    }
-
-    @AfterClass
-    public static void tearDownClass() throws Exception {
-    }
-
-    @Before
-    @Override
-    public void setUp() throws Exception {
-        super.setUp();
-    }
-
-    @After
-    @Override
-    public void tearDown() throws Exception {
-        super.tearDown();
-    }
 
     /**
      * Test of setName method, of class IndexEntry.

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilterTest.java

@@ -47,11 +47,13 @@ public class TokenPairConcatenatingFilterTest extends BaseTokenStreamTestCase {
     public static void tearDownClass() {
     }
 
+    @Override
     @Before
     public void setUp() throws Exception {
         super.setUp();
     }
 
+    @Override
     @After
     public void tearDown() throws Exception {
         super.tearDown();

dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/FilterTest.java

@@ -64,6 +64,7 @@ public class FilterTest {
     }
     private static final Filter<String> TEST_FILTER
             = new Filter<String>() {
+                @Override
                 public boolean passes(String str) {
                     return str.contains("keep");
                 }

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java

@@ -263,6 +263,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
      * @param locale the location
      * @return the report name
      */
+    @Override
     public String getName(Locale locale) {
         return "dependency-check:aggregate";
     }
@@ -273,6 +274,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
      * @param locale The Locale to get the description for
      * @return the description
      */
+    @Override
     public String getDescription(Locale locale) {
         return "Generates an aggregate report of all child Maven projects providing details on any "
                 + "published vulnerabilities within project dependencies. This report is a best "

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java

@@ -352,6 +352,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
      * @throws MavenReportException if a maven report exception occurs
      * @deprecated use {@link #generate(org.apache.maven.doxia.sink.Sink, java.util.Locale)} instead.
      */
+    @Override
     @Deprecated
     public final void generate(@SuppressWarnings("deprecation") org.codehaus.doxia.sink.Sink sink, Locale locale) throws MavenReportException {
         generate((Sink) sink, locale);
@@ -519,6 +520,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
      *
      * @return the output name
      */
+    @Override
     public String getOutputName() {
         if ("HTML".equalsIgnoreCase(this.format) || "ALL".equalsIgnoreCase(this.format)) {
             return "dependency-check-report";
@@ -537,6 +539,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
      *
      * @return the category name
      */
+    @Override
     public String getCategoryName() {
         return MavenReport.CATEGORY_PROJECT_REPORTS;
     }

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java

@@ -95,6 +95,7 @@ public class CheckMojo extends BaseDependencyCheckMojo {
      * @param locale the location
      * @return the report name
      */
+    @Override
     public String getName(Locale locale) {
         return "dependency-check";
     }
@@ -105,6 +106,7 @@ public class CheckMojo extends BaseDependencyCheckMojo {
      * @param locale The Locale to get the description for
      * @return the description
      */
+    @Override
     public String getDescription(Locale locale) {
         return "Generates a report providing details on any published vulnerabilities within project dependencies. "
                 + "This report is a best effort and may contain false positives and false negatives.";

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java

@@ -89,6 +89,7 @@ public class PurgeMojo extends BaseDependencyCheckMojo {
      * @param locale the location
      * @return the report name
      */
+    @Override
     public String getName(Locale locale) {
         return "dependency-check-purge";
     }
@@ -99,6 +100,7 @@ public class PurgeMojo extends BaseDependencyCheckMojo {
      * @param locale The Locale to get the description for
      * @return the description
      */
+    @Override
     public String getDescription(Locale locale) {
         return "Purges the local cache of the NVD dataT.";
     }

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java

@@ -78,6 +78,7 @@ public class UpdateMojo extends BaseDependencyCheckMojo {
      * @param locale the location
      * @return the report name
      */
+    @Override
     public String getName(Locale locale) {
         return "dependency-check-update";
     }
@@ -88,6 +89,7 @@ public class UpdateMojo extends BaseDependencyCheckMojo {
      * @param locale The Locale to get the description for
      * @return the description
      */
+    @Override
     public String getDescription(Locale locale) {
         return "Updates the local cache of the NVD data from NIST.";
     }