diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java index 83bc1b012..ae1bb5e9f 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java @@ -55,7 +55,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal * The phase that this analyzer is intended to run in. */ private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_FINDING_ANALYSIS; - /** * A pattern for obtaining the first part of a filename. */ @@ -201,18 +200,19 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal || dependency2 == null || dependency2.getFileName() == null) { return false; } - String fileName1 = dependency1.getFileName(); - String fileName2 = dependency2.getFileName(); + final String fileName1 = dependency1.getFileName(); + final String fileName2 = dependency2.getFileName(); //version check - DependencyVersion version1 = DependencyVersionUtil.parseVersionFromFileName(fileName1); - DependencyVersion version2 = DependencyVersionUtil.parseVersionFromFileName(fileName2); + final DependencyVersion version1 = DependencyVersionUtil.parseVersionFromFileName(fileName1); + final DependencyVersion version2 = DependencyVersionUtil.parseVersionFromFileName(fileName2); if (version1 != null && version2 != null) { if (!version1.equals(version2)) { return false; } } - Matcher match1 = STARTING_TEXT_PATTERN.matcher(fileName1); - Matcher match2 = STARTING_TEXT_PATTERN.matcher(fileName2); + //filename check + final Matcher match1 = STARTING_TEXT_PATTERN.matcher(fileName1); + final Matcher match2 = STARTING_TEXT_PATTERN.matcher(fileName2); if (match1.find() && match2.find()) { return match1.group().equals(match2.group()); } diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 59f41502d..0161e4143 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -47,7 +47,6 @@ import java.util.zip.ZipEntry; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBElement; import javax.xml.bind.Unmarshaller; -import javax.xml.bind.UnmarshallerHandler; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; import javax.xml.transform.sax.SAXSource; @@ -311,7 +310,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { final List pomEntries = new ArrayList(); final Enumeration entries = jar.entries(); while (entries.hasMoreElements()) { - JarEntry entry = entries.nextElement(); + final JarEntry entry = entries.nextElement(); final String entryName = (new File(entry.getName())).getName().toLowerCase(); if (!entry.isDirectory() && "pom.xml".equals(entryName)) { pomEntries.add(entry.getName()); @@ -332,16 +331,16 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { if (entry != null) { //should never be null Model m = null; try { - XMLFilter filter = new MavenNamespaceFilter(); - SAXParserFactory spf = SAXParserFactory.newInstance(); - SAXParser sp = spf.newSAXParser(); - XMLReader xr = sp.getXMLReader(); + final XMLFilter filter = new MavenNamespaceFilter(); + final SAXParserFactory spf = SAXParserFactory.newInstance(); + final SAXParser sp = spf.newSAXParser(); + final XMLReader xr = sp.getXMLReader(); filter.setParent(xr); - NonClosingStream stream = new NonClosingStream(jar.getInputStream(entry)); - InputStreamReader reader = new InputStreamReader(stream); - InputSource xml = new InputSource(reader); - SAXSource source = new SAXSource(filter, xml); - JAXBElement el = pomUnmarshaller.unmarshal(source, Model.class); + final NonClosingStream stream = new NonClosingStream(jar.getInputStream(entry)); + final InputStreamReader reader = new InputStreamReader(stream); + final InputSource xml = new InputSource(reader); + final SAXSource source = new SAXSource(filter, xml); + final JAXBElement el = pomUnmarshaller.unmarshal(source, Model.class); m = el.getValue(); } catch (ParserConfigurationException ex) { Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex); diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/pom/MavenNamespaceFilter.java b/src/main/java/org/owasp/dependencycheck/analyzer/pom/MavenNamespaceFilter.java index 3a5c3754b..fb4446d94 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/pom/MavenNamespaceFilter.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/pom/MavenNamespaceFilter.java @@ -1,6 +1,20 @@ /* - * To change this template, choose Tools | Templates - * and open the template in the editor. + * This file is part of Dependency-Check. + * + * Dependency-Check is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * Dependency-Check is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * Dependency-Check. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2013 Jeremy Long. All Rights Reserved. */ package org.owasp.dependencycheck.analyzer.pom; @@ -63,7 +77,7 @@ public class MavenNamespaceFilter extends XMLFilterImpl { } /** - * Called when prefix mapping + * Called when prefix mapping is started. * @param prefix the prefix * @param url the url * @throws SAXException thrown if there is a SAXException