use try with resources

2026-04-22 08:18:45 +02:00 · 2017-03-11 13:26:56 -05:00
parent 8856ff04ec
commit 8ea6b08a0a
1 changed files with 38 additions and 65 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -247,28 +247,12 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
     * @return whether or not evidence was added to the dependency
     */
    protected boolean analyzePOM(Dependency dependency, List<ClassNameInformation> classes, Engine engine) throws AnalysisException {
-        JarFile jar = null;
-        List<String> pomEntries;
-        try {
-            jar = new JarFile(dependency.getActualFilePath());
-            pomEntries = retrievePomListing(jar);
-        } catch (IOException ex) {
-            LOGGER.warn("Unable to read JarFile '{}'.", dependency.getActualFilePath());
-            LOGGER.trace("", ex);
-            if (jar != null) {
-                try {
-                    jar.close();
-                } catch (IOException ex1) {
-                    LOGGER.trace("", ex1);
-                }
-            }
-            return false;
-        }
+        try (JarFile jar = new JarFile(dependency.getActualFilePath())) {
+            List<String> pomEntries = retrievePomListing(jar);
            if (pomEntries != null && pomEntries.size() <= 1) {
-            try {
-                String path = null;
+                String path;
+                File pomFile;
                Properties pomProperties = null;
-                File pomFile = null;
                if (pomEntries.size() == 1) {
                    path = pomEntries.get(0);
                    pomFile = extractPom(path, jar);
@@ -282,20 +266,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                    if (pom != null && pomProperties != null) {
                        pom.processProperties(pomProperties);
                    }
-                    if (pom != null) {
-                        return setPomEvidence(dependency, pom, classes);
-                    }
-                    return false;
+                    return pom != null && setPomEvidence(dependency, pom, classes);
                } else {
                    return false;
                }
-            } finally {
-                try {
-                    jar.close();
-                } catch (IOException ex) {
-                    LOGGER.trace("", ex);
-                }
-            }
            }

            //reported possible null dereference on pomEntries is on a non-feasible path
@@ -328,9 +302,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                    LOGGER.trace("", ex);
                }
            }
-        try {
-            jar.close();
        } catch (IOException ex) {
+            LOGGER.warn("Unable to read JarFile '{}'.", dependency.getActualFilePath());
            LOGGER.trace("", ex);
        }
        return false;
@@ -437,11 +410,11 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
     * otherwise false
     */
    public static boolean setPomEvidence(Dependency dependency, Model pom, List<ClassNameInformation> classes) {
+        if (pom == null) {
+            return false;
+        }
        boolean foundSomething = false;
        boolean addAsIdentifier = true;
-        if (pom == null) {
-            return foundSomething;
-        }
        String groupid = pom.getGroupId();
        String parentGroupId = pom.getParentGroupId();
        String artifactid = pom.getArtifactId();