mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 07:43:40 +01:00
formating and codacy recommended updates
This commit is contained in:
Jeremy Long
@@ -119,7 +119,7 @@ class AnalysisTask implements Callable<Void> {
|
||||
*
|
||||
* @return whether or not the analyzer can analyze the dependency
|
||||
*/
|
||||
boolean shouldAnalyze() {
|
||||
protected boolean shouldAnalyze() {
|
||||
if (analyzer instanceof FileTypeAnalyzer) {
|
||||
final FileTypeAnalyzer fileTypeAnalyzer = (FileTypeAnalyzer) analyzer;
|
||||
return fileTypeAnalyzer.accept(dependency.getActualFile());
|
||||
|
||||
@@ -557,7 +557,7 @@ public class Engine implements FileFilter {
|
||||
* @param analyzer the analyzer to execute
|
||||
* @throws ExceptionCollection thrown if exceptions occurred during analysis
|
||||
*/
|
||||
void executeAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) throws ExceptionCollection {
|
||||
protected void executeAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) throws ExceptionCollection {
|
||||
LOGGER.debug("Starting {}", analyzer.getName());
|
||||
final List<AnalysisTask> analysisTasks = getAnalysisTasks(analyzer, exceptions);
|
||||
final ExecutorService executorService = getExecutorService(analyzer);
|
||||
|
||||
@@ -70,26 +70,26 @@ public class CPEAnalyzer extends AbstractAnalyzer {
|
||||
/**
|
||||
* The maximum number of query results to return.
|
||||
*/
|
||||
static final int MAX_QUERY_RESULTS = 25;
|
||||
private static final int MAX_QUERY_RESULTS = 25;
|
||||
/**
|
||||
* The weighting boost to give terms when constructing the Lucene query.
|
||||
*/
|
||||
static final String WEIGHTING_BOOST = "^5";
|
||||
private static final String WEIGHTING_BOOST = "^5";
|
||||
/**
|
||||
* A string representation of a regular expression defining characters
|
||||
* utilized within the CPE Names.
|
||||
*/
|
||||
static final String CLEANSE_CHARACTER_RX = "[^A-Za-z0-9 ._-]";
|
||||
private static final String CLEANSE_CHARACTER_RX = "[^A-Za-z0-9 ._-]";
|
||||
/**
|
||||
* A string representation of a regular expression used to remove all but
|
||||
* alpha characters.
|
||||
*/
|
||||
static final String CLEANSE_NONALPHA_RX = "[^A-Za-z]*";
|
||||
private static final String CLEANSE_NONALPHA_RX = "[^A-Za-z]*";
|
||||
/**
|
||||
* The additional size to add to a new StringBuilder to account for extra
|
||||
* data that will be written into the string.
|
||||
*/
|
||||
static final int STRING_BUILDER_BUFFER = 20;
|
||||
private static final int STRING_BUILDER_BUFFER = 20;
|
||||
/**
|
||||
* The CPE in memory index.
|
||||
*/
|
||||
|
||||
@@ -384,7 +384,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer {
|
||||
* @return a boolean indicating whether or not the left dependency should be
|
||||
* considered the "core" version.
|
||||
*/
|
||||
boolean isCore(Dependency left, Dependency right) {
|
||||
protected boolean isCore(Dependency left, Dependency right) {
|
||||
final String leftName = left.getFileName().toLowerCase();
|
||||
final String rightName = right.getFileName().toLowerCase();
|
||||
|
||||
|
||||
@@ -47,7 +47,7 @@ public class NvdCveAnalyzer extends AbstractAnalyzer {
|
||||
/**
|
||||
* The maximum number of query results to return.
|
||||
*/
|
||||
static final int MAX_QUERY_RESULTS = 100;
|
||||
private static final int MAX_QUERY_RESULTS = 100;
|
||||
/**
|
||||
* The CVE Index.
|
||||
*/
|
||||
|
||||
@@ -102,7 +102,7 @@ public class OpenSSLAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* @param openSSLVersionConstant The open SSL version
|
||||
* @return the version of openssl
|
||||
*/
|
||||
static String getOpenSSLVersion(long openSSLVersionConstant) {
|
||||
protected static String getOpenSSLVersion(long openSSLVersionConstant) {
|
||||
final long major = openSSLVersionConstant >>> MAJOR_OFFSET;
|
||||
final long minor = (openSSLVersionConstant & MINOR_MASK) >>> MINOR_OFFSET;
|
||||
final long fix = (openSSLVersionConstant & FIX_MASK) >>> FIX_OFFSET;
|
||||
|
||||
@@ -31,7 +31,7 @@ public class IndexEntry implements Serializable {
|
||||
/**
|
||||
* the serial version uid.
|
||||
*/
|
||||
static final long serialVersionUID = 8011924485946326934L;
|
||||
private static final long serialVersionUID = 8011924485946326934L;
|
||||
/**
|
||||
* The vendor name.
|
||||
*/
|
||||
|
||||
@@ -156,10 +156,7 @@ public final class TokenPairConcatenatingFilter extends TokenFilter {
|
||||
if ((this.previousWord == null) ? (other.previousWord != null) : !this.previousWord.equals(other.previousWord)) {
|
||||
return false;
|
||||
}
|
||||
if (this.words != other.words && (this.words == null || !this.words.equals(other.words))) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
return !(this.words != other.words && (this.words == null || !this.words.equals(other.words)));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -259,7 +259,7 @@ public class CveDB {
|
||||
*
|
||||
* @return the properties from the database
|
||||
*/
|
||||
synchronized Properties getProperties() {
|
||||
public synchronized Properties getProperties() {
|
||||
final Properties prop = new Properties();
|
||||
PreparedStatement ps = null;
|
||||
ResultSet rs = null;
|
||||
@@ -285,7 +285,7 @@ public class CveDB {
|
||||
* @param key the property key
|
||||
* @param value the property value
|
||||
*/
|
||||
synchronized void saveProperty(String key, String value) {
|
||||
public synchronized void saveProperty(String key, String value) {
|
||||
try {
|
||||
try {
|
||||
final PreparedStatement mergeProperty = getConnection().prepareStatement(statementBundle.getString("MERGE_PROPERTY"));
|
||||
@@ -703,7 +703,7 @@ public class CveDB {
|
||||
* analyzed
|
||||
* @return true if the identified version is affected, otherwise false
|
||||
*/
|
||||
Entry<String, Boolean> getMatchingSoftware(Map<String, Boolean> vulnerableSoftware, String vendor, String product,
|
||||
protected Entry<String, Boolean> getMatchingSoftware(Map<String, Boolean> vulnerableSoftware, String vendor, String product,
|
||||
DependencyVersion identifiedVersion) {
|
||||
|
||||
final boolean isVersionTwoADifferentProduct = "apache".equals(vendor) && "struts".equals(product);
|
||||
|
||||
@@ -125,7 +125,7 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
|
||||
}
|
||||
}
|
||||
|
||||
void initializeExecutorServices() {
|
||||
protected void initializeExecutorServices() {
|
||||
processingExecutorService = Executors.newFixedThreadPool(PROCESSING_THREAD_POOL_SIZE);
|
||||
downloadExecutorService = Executors.newFixedThreadPool(DOWNLOAD_THREAD_POOL_SIZE);
|
||||
LOGGER.debug("#download threads: {}", DOWNLOAD_THREAD_POOL_SIZE);
|
||||
@@ -280,7 +280,7 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
|
||||
* @throws UpdateException Is thrown if there is an issue with the last
|
||||
* updated properties file
|
||||
*/
|
||||
final UpdateableNvdCve getUpdatesNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
|
||||
protected final UpdateableNvdCve getUpdatesNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
|
||||
LOGGER.info("starting getUpdatesNeeded() ...");
|
||||
UpdateableNvdCve updates;
|
||||
try {
|
||||
|
||||
@@ -191,10 +191,7 @@ public class Identifier implements Serializable, Comparable<Identifier> {
|
||||
if ((this.value == null) ? (other.value != null) : !this.value.equals(other.value)) {
|
||||
return false;
|
||||
}
|
||||
if ((this.type == null) ? (other.type != null) : !this.type.equals(other.type)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
return !((this.type == null) ? (other.type != null) : !this.type.equals(other.type));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -119,10 +119,7 @@ public class Reference implements Serializable, Comparable<Reference> {
|
||||
if ((this.url == null) ? (other.url != null) : !this.url.equals(other.url)) {
|
||||
return false;
|
||||
}
|
||||
if ((this.source == null) ? (other.source != null) : !this.source.equals(other.source)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
return !((this.source == null) ? (other.source != null) : !this.source.equals(other.source));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -374,10 +374,7 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
|
||||
return false;
|
||||
}
|
||||
final Vulnerability other = (Vulnerability) obj;
|
||||
if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
return !((this.name == null) ? (other.name != null) : !this.name.equals(other.name));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -107,6 +107,7 @@ public class VelocityLoggerRedirect implements LogChute {
|
||||
break;
|
||||
default:
|
||||
LOGGER.info(message, t);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -119,9 +119,6 @@ public class Pair<L, R> {
|
||||
if (this.left != other.left && (this.left == null || !this.left.equals(other.left))) {
|
||||
return false;
|
||||
}
|
||||
if (this.right != other.right && (this.right == null || !this.right.equals(other.right))) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
return !(this.right != other.right && (this.right == null || !this.right.equals(other.right)));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -117,10 +117,7 @@ public class License {
|
||||
if ((this.url == null) ? (other.url != null) : !this.url.equals(other.url)) {
|
||||
return false;
|
||||
}
|
||||
if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
return !((this.name == null) ? (other.name != null) : !this.name.equals(other.name));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -163,10 +163,7 @@ public class PropertyType {
|
||||
if (this.regex != other.regex) {
|
||||
return false;
|
||||
}
|
||||
if (this.caseSensitive != other.caseSensitive) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
return this.caseSensitive == other.caseSensitive;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -35,6 +35,38 @@ public class SuppressionRule {
|
||||
*/
|
||||
private PropertyType filePath;
|
||||
|
||||
/**
|
||||
* The SHA1 hash.
|
||||
*/
|
||||
private String sha1;
|
||||
/**
|
||||
* A list of CPEs to suppression
|
||||
*/
|
||||
private List<PropertyType> cpe = new ArrayList<>();
|
||||
/**
|
||||
* The list of cvssBelow scores.
|
||||
*/
|
||||
private List<Float> cvssBelow = new ArrayList<>();
|
||||
/**
|
||||
* The list of CWE entries to suppress.
|
||||
*/
|
||||
private List<String> cwe = new ArrayList<>();
|
||||
/**
|
||||
* The list of CVE entries to suppress.
|
||||
*/
|
||||
private List<String> cve = new ArrayList<>();
|
||||
/**
|
||||
* A Maven GAV to suppression.
|
||||
*/
|
||||
private PropertyType gav = null;
|
||||
|
||||
/**
|
||||
* A flag indicating whether or not the suppression rule is a core/base rule
|
||||
* that should not be included in the resulting report in the "suppressed"
|
||||
* section.
|
||||
*/
|
||||
private boolean base;
|
||||
|
||||
/**
|
||||
* Get the value of filePath.
|
||||
*
|
||||
@@ -52,10 +84,6 @@ public class SuppressionRule {
|
||||
public void setFilePath(PropertyType filePath) {
|
||||
this.filePath = filePath;
|
||||
}
|
||||
/**
|
||||
* The sha1 hash.
|
||||
*/
|
||||
private String sha1;
|
||||
|
||||
/**
|
||||
* Get the value of sha1.
|
||||
@@ -67,40 +95,36 @@ public class SuppressionRule {
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the value of sha1.
|
||||
* Set the value of SHA1.
|
||||
*
|
||||
* @param sha1 new value of sha1
|
||||
* @param sha1 new value of SHA1
|
||||
*/
|
||||
public void setSha1(String sha1) {
|
||||
this.sha1 = sha1;
|
||||
}
|
||||
/**
|
||||
* A list of CPEs to suppression
|
||||
*/
|
||||
private List<PropertyType> cpe = new ArrayList<PropertyType>();
|
||||
|
||||
/**
|
||||
* Get the value of cpe.
|
||||
* Get the value of CPE.
|
||||
*
|
||||
* @return the value of cpe
|
||||
* @return the value of CPE
|
||||
*/
|
||||
public List<PropertyType> getCpe() {
|
||||
return cpe;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the value of cpe.
|
||||
* Set the value of CPE.
|
||||
*
|
||||
* @param cpe new value of cpe
|
||||
* @param cpe new value of CPE
|
||||
*/
|
||||
public void setCpe(List<PropertyType> cpe) {
|
||||
this.cpe = cpe;
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds the cpe to the cpe list.
|
||||
* Adds the CPE to the CPE list.
|
||||
*
|
||||
* @param cpe the cpe to add
|
||||
* @param cpe the CPE to add
|
||||
*/
|
||||
public void addCpe(PropertyType cpe) {
|
||||
this.cpe.add(cpe);
|
||||
@@ -114,10 +138,6 @@ public class SuppressionRule {
|
||||
public boolean hasCpe() {
|
||||
return !cpe.isEmpty();
|
||||
}
|
||||
/**
|
||||
* The list of cvssBelow scores.
|
||||
*/
|
||||
private List<Float> cvssBelow = new ArrayList<Float>();
|
||||
|
||||
/**
|
||||
* Get the value of cvssBelow.
|
||||
@@ -138,49 +158,45 @@ public class SuppressionRule {
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds the cvss to the cvssBelow list.
|
||||
* Adds the CVSS to the cvssBelow list.
|
||||
*
|
||||
* @param cvss the cvss to add
|
||||
* @param cvss the CVSS to add
|
||||
*/
|
||||
public void addCvssBelow(Float cvss) {
|
||||
this.cvssBelow.add(cvss);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether or not this suppression rule has cvss suppressions.
|
||||
* Returns whether or not this suppression rule has CVSS suppressions.
|
||||
*
|
||||
* @return whether or not this suppression rule has cvss suppressions
|
||||
* @return whether or not this suppression rule has CVSS suppressions
|
||||
*/
|
||||
public boolean hasCvssBelow() {
|
||||
return !cvssBelow.isEmpty();
|
||||
}
|
||||
/**
|
||||
* The list of cwe entries to suppress.
|
||||
*/
|
||||
private List<String> cwe = new ArrayList<String>();
|
||||
|
||||
/**
|
||||
* Get the value of cwe.
|
||||
* Get the value of CWE.
|
||||
*
|
||||
* @return the value of cwe
|
||||
* @return the value of CWE
|
||||
*/
|
||||
public List<String> getCwe() {
|
||||
return cwe;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the value of cwe.
|
||||
* Set the value of CWE.
|
||||
*
|
||||
* @param cwe new value of cwe
|
||||
* @param cwe new value of CWE
|
||||
*/
|
||||
public void setCwe(List<String> cwe) {
|
||||
this.cwe = cwe;
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds the cwe to the cwe list.
|
||||
* Adds the CWE to the CWE list.
|
||||
*
|
||||
* @param cwe the cwe to add
|
||||
* @param cwe the CWE to add
|
||||
*/
|
||||
public void addCwe(String cwe) {
|
||||
this.cwe.add(cwe);
|
||||
@@ -194,33 +210,29 @@ public class SuppressionRule {
|
||||
public boolean hasCwe() {
|
||||
return !cwe.isEmpty();
|
||||
}
|
||||
/**
|
||||
* The list of cve entries to suppress.
|
||||
*/
|
||||
private List<String> cve = new ArrayList<String>();
|
||||
|
||||
/**
|
||||
* Get the value of cve.
|
||||
* Get the value of CVE.
|
||||
*
|
||||
* @return the value of cve
|
||||
* @return the value of CVE
|
||||
*/
|
||||
public List<String> getCve() {
|
||||
return cve;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the value of cve.
|
||||
* Set the value of CVE.
|
||||
*
|
||||
* @param cve new value of cve
|
||||
* @param cve new value of CVE
|
||||
*/
|
||||
public void setCve(List<String> cve) {
|
||||
this.cve = cve;
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds the cve to the cve list.
|
||||
* Adds the CVE to the CVE list.
|
||||
*
|
||||
* @param cve the cve to add
|
||||
* @param cve the CVE to add
|
||||
*/
|
||||
public void addCve(String cve) {
|
||||
this.cve.add(cve);
|
||||
@@ -234,15 +246,11 @@ public class SuppressionRule {
|
||||
public boolean hasCve() {
|
||||
return !cve.isEmpty();
|
||||
}
|
||||
/**
|
||||
* A Maven GAV to suppression.
|
||||
*/
|
||||
private PropertyType gav = null;
|
||||
|
||||
/**
|
||||
* Get the value of Maven GAV.
|
||||
*
|
||||
* @return the value of gav
|
||||
* @return the value of GAV
|
||||
*/
|
||||
public PropertyType getGav() {
|
||||
return gav;
|
||||
@@ -251,7 +259,7 @@ public class SuppressionRule {
|
||||
/**
|
||||
* Set the value of Maven GAV.
|
||||
*
|
||||
* @param gav new value of Maven gav
|
||||
* @param gav new value of Maven GAV
|
||||
*/
|
||||
public void setGav(PropertyType gav) {
|
||||
this.gav = gav;
|
||||
@@ -266,12 +274,6 @@ public class SuppressionRule {
|
||||
return gav != null;
|
||||
}
|
||||
|
||||
/**
|
||||
* A flag indicating whether or not the suppression rule is a core/base rule that should not be included in the resulting
|
||||
* report in the "suppressed" section.
|
||||
*/
|
||||
private boolean base;
|
||||
|
||||
/**
|
||||
* Get the value of base.
|
||||
*
|
||||
@@ -291,8 +293,9 @@ public class SuppressionRule {
|
||||
}
|
||||
|
||||
/**
|
||||
* Processes a given dependency to determine if any CPE, CVE, CWE, or CVSS scores should be suppressed. If any should be, they
|
||||
* are removed from the dependency.
|
||||
* Processes a given dependency to determine if any CPE, CVE, CWE, or CVSS
|
||||
* scores should be suppressed. If any should be, they are removed from the
|
||||
* dependency.
|
||||
*
|
||||
* @param dependency a project dependency to analyze
|
||||
*/
|
||||
@@ -375,23 +378,26 @@ public class SuppressionRule {
|
||||
}
|
||||
|
||||
/**
|
||||
* Identifies if the cpe specified by the cpe suppression rule does not specify a version.
|
||||
* Identifies if the cpe specified by the cpe suppression rule does not
|
||||
* specify a version.
|
||||
*
|
||||
* @param c a suppression rule identifier
|
||||
* @return true if the property type does not specify a version; otherwise false
|
||||
* @return true if the property type does not specify a version; otherwise
|
||||
* false
|
||||
*/
|
||||
boolean cpeHasNoVersion(PropertyType c) {
|
||||
protected boolean cpeHasNoVersion(PropertyType c) {
|
||||
return !c.isRegex() && countCharacter(c.getValue(), ':') <= 3;
|
||||
}
|
||||
|
||||
/**
|
||||
* Counts the number of occurrences of the character found within the string.
|
||||
* Counts the number of occurrences of the character found within the
|
||||
* string.
|
||||
*
|
||||
* @param str the string to check
|
||||
* @param c the character to count
|
||||
* @return the number of times the character is found in the string
|
||||
*/
|
||||
int countCharacter(String str, char c) {
|
||||
private int countCharacter(String str, char c) {
|
||||
int count = 0;
|
||||
int pos = str.indexOf(c) + 1;
|
||||
while (pos > 0) {
|
||||
@@ -402,7 +408,8 @@ public class SuppressionRule {
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if the cpeEntry specified as a PropertyType matches the given Identifier.
|
||||
* Determines if the cpeEntry specified as a PropertyType matches the given
|
||||
* Identifier.
|
||||
*
|
||||
* @param identifierType the type of identifier ("cpe", "maven", etc.)
|
||||
* @param suppressionEntry a suppression rule entry
|
||||
|
||||
@@ -17,13 +17,13 @@ import org.owasp.dependencycheck.utils.Settings;
|
||||
public class AnalysisTaskTest extends BaseTest {
|
||||
|
||||
@Mocked
|
||||
FileTypeAnalyzer fileTypeAnalyzer;
|
||||
private FileTypeAnalyzer fileTypeAnalyzer;
|
||||
|
||||
@Mocked
|
||||
Dependency dependency;
|
||||
private Dependency dependency;
|
||||
|
||||
@Mocked
|
||||
Engine engine;
|
||||
private Engine engine;
|
||||
|
||||
|
||||
@Test
|
||||
|
||||
@@ -25,7 +25,6 @@ import java.io.FileOutputStream;
|
||||
import java.util.zip.ZipEntry;
|
||||
import java.util.zip.ZipInputStream;
|
||||
import org.junit.Before;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@@ -54,10 +53,10 @@ public abstract class BaseDBTestCase extends BaseTest {
|
||||
f.delete();
|
||||
}
|
||||
|
||||
java.io.File dataPath = Settings.getDataDirectory();
|
||||
File dataPath = Settings.getDataDirectory();
|
||||
String fileName = Settings.getString(Settings.KEYS.DB_FILE_NAME);
|
||||
LOGGER.trace("DB file name {}", fileName);
|
||||
java.io.File dataFile = new File(dataPath, fileName);
|
||||
File dataFile = new File(dataPath, fileName);
|
||||
LOGGER.trace("Ensuring {} exists", dataFile.toString());
|
||||
if (!dataPath.exists() || !dataFile.exists()) {
|
||||
LOGGER.trace("Extracting database to {}", dataPath.toString());
|
||||
|
||||
@@ -46,9 +46,11 @@ public class EngineTest extends BaseDBTestCase {
|
||||
@Mocked
|
||||
private AnalysisTask analysisTask;
|
||||
|
||||
|
||||
/**
|
||||
* Test of scanFile method, of class Engine.
|
||||
*
|
||||
* @throws org.owasp.dependencycheck.data.nvdcve.DatabaseException thrown is
|
||||
* there is an exception
|
||||
*/
|
||||
@Test
|
||||
public void testScanFile() throws DatabaseException {
|
||||
@@ -64,30 +66,34 @@ public class EngineTest extends BaseDBTestCase {
|
||||
Dependency secondDwr = instance.scanFile(file);
|
||||
|
||||
assertEquals(2, instance.getDependencies().size());
|
||||
assertTrue(dwr == secondDwr);
|
||||
assertEquals(dwr, secondDwr);
|
||||
}
|
||||
|
||||
@Test(expected = ExceptionCollection.class)
|
||||
public void exceptionDuringAnalysisTaskExecutionIsFatal() throws DatabaseException, ExceptionCollection {
|
||||
final ExecutorService executorService = Executors.newFixedThreadPool(3);
|
||||
final Engine instance = new Engine();
|
||||
final List<Throwable> exceptions = new ArrayList<Throwable>();
|
||||
final List<Throwable> exceptions = new ArrayList<>();
|
||||
|
||||
new Expectations() {{
|
||||
analysisTask.call();
|
||||
result = new IllegalStateException("Analysis task execution threw an exception");
|
||||
}};
|
||||
new Expectations() {
|
||||
{
|
||||
analysisTask.call();
|
||||
result = new IllegalStateException("Analysis task execution threw an exception");
|
||||
}
|
||||
};
|
||||
|
||||
final List<AnalysisTask> failingAnalysisTask = new ArrayList<AnalysisTask>();
|
||||
final List<AnalysisTask> failingAnalysisTask = new ArrayList<>();
|
||||
failingAnalysisTask.add(analysisTask);
|
||||
|
||||
new Expectations(instance) {{
|
||||
instance.getExecutorService(analyzer);
|
||||
result = executorService;
|
||||
new Expectations(instance) {
|
||||
{
|
||||
instance.getExecutorService(analyzer);
|
||||
result = executorService;
|
||||
|
||||
instance.getAnalysisTasks(analyzer, exceptions);
|
||||
result = failingAnalysisTask;
|
||||
}};
|
||||
instance.getAnalysisTasks(analyzer, exceptions);
|
||||
result = failingAnalysisTask;
|
||||
}
|
||||
};
|
||||
|
||||
instance.executeAnalysisTasks(analyzer, exceptions);
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ public class AssemblyAnalyzerTest extends BaseTest {
|
||||
|
||||
private static final String LOG_KEY = "org.slf4j.simpleLogger.org.owasp.dependencycheck.analyzer.AssemblyAnalyzer";
|
||||
|
||||
AssemblyAnalyzer analyzer;
|
||||
private AssemblyAnalyzer analyzer;
|
||||
|
||||
/**
|
||||
* Sets up the analyzer.
|
||||
|
||||
@@ -43,7 +43,7 @@ public class AutoconfAnalyzerTest extends BaseTest {
|
||||
/**
|
||||
* The analyzer to test.
|
||||
*/
|
||||
AutoconfAnalyzer analyzer;
|
||||
private AutoconfAnalyzer analyzer;
|
||||
|
||||
private void assertCommonEvidence(Dependency result, String product,
|
||||
String version, String vendor) {
|
||||
|
||||
@@ -53,7 +53,7 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
|
||||
/**
|
||||
* The package analyzer to test.
|
||||
*/
|
||||
CMakeAnalyzer analyzer;
|
||||
private CMakeAnalyzer analyzer;
|
||||
|
||||
/**
|
||||
* Setup the CmakeAnalyzer.
|
||||
|
||||
@@ -47,7 +47,7 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {
|
||||
/**
|
||||
* The analyzer to test.
|
||||
*/
|
||||
ComposerLockAnalyzer analyzer;
|
||||
private ComposerLockAnalyzer analyzer;
|
||||
|
||||
/**
|
||||
* Correctly setup the analyzer for testing.
|
||||
|
||||
@@ -34,7 +34,7 @@ import static org.junit.Assert.assertTrue;
|
||||
public class DependencyBundlingAnalyzerTest extends BaseTest {
|
||||
|
||||
@Mocked
|
||||
Engine engineMock;
|
||||
private Engine engineMock;
|
||||
|
||||
/**
|
||||
* Test of getName method, of class DependencyBundlingAnalyzer.
|
||||
|
||||
@@ -40,7 +40,7 @@ public class NodePackageAnalyzerTest extends BaseTest {
|
||||
/**
|
||||
* The analyzer to test.
|
||||
*/
|
||||
NodePackageAnalyzer analyzer;
|
||||
private NodePackageAnalyzer analyzer;
|
||||
|
||||
/**
|
||||
* Correctly setup the analyzer for testing.
|
||||
|
||||
@@ -57,7 +57,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
|
||||
/**
|
||||
* The analyzer to test.
|
||||
*/
|
||||
RubyBundleAuditAnalyzer analyzer;
|
||||
private RubyBundleAuditAnalyzer analyzer;
|
||||
|
||||
/**
|
||||
* Correctly setup the analyzer for testing.
|
||||
|
||||
@@ -40,7 +40,7 @@ public class RubyGemspecAnalyzerTest extends BaseTest {
|
||||
/**
|
||||
* The analyzer to test.
|
||||
*/
|
||||
RubyGemspecAnalyzer analyzer;
|
||||
private RubyGemspecAnalyzer analyzer;
|
||||
|
||||
/**
|
||||
* Correctly setup the analyzer for testing.
|
||||
|
||||
@@ -20,6 +20,7 @@ package org.owasp.dependencycheck.data.nvdcve;
|
||||
import org.owasp.dependencycheck.BaseDBTestCase;
|
||||
import java.util.Properties;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo;
|
||||
@@ -40,8 +41,7 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
|
||||
cveDB = new CveDB();
|
||||
cveDB.open();
|
||||
DatabaseProperties instance = cveDB.getDatabaseProperties();
|
||||
boolean expResult = false;
|
||||
boolean result = instance.isEmpty();
|
||||
assertNotNull(instance);
|
||||
//no exception means the call worked... whether or not it is empty depends on if the db is new
|
||||
//assertEquals(expResult, result);
|
||||
} finally {
|
||||
|
||||
@@ -18,8 +18,10 @@
|
||||
package org.owasp.dependencycheck.data.update;
|
||||
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.fail;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.data.update.exception.UpdateException;
|
||||
import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
|
||||
|
||||
/**
|
||||
@@ -38,9 +40,13 @@ import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
|
||||
* Test of update method.
|
||||
*/
|
||||
@Test
|
||||
public void testUpdate() throws Exception {
|
||||
NvdCveUpdater instance = getUpdater();
|
||||
instance.update();
|
||||
public void testUpdate() {
|
||||
try {
|
||||
NvdCveUpdater instance = getUpdater();
|
||||
instance.update();
|
||||
} catch (UpdateException ex) {
|
||||
fail(ex.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -23,9 +23,7 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
import javax.xml.parsers.SAXParser;
|
||||
import javax.xml.parsers.SAXParserFactory;
|
||||
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
|
||||
@@ -47,6 +45,6 @@ public class NvdCve_1_2_HandlerTest extends BaseTest {
|
||||
NvdCve12Handler instance = new NvdCve12Handler();
|
||||
saxParser.parse(file, instance);
|
||||
Map<String, List<VulnerableSoftware>> results = instance.getVulnerabilities();
|
||||
assertTrue("No vulnerable software identified with a previous version in 2012 CVE 1.2?", !results.isEmpty());
|
||||
assertFalse("No vulnerable software identified with a previous version in 2012 CVE 1.2?", results.isEmpty());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -48,9 +48,10 @@ public class ModelTest extends BaseTest {
|
||||
*/
|
||||
@Test
|
||||
public void testSetName() {
|
||||
String name = "";
|
||||
String name = "name";
|
||||
Model instance = new Model();
|
||||
instance.setName(name);
|
||||
assertEquals("name", instance.getName());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -209,9 +210,10 @@ public class ModelTest extends BaseTest {
|
||||
*/
|
||||
@Test
|
||||
public void testSetParentArtifactId() {
|
||||
String parentArtifactId = "";
|
||||
String parentArtifactId = "something";
|
||||
Model instance = new Model();
|
||||
instance.setParentArtifactId(parentArtifactId);
|
||||
assertNotNull(instance.getParentArtifactId());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -231,9 +233,10 @@ public class ModelTest extends BaseTest {
|
||||
*/
|
||||
@Test
|
||||
public void testSetParentVersion() {
|
||||
String parentVersion = "";
|
||||
String parentVersion = "1.0";
|
||||
Model instance = new Model();
|
||||
instance.setParentVersion(parentVersion);
|
||||
assertNotNull(instance.getParentVersion());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -257,6 +260,7 @@ public class ModelTest extends BaseTest {
|
||||
License license = new License("name", "url");
|
||||
Model instance = new Model();
|
||||
instance.addLicense(license);
|
||||
assertNotNull(instance.getLicenses());
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -983,10 +983,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
|
||||
if (skipProvidedScope && org.apache.maven.artifact.Artifact.SCOPE_PROVIDED.equals(scope)) {
|
||||
return true;
|
||||
}
|
||||
if (skipRuntimeScope && !org.apache.maven.artifact.Artifact.SCOPE_RUNTIME.equals(scope)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
return skipRuntimeScope && !org.apache.maven.artifact.Artifact.SCOPE_RUNTIME.equals(scope);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -26,7 +26,6 @@ import static org.junit.Assert.fail;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.junit.rules.ExpectedException;
|
||||
import org.owasp.dependencycheck.utils.Checksum;
|
||||
|
||||
/**
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user