From 960a2e27abf66e0354ff850d3c9d032f331835f4 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 17 Feb 2017 12:59:17 -0500 Subject: [PATCH] formating and codacy recommended updates --- .../owasp/dependencycheck/AnalysisTask.java | 2 +- .../org/owasp/dependencycheck/Engine.java | 2 +- .../dependencycheck/analyzer/CPEAnalyzer.java | 10 +- .../analyzer/DependencyBundlingAnalyzer.java | 2 +- .../analyzer/NvdCveAnalyzer.java | 2 +- .../analyzer/OpenSSLAnalyzer.java | 2 +- .../dependencycheck/data/cpe/IndexEntry.java | 2 +- .../lucene/TokenPairConcatenatingFilter.java | 5 +- .../dependencycheck/data/nvdcve/CveDB.java | 6 +- .../data/update/NvdCveUpdater.java | 4 +- .../dependency/Identifier.java | 5 +- .../dependencycheck/dependency/Reference.java | 5 +- .../dependency/Vulnerability.java | 5 +- .../reporting/VelocityLoggerRedirect.java | 1 + .../org/owasp/dependencycheck/utils/Pair.java | 5 +- .../dependencycheck/xml/pom/License.java | 5 +- .../xml/suppression/PropertyType.java | 5 +- .../xml/suppression/SuppressionRule.java | 135 +++++++++--------- .../dependencycheck/AnalysisTaskTest.java | 6 +- .../owasp/dependencycheck/BaseDBTestCase.java | 5 +- .../org/owasp/dependencycheck/EngineTest.java | 34 +++-- .../analyzer/AssemblyAnalyzerTest.java | 2 +- .../analyzer/AutoconfAnalyzerTest.java | 2 +- .../analyzer/CMakeAnalyzerTest.java | 2 +- .../analyzer/ComposerLockAnalyzerTest.java | 2 +- .../DependencyBundlingAnalyzerTest.java | 2 +- .../analyzer/NodePackageAnalyzerTest.java | 2 +- .../analyzer/RubyBundleAuditAnalyzerTest.java | 2 +- .../analyzer/RubyGemspecAnalyzerTest.java | 2 +- .../DatabasePropertiesIntegrationTest.java | 4 +- .../update/NvdCveUpdaterIntegrationTest.java | 12 +- .../update/nvd/NvdCve_1_2_HandlerTest.java | 6 +- .../dependencycheck/xml/pom/ModelTest.java | 10 +- .../maven/BaseDependencyCheckMojo.java | 5 +- .../dependencycheck/utils/ChecksumTest.java | 1 - 35 files changed, 149 insertions(+), 153 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/AnalysisTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/AnalysisTask.java index 83e741dc1..4327a80b7 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/AnalysisTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/AnalysisTask.java @@ -119,7 +119,7 @@ class AnalysisTask implements Callable { * * @return whether or not the analyzer can analyze the dependency */ - boolean shouldAnalyze() { + protected boolean shouldAnalyze() { if (analyzer instanceof FileTypeAnalyzer) { final FileTypeAnalyzer fileTypeAnalyzer = (FileTypeAnalyzer) analyzer; return fileTypeAnalyzer.accept(dependency.getActualFile()); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index 395c26181..15cac2ec7 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -557,7 +557,7 @@ public class Engine implements FileFilter { * @param analyzer the analyzer to execute * @throws ExceptionCollection thrown if exceptions occurred during analysis */ - void executeAnalysisTasks(Analyzer analyzer, List exceptions) throws ExceptionCollection { + protected void executeAnalysisTasks(Analyzer analyzer, List exceptions) throws ExceptionCollection { LOGGER.debug("Starting {}", analyzer.getName()); final List analysisTasks = getAnalysisTasks(analyzer, exceptions); final ExecutorService executorService = getExecutorService(analyzer); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java index 1e564d66e..e3d1ce021 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java @@ -70,26 +70,26 @@ public class CPEAnalyzer extends AbstractAnalyzer { /** * The maximum number of query results to return. */ - static final int MAX_QUERY_RESULTS = 25; + private static final int MAX_QUERY_RESULTS = 25; /** * The weighting boost to give terms when constructing the Lucene query. */ - static final String WEIGHTING_BOOST = "^5"; + private static final String WEIGHTING_BOOST = "^5"; /** * A string representation of a regular expression defining characters * utilized within the CPE Names. */ - static final String CLEANSE_CHARACTER_RX = "[^A-Za-z0-9 ._-]"; + private static final String CLEANSE_CHARACTER_RX = "[^A-Za-z0-9 ._-]"; /** * A string representation of a regular expression used to remove all but * alpha characters. */ - static final String CLEANSE_NONALPHA_RX = "[^A-Za-z]*"; + private static final String CLEANSE_NONALPHA_RX = "[^A-Za-z]*"; /** * The additional size to add to a new StringBuilder to account for extra * data that will be written into the string. */ - static final int STRING_BUILDER_BUFFER = 20; + private static final int STRING_BUILDER_BUFFER = 20; /** * The CPE in memory index. */ diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java index a6d8d0ba2..20dca6ca8 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java @@ -384,7 +384,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer { * @return a boolean indicating whether or not the left dependency should be * considered the "core" version. */ - boolean isCore(Dependency left, Dependency right) { + protected boolean isCore(Dependency left, Dependency right) { final String leftName = left.getFileName().toLowerCase(); final String rightName = right.getFileName().toLowerCase(); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java index be9d0ed31..631421f13 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java @@ -47,7 +47,7 @@ public class NvdCveAnalyzer extends AbstractAnalyzer { /** * The maximum number of query results to return. */ - static final int MAX_QUERY_RESULTS = 100; + private static final int MAX_QUERY_RESULTS = 100; /** * The CVE Index. */ diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java index 37ecb6ce2..308f81f3d 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java @@ -102,7 +102,7 @@ public class OpenSSLAnalyzer extends AbstractFileTypeAnalyzer { * @param openSSLVersionConstant The open SSL version * @return the version of openssl */ - static String getOpenSSLVersion(long openSSLVersionConstant) { + protected static String getOpenSSLVersion(long openSSLVersionConstant) { final long major = openSSLVersionConstant >>> MAJOR_OFFSET; final long minor = (openSSLVersionConstant & MINOR_MASK) >>> MINOR_OFFSET; final long fix = (openSSLVersionConstant & FIX_MASK) >>> FIX_OFFSET; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/IndexEntry.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/IndexEntry.java index 3681df734..960729e85 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/IndexEntry.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/IndexEntry.java @@ -31,7 +31,7 @@ public class IndexEntry implements Serializable { /** * the serial version uid. */ - static final long serialVersionUID = 8011924485946326934L; + private static final long serialVersionUID = 8011924485946326934L; /** * The vendor name. */ diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java index a35604a49..4b36d3e01 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java @@ -156,10 +156,7 @@ public final class TokenPairConcatenatingFilter extends TokenFilter { if ((this.previousWord == null) ? (other.previousWord != null) : !this.previousWord.equals(other.previousWord)) { return false; } - if (this.words != other.words && (this.words == null || !this.words.equals(other.words))) { - return false; - } - return true; + return !(this.words != other.words && (this.words == null || !this.words.equals(other.words))); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index 57c5de999..ea63d3935 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -259,7 +259,7 @@ public class CveDB { * * @return the properties from the database */ - synchronized Properties getProperties() { + public synchronized Properties getProperties() { final Properties prop = new Properties(); PreparedStatement ps = null; ResultSet rs = null; @@ -285,7 +285,7 @@ public class CveDB { * @param key the property key * @param value the property value */ - synchronized void saveProperty(String key, String value) { + public synchronized void saveProperty(String key, String value) { try { try { final PreparedStatement mergeProperty = getConnection().prepareStatement(statementBundle.getString("MERGE_PROPERTY")); @@ -703,7 +703,7 @@ public class CveDB { * analyzed * @return true if the identified version is affected, otherwise false */ - Entry getMatchingSoftware(Map vulnerableSoftware, String vendor, String product, + protected Entry getMatchingSoftware(Map vulnerableSoftware, String vendor, String product, DependencyVersion identifiedVersion) { final boolean isVersionTwoADifferentProduct = "apache".equals(vendor) && "struts".equals(product); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java index a942f98a3..2adb2d8ea 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java @@ -125,7 +125,7 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource { } } - void initializeExecutorServices() { + protected void initializeExecutorServices() { processingExecutorService = Executors.newFixedThreadPool(PROCESSING_THREAD_POOL_SIZE); downloadExecutorService = Executors.newFixedThreadPool(DOWNLOAD_THREAD_POOL_SIZE); LOGGER.debug("#download threads: {}", DOWNLOAD_THREAD_POOL_SIZE); @@ -280,7 +280,7 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource { * @throws UpdateException Is thrown if there is an issue with the last * updated properties file */ - final UpdateableNvdCve getUpdatesNeeded() throws MalformedURLException, DownloadFailedException, UpdateException { + protected final UpdateableNvdCve getUpdatesNeeded() throws MalformedURLException, DownloadFailedException, UpdateException { LOGGER.info("starting getUpdatesNeeded() ..."); UpdateableNvdCve updates; try { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Identifier.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Identifier.java index d5569d5f9..e376c03dd 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Identifier.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Identifier.java @@ -191,10 +191,7 @@ public class Identifier implements Serializable, Comparable { if ((this.value == null) ? (other.value != null) : !this.value.equals(other.value)) { return false; } - if ((this.type == null) ? (other.type != null) : !this.type.equals(other.type)) { - return false; - } - return true; + return !((this.type == null) ? (other.type != null) : !this.type.equals(other.type)); } @Override diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java index 7e6baebd6..a3ebdc582 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java @@ -119,10 +119,7 @@ public class Reference implements Serializable, Comparable { if ((this.url == null) ? (other.url != null) : !this.url.equals(other.url)) { return false; } - if ((this.source == null) ? (other.source != null) : !this.source.equals(other.source)) { - return false; - } - return true; + return !((this.source == null) ? (other.source != null) : !this.source.equals(other.source)); } @Override diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java index 8fbffdd49..340390055 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java @@ -374,10 +374,7 @@ public class Vulnerability implements Serializable, Comparable { return false; } final Vulnerability other = (Vulnerability) obj; - if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) { - return false; - } - return true; + return !((this.name == null) ? (other.name != null) : !this.name.equals(other.name)); } @Override diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/VelocityLoggerRedirect.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/VelocityLoggerRedirect.java index ecad6c2f3..19645331e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/VelocityLoggerRedirect.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/VelocityLoggerRedirect.java @@ -107,6 +107,7 @@ public class VelocityLoggerRedirect implements LogChute { break; default: LOGGER.info(message, t); + break; } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Pair.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Pair.java index 8a510488c..42f3b6237 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Pair.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Pair.java @@ -119,9 +119,6 @@ public class Pair { if (this.left != other.left && (this.left == null || !this.left.equals(other.left))) { return false; } - if (this.right != other.right && (this.right == null || !this.right.equals(other.right))) { - return false; - } - return true; + return !(this.right != other.right && (this.right == null || !this.right.equals(other.right))); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/License.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/License.java index 329491150..108a94824 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/License.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/License.java @@ -117,10 +117,7 @@ public class License { if ((this.url == null) ? (other.url != null) : !this.url.equals(other.url)) { return false; } - if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) { - return false; - } - return true; + return !((this.name == null) ? (other.name != null) : !this.name.equals(other.name)); } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/PropertyType.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/PropertyType.java index 8a1677883..8c1fb794f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/PropertyType.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/PropertyType.java @@ -163,10 +163,7 @@ public class PropertyType { if (this.regex != other.regex) { return false; } - if (this.caseSensitive != other.caseSensitive) { - return false; - } - return true; + return this.caseSensitive == other.caseSensitive; } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java index 572ae68eb..312cfb02b 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java @@ -35,6 +35,38 @@ public class SuppressionRule { */ private PropertyType filePath; + /** + * The SHA1 hash. + */ + private String sha1; + /** + * A list of CPEs to suppression + */ + private List cpe = new ArrayList<>(); + /** + * The list of cvssBelow scores. + */ + private List cvssBelow = new ArrayList<>(); + /** + * The list of CWE entries to suppress. + */ + private List cwe = new ArrayList<>(); + /** + * The list of CVE entries to suppress. + */ + private List cve = new ArrayList<>(); + /** + * A Maven GAV to suppression. + */ + private PropertyType gav = null; + + /** + * A flag indicating whether or not the suppression rule is a core/base rule + * that should not be included in the resulting report in the "suppressed" + * section. + */ + private boolean base; + /** * Get the value of filePath. * @@ -52,10 +84,6 @@ public class SuppressionRule { public void setFilePath(PropertyType filePath) { this.filePath = filePath; } - /** - * The sha1 hash. - */ - private String sha1; /** * Get the value of sha1. @@ -67,40 +95,36 @@ public class SuppressionRule { } /** - * Set the value of sha1. + * Set the value of SHA1. * - * @param sha1 new value of sha1 + * @param sha1 new value of SHA1 */ public void setSha1(String sha1) { this.sha1 = sha1; } - /** - * A list of CPEs to suppression - */ - private List cpe = new ArrayList(); /** - * Get the value of cpe. + * Get the value of CPE. * - * @return the value of cpe + * @return the value of CPE */ public List getCpe() { return cpe; } /** - * Set the value of cpe. + * Set the value of CPE. * - * @param cpe new value of cpe + * @param cpe new value of CPE */ public void setCpe(List cpe) { this.cpe = cpe; } /** - * Adds the cpe to the cpe list. + * Adds the CPE to the CPE list. * - * @param cpe the cpe to add + * @param cpe the CPE to add */ public void addCpe(PropertyType cpe) { this.cpe.add(cpe); @@ -114,10 +138,6 @@ public class SuppressionRule { public boolean hasCpe() { return !cpe.isEmpty(); } - /** - * The list of cvssBelow scores. - */ - private List cvssBelow = new ArrayList(); /** * Get the value of cvssBelow. @@ -138,49 +158,45 @@ public class SuppressionRule { } /** - * Adds the cvss to the cvssBelow list. + * Adds the CVSS to the cvssBelow list. * - * @param cvss the cvss to add + * @param cvss the CVSS to add */ public void addCvssBelow(Float cvss) { this.cvssBelow.add(cvss); } /** - * Returns whether or not this suppression rule has cvss suppressions. + * Returns whether or not this suppression rule has CVSS suppressions. * - * @return whether or not this suppression rule has cvss suppressions + * @return whether or not this suppression rule has CVSS suppressions */ public boolean hasCvssBelow() { return !cvssBelow.isEmpty(); } - /** - * The list of cwe entries to suppress. - */ - private List cwe = new ArrayList(); /** - * Get the value of cwe. + * Get the value of CWE. * - * @return the value of cwe + * @return the value of CWE */ public List getCwe() { return cwe; } /** - * Set the value of cwe. + * Set the value of CWE. * - * @param cwe new value of cwe + * @param cwe new value of CWE */ public void setCwe(List cwe) { this.cwe = cwe; } /** - * Adds the cwe to the cwe list. + * Adds the CWE to the CWE list. * - * @param cwe the cwe to add + * @param cwe the CWE to add */ public void addCwe(String cwe) { this.cwe.add(cwe); @@ -194,33 +210,29 @@ public class SuppressionRule { public boolean hasCwe() { return !cwe.isEmpty(); } - /** - * The list of cve entries to suppress. - */ - private List cve = new ArrayList(); /** - * Get the value of cve. + * Get the value of CVE. * - * @return the value of cve + * @return the value of CVE */ public List getCve() { return cve; } /** - * Set the value of cve. + * Set the value of CVE. * - * @param cve new value of cve + * @param cve new value of CVE */ public void setCve(List cve) { this.cve = cve; } /** - * Adds the cve to the cve list. + * Adds the CVE to the CVE list. * - * @param cve the cve to add + * @param cve the CVE to add */ public void addCve(String cve) { this.cve.add(cve); @@ -234,15 +246,11 @@ public class SuppressionRule { public boolean hasCve() { return !cve.isEmpty(); } - /** - * A Maven GAV to suppression. - */ - private PropertyType gav = null; /** * Get the value of Maven GAV. * - * @return the value of gav + * @return the value of GAV */ public PropertyType getGav() { return gav; @@ -251,7 +259,7 @@ public class SuppressionRule { /** * Set the value of Maven GAV. * - * @param gav new value of Maven gav + * @param gav new value of Maven GAV */ public void setGav(PropertyType gav) { this.gav = gav; @@ -266,12 +274,6 @@ public class SuppressionRule { return gav != null; } - /** - * A flag indicating whether or not the suppression rule is a core/base rule that should not be included in the resulting - * report in the "suppressed" section. - */ - private boolean base; - /** * Get the value of base. * @@ -291,8 +293,9 @@ public class SuppressionRule { } /** - * Processes a given dependency to determine if any CPE, CVE, CWE, or CVSS scores should be suppressed. If any should be, they - * are removed from the dependency. + * Processes a given dependency to determine if any CPE, CVE, CWE, or CVSS + * scores should be suppressed. If any should be, they are removed from the + * dependency. * * @param dependency a project dependency to analyze */ @@ -375,23 +378,26 @@ public class SuppressionRule { } /** - * Identifies if the cpe specified by the cpe suppression rule does not specify a version. + * Identifies if the cpe specified by the cpe suppression rule does not + * specify a version. * * @param c a suppression rule identifier - * @return true if the property type does not specify a version; otherwise false + * @return true if the property type does not specify a version; otherwise + * false */ - boolean cpeHasNoVersion(PropertyType c) { + protected boolean cpeHasNoVersion(PropertyType c) { return !c.isRegex() && countCharacter(c.getValue(), ':') <= 3; } /** - * Counts the number of occurrences of the character found within the string. + * Counts the number of occurrences of the character found within the + * string. * * @param str the string to check * @param c the character to count * @return the number of times the character is found in the string */ - int countCharacter(String str, char c) { + private int countCharacter(String str, char c) { int count = 0; int pos = str.indexOf(c) + 1; while (pos > 0) { @@ -402,7 +408,8 @@ public class SuppressionRule { } /** - * Determines if the cpeEntry specified as a PropertyType matches the given Identifier. + * Determines if the cpeEntry specified as a PropertyType matches the given + * Identifier. * * @param identifierType the type of identifier ("cpe", "maven", etc.) * @param suppressionEntry a suppression rule entry diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/AnalysisTaskTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/AnalysisTaskTest.java index 5bf0631a3..bc9888376 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/AnalysisTaskTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/AnalysisTaskTest.java @@ -17,13 +17,13 @@ import org.owasp.dependencycheck.utils.Settings; public class AnalysisTaskTest extends BaseTest { @Mocked - FileTypeAnalyzer fileTypeAnalyzer; + private FileTypeAnalyzer fileTypeAnalyzer; @Mocked - Dependency dependency; + private Dependency dependency; @Mocked - Engine engine; + private Engine engine; @Test diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java index 0399e9d80..d4a398091 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java @@ -25,7 +25,6 @@ import java.io.FileOutputStream; import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; import org.junit.Before; -import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -54,10 +53,10 @@ public abstract class BaseDBTestCase extends BaseTest { f.delete(); } - java.io.File dataPath = Settings.getDataDirectory(); + File dataPath = Settings.getDataDirectory(); String fileName = Settings.getString(Settings.KEYS.DB_FILE_NAME); LOGGER.trace("DB file name {}", fileName); - java.io.File dataFile = new File(dataPath, fileName); + File dataFile = new File(dataPath, fileName); LOGGER.trace("Ensuring {} exists", dataFile.toString()); if (!dataPath.exists() || !dataFile.exists()) { LOGGER.trace("Extracting database to {}", dataPath.toString()); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java index 342af2d0c..189bd5ef7 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java @@ -46,9 +46,11 @@ public class EngineTest extends BaseDBTestCase { @Mocked private AnalysisTask analysisTask; - /** * Test of scanFile method, of class Engine. + * + * @throws org.owasp.dependencycheck.data.nvdcve.DatabaseException thrown is + * there is an exception */ @Test public void testScanFile() throws DatabaseException { @@ -64,30 +66,34 @@ public class EngineTest extends BaseDBTestCase { Dependency secondDwr = instance.scanFile(file); assertEquals(2, instance.getDependencies().size()); - assertTrue(dwr == secondDwr); + assertEquals(dwr, secondDwr); } @Test(expected = ExceptionCollection.class) public void exceptionDuringAnalysisTaskExecutionIsFatal() throws DatabaseException, ExceptionCollection { final ExecutorService executorService = Executors.newFixedThreadPool(3); final Engine instance = new Engine(); - final List exceptions = new ArrayList(); + final List exceptions = new ArrayList<>(); - new Expectations() {{ - analysisTask.call(); - result = new IllegalStateException("Analysis task execution threw an exception"); - }}; + new Expectations() { + { + analysisTask.call(); + result = new IllegalStateException("Analysis task execution threw an exception"); + } + }; - final List failingAnalysisTask = new ArrayList(); + final List failingAnalysisTask = new ArrayList<>(); failingAnalysisTask.add(analysisTask); - new Expectations(instance) {{ - instance.getExecutorService(analyzer); - result = executorService; + new Expectations(instance) { + { + instance.getExecutorService(analyzer); + result = executorService; - instance.getAnalysisTasks(analyzer, exceptions); - result = failingAnalysisTask; - }}; + instance.getAnalysisTasks(analyzer, exceptions); + result = failingAnalysisTask; + } + }; instance.executeAnalysisTasks(analyzer, exceptions); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java index d00d83285..b1d02f51c 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java @@ -49,7 +49,7 @@ public class AssemblyAnalyzerTest extends BaseTest { private static final String LOG_KEY = "org.slf4j.simpleLogger.org.owasp.dependencycheck.analyzer.AssemblyAnalyzer"; - AssemblyAnalyzer analyzer; + private AssemblyAnalyzer analyzer; /** * Sets up the analyzer. diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java index 2b7a83729..e8108ffef 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzerTest.java @@ -43,7 +43,7 @@ public class AutoconfAnalyzerTest extends BaseTest { /** * The analyzer to test. */ - AutoconfAnalyzer analyzer; + private AutoconfAnalyzer analyzer; private void assertCommonEvidence(Dependency result, String product, String version, String vendor) { diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java index 1e6bd10cf..e2ea5fb3f 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java @@ -53,7 +53,7 @@ public class CMakeAnalyzerTest extends BaseDBTestCase { /** * The package analyzer to test. */ - CMakeAnalyzer analyzer; + private CMakeAnalyzer analyzer; /** * Setup the CmakeAnalyzer. diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java index fc60e58f4..ac8f2aaa3 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java @@ -47,7 +47,7 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase { /** * The analyzer to test. */ - ComposerLockAnalyzer analyzer; + private ComposerLockAnalyzer analyzer; /** * Correctly setup the analyzer for testing. diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzerTest.java index c4ba3357b..9125f6d28 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzerTest.java @@ -34,7 +34,7 @@ import static org.junit.Assert.assertTrue; public class DependencyBundlingAnalyzerTest extends BaseTest { @Mocked - Engine engineMock; + private Engine engineMock; /** * Test of getName method, of class DependencyBundlingAnalyzer. diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java index 7864028c6..50c93a3eb 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java @@ -40,7 +40,7 @@ public class NodePackageAnalyzerTest extends BaseTest { /** * The analyzer to test. */ - NodePackageAnalyzer analyzer; + private NodePackageAnalyzer analyzer; /** * Correctly setup the analyzer for testing. diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java index 381465151..8ab17cab1 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java @@ -57,7 +57,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase { /** * The analyzer to test. */ - RubyBundleAuditAnalyzer analyzer; + private RubyBundleAuditAnalyzer analyzer; /** * Correctly setup the analyzer for testing. diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java index 02d6e0062..4521504be 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java @@ -40,7 +40,7 @@ public class RubyGemspecAnalyzerTest extends BaseTest { /** * The analyzer to test. */ - RubyGemspecAnalyzer analyzer; + private RubyGemspecAnalyzer analyzer; /** * Correctly setup the analyzer for testing. diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIntegrationTest.java index f505af9c9..7b0c0251c 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIntegrationTest.java @@ -20,6 +20,7 @@ package org.owasp.dependencycheck.data.nvdcve; import org.owasp.dependencycheck.BaseDBTestCase; import java.util.Properties; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import org.junit.Test; import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo; @@ -40,8 +41,7 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase { cveDB = new CveDB(); cveDB.open(); DatabaseProperties instance = cveDB.getDatabaseProperties(); - boolean expResult = false; - boolean result = instance.isEmpty(); + assertNotNull(instance); //no exception means the call worked... whether or not it is empty depends on if the db is new //assertEquals(expResult, result); } finally { diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java index e7a194bbd..293ee6b35 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java @@ -18,8 +18,10 @@ package org.owasp.dependencycheck.data.update; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.fail; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; +import org.owasp.dependencycheck.data.update.exception.UpdateException; import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve; /** @@ -38,9 +40,13 @@ import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve; * Test of update method. */ @Test - public void testUpdate() throws Exception { - NvdCveUpdater instance = getUpdater(); - instance.update(); + public void testUpdate() { + try { + NvdCveUpdater instance = getUpdater(); + instance.update(); + } catch (UpdateException ex) { + fail(ex.getMessage()); + } } /** diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/nvd/NvdCve_1_2_HandlerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/nvd/NvdCve_1_2_HandlerTest.java index def4e9a11..4a6684712 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/nvd/NvdCve_1_2_HandlerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/nvd/NvdCve_1_2_HandlerTest.java @@ -23,9 +23,7 @@ import java.util.List; import java.util.Map; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; - -import static org.junit.Assert.assertTrue; - +import static org.junit.Assert.assertFalse; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.dependency.VulnerableSoftware; @@ -47,6 +45,6 @@ public class NvdCve_1_2_HandlerTest extends BaseTest { NvdCve12Handler instance = new NvdCve12Handler(); saxParser.parse(file, instance); Map> results = instance.getVulnerabilities(); - assertTrue("No vulnerable software identified with a previous version in 2012 CVE 1.2?", !results.isEmpty()); + assertFalse("No vulnerable software identified with a previous version in 2012 CVE 1.2?", results.isEmpty()); } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/ModelTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/ModelTest.java index d1158b5b1..a1d807c09 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/ModelTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/ModelTest.java @@ -48,9 +48,10 @@ public class ModelTest extends BaseTest { */ @Test public void testSetName() { - String name = ""; + String name = "name"; Model instance = new Model(); instance.setName(name); + assertEquals("name", instance.getName()); } /** @@ -209,9 +210,10 @@ public class ModelTest extends BaseTest { */ @Test public void testSetParentArtifactId() { - String parentArtifactId = ""; + String parentArtifactId = "something"; Model instance = new Model(); instance.setParentArtifactId(parentArtifactId); + assertNotNull(instance.getParentArtifactId()); } /** @@ -231,9 +233,10 @@ public class ModelTest extends BaseTest { */ @Test public void testSetParentVersion() { - String parentVersion = ""; + String parentVersion = "1.0"; Model instance = new Model(); instance.setParentVersion(parentVersion); + assertNotNull(instance.getParentVersion()); } /** @@ -257,6 +260,7 @@ public class ModelTest extends BaseTest { License license = new License("name", "url"); Model instance = new Model(); instance.addLicense(license); + assertNotNull(instance.getLicenses()); } /** diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index a5ed54d9d..a4881563d 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -983,10 +983,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma if (skipProvidedScope && org.apache.maven.artifact.Artifact.SCOPE_PROVIDED.equals(scope)) { return true; } - if (skipRuntimeScope && !org.apache.maven.artifact.Artifact.SCOPE_RUNTIME.equals(scope)) { - return true; - } - return false; + return skipRuntimeScope && !org.apache.maven.artifact.Artifact.SCOPE_RUNTIME.equals(scope); } /** diff --git a/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ChecksumTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ChecksumTest.java index fd0624050..f144d55e2 100644 --- a/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ChecksumTest.java +++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ChecksumTest.java @@ -26,7 +26,6 @@ import static org.junit.Assert.fail; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; -import org.owasp.dependencycheck.utils.Checksum; /** *