From 9ae9c111e30c930689aaf96a93a7ec64a39c3505 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 23 Jul 2016 07:13:09 -0400 Subject: [PATCH] checkstyle corrections --- .../utils/SSLSocketFactoryEx.java | 153 ++++++++++- .../owasp/dependencycheck/utils/Settings.java | 245 +++++++++++------- .../utils/URLConnectionFactory.java | 18 +- 3 files changed, 305 insertions(+), 111 deletions(-) diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java index 0b471d88f..767cd6884 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java @@ -18,50 +18,106 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** - * This class is used to enable additional ciphers used by the SSL Socket. This + * This class is used to enable additional ciphers used by the SSL Socket. This * is specifically because the NVD stopped supporting TLS 1.0 and Java 6 and 7 * clients by default were unable to connect to download the NVD data feeds. - * + * * The following code was copied from * http://stackoverflow.com/questions/1037590/which-cipher-suites-to-enable-for-ssl-socket/23365536#23365536 * */ -class SSLSocketFactoryEx extends SSLSocketFactory { +public class SSLSocketFactoryEx extends SSLSocketFactory { + /** * The Logger for use throughout the class. */ private static final Logger LOGGER = LoggerFactory.getLogger(SSLSocketFactoryEx.class); - + + /** + * Constructs a new SSLSocketFactory. + * + * @throws NoSuchAlgorithmException thrown when an algorithm is not + * supported + * @throws KeyManagementException thrown if initialization fails + */ public SSLSocketFactoryEx() throws NoSuchAlgorithmException, KeyManagementException { initSSLSocketFactoryEx(null, null, null); } + /** + * Constructs a new SSLSocketFactory. + * + * @param km the key manager + * @param tm the trust manager + * @param random secure random + * @throws NoSuchAlgorithmException thrown when an algorithm is not + * supported + * @throws KeyManagementException thrown if initialization fails + */ public SSLSocketFactoryEx(KeyManager[] km, TrustManager[] tm, SecureRandom random) throws NoSuchAlgorithmException, KeyManagementException { initSSLSocketFactoryEx(km, tm, random); } + /** + * Constructs a new SSLSocketFactory. + * + * @param ctx the SSL context + * @throws NoSuchAlgorithmException thrown when an algorithm is not + * supported + * @throws KeyManagementException thrown if initialization fails + */ public SSLSocketFactoryEx(SSLContext ctx) throws NoSuchAlgorithmException, KeyManagementException { initSSLSocketFactoryEx(ctx); } + /** + * Returns the default cipher suites. + * + * @return the default cipher suites + */ @Override public String[] getDefaultCipherSuites() { return m_ciphers; } + /** + * Returns the supported cipher suites. + * + * @return the supported cipher suites + */ @Override public String[] getSupportedCipherSuites() { return m_ciphers; } + /** + * Returns the default protocols. + * + * @return the default protocols + */ public String[] getDefaultProtocols() { return m_protocols; } + /** + * Returns the supported protocols. + * + * @return the supported protocols + */ public String[] getSupportedProtocols() { return m_protocols; } + /** + * Creates an SSL Socket. + * + * @param s the base socket + * @param host the host + * @param port the port + * @param autoClose if the socket should auto-close + * @return the SSL Socket + * @throws IOException thrown if the creation fails + */ @Override public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { SSLSocketFactory factory = m_ctx.getSocketFactory(); @@ -73,6 +129,16 @@ class SSLSocketFactoryEx extends SSLSocketFactory { return ss; } + /** + * Creates a new SSL Socket. + * + * @param address the address to connect to + * @param port the port number + * @param localAddress the local address + * @param localPort the local port + * @return the SSL Socket + * @throws IOException thrown if the creation fails + */ @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { SSLSocketFactory factory = m_ctx.getSocketFactory(); @@ -84,6 +150,16 @@ class SSLSocketFactoryEx extends SSLSocketFactory { return ss; } + /** + * Creates a new SSL Socket. + * + * @param host the host to connect to + * @param port the port to connect to + * @param localHost the local host + * @param localPort the local port + * @return the SSL Socket + * @throws IOException thrown if the creation fails + */ @Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException { SSLSocketFactory factory = m_ctx.getSocketFactory(); @@ -95,6 +171,14 @@ class SSLSocketFactoryEx extends SSLSocketFactory { return ss; } + /** + * Creates a new SSL Socket. + * + * @param host the host to connect to + * @param port the port to connect to + * @return the SSL Socket + * @throws IOException thrown if the creation fails + */ @Override public Socket createSocket(InetAddress host, int port) throws IOException { SSLSocketFactory factory = m_ctx.getSocketFactory(); @@ -106,6 +190,14 @@ class SSLSocketFactoryEx extends SSLSocketFactory { return ss; } + /** + * Creates a new SSL Socket. + * + * @param host the host to connect to + * @param port the port to connect to + * @return the SSL Socket + * @throws IOException thrown if the creation fails + */ @Override public Socket createSocket(String host, int port) throws IOException { SSLSocketFactory factory = m_ctx.getSocketFactory(); @@ -117,24 +209,47 @@ class SSLSocketFactoryEx extends SSLSocketFactory { return ss; } + /** + * Initializes the SSL Socket Factory Extension. + * + * @param km the key managers + * @param tm the trust managers + * @param random the secure random number generator + * @throws NoSuchAlgorithmException thrown when an algorithm is not + * supported + * @throws KeyManagementException thrown if initialization fails + */ private void initSSLSocketFactoryEx(KeyManager[] km, TrustManager[] tm, SecureRandom random) throws NoSuchAlgorithmException, KeyManagementException { m_ctx = SSLContext.getInstance("TLS"); m_ctx.init(km, tm, random); - m_protocols = GetProtocolList(); - m_ciphers = GetCipherList(); + m_protocols = getProtocolList(); + m_ciphers = getCipherList(); } + /** + * Initializes the SSL Socket Factory Extension. + * + * @param ctx the SSL context + * @throws NoSuchAlgorithmException thrown when an algorithm is not + * supported + * @throws KeyManagementException thrown if initialization fails + */ private void initSSLSocketFactoryEx(SSLContext ctx) throws NoSuchAlgorithmException, KeyManagementException { m_ctx = ctx; - m_protocols = GetProtocolList(); - m_ciphers = GetCipherList(); + m_protocols = getProtocolList(); + m_ciphers = getCipherList(); } - protected String[] GetProtocolList() { + /** + * Returns the protocol list. + * + * @return the protocol list + */ + protected String[] getProtocolList() { String[] preferredProtocols = {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; String[] availableProtocols = null; @@ -146,7 +261,8 @@ class SSLSocketFactoryEx extends SSLSocketFactory { availableProtocols = socket.getSupportedProtocols(); Arrays.sort(availableProtocols); - } catch (Exception e) { + } catch (Exception ex) { + LOGGER.debug("Error getting protocol list, using TLSv1", ex); return new String[]{"TLSv1"}; } finally { if (socket != null) { @@ -169,7 +285,12 @@ class SSLSocketFactoryEx extends SSLSocketFactory { return aa.toArray(new String[0]); } - protected String[] GetCipherList() { + /** + * Returns the cipher list. + * + * @return the cipher list + */ + protected String[] getCipherList() { String[] preferredCiphers = { // *_CHACHA20_POLY1305 are 3x to 4x faster than existing cipher suites. // http://googleonlinesecurity.blogspot.com/2014/04/speeding-up-and-strengthening-https.html @@ -248,8 +369,16 @@ class SSLSocketFactoryEx extends SSLSocketFactory { return aa.toArray(new String[0]); } + /** + * The SSL context. + */ private SSLContext m_ctx; - + /** + * The cipher suites. + */ private String[] m_ciphers; + /** + * The protocols. + */ private String[] m_protocols; } diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index 6f24387b0..bacc4870a 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -46,7 +46,8 @@ public final class Settings { public static final class KEYS { /** - * private constructor because this is a "utility" class containing constants + * private constructor because this is a "utility" class containing + * constants */ private KEYS() { //do nothing @@ -60,23 +61,28 @@ public final class Settings { */ public static final String APPLICATION_VERSION = "application.version"; /** - * The key to obtain the URL to retrieve the current release version from. + * The key to obtain the URL to retrieve the current release version + * from. */ public static final String ENGINE_VERSION_CHECK_URL = "engine.version.url"; /** - * The properties key indicating whether or not the cached data sources should be updated. + * The properties key indicating whether or not the cached data sources + * should be updated. */ public static final String AUTO_UPDATE = "autoupdate"; /** - * The database driver class name. If this is not in the properties file the embedded database is used. + * The database driver class name. If this is not in the properties file + * the embedded database is used. */ public static final String DB_DRIVER_NAME = "data.driver_name"; /** - * The database driver class name. If this is not in the properties file the embedded database is used. + * The database driver class name. If this is not in the properties file + * the embedded database is used. */ public static final String DB_DRIVER_PATH = "data.driver_path"; /** - * The database connection string. If this is not in the properties file the embedded database is used. + * The database connection string. If this is not in the properties file + * the embedded database is used. */ public static final String DB_CONNECTION_STRING = "data.connection_string"; /** @@ -101,36 +107,41 @@ public final class Settings { public static final String DB_VERSION = "data.version"; /** * The starts with filter used to exclude CVE entries from the database. - * By default this is set to 'cpe:/a:' which limits the CVEs imported to - * just those that are related to applications. If this were set to just - * 'cpe:' the OS, hardware, and application related CVEs would be imported. + * By default this is set to 'cpe:/a:' which limits the CVEs imported to + * just those that are related to applications. If this were set to just + * 'cpe:' the OS, hardware, and application related CVEs would be + * imported. */ public static final String CVE_CPE_STARTS_WITH_FILTER = "cve.cpe.startswith.filter"; /** - * The properties key for the URL to retrieve the "meta" data from about the CVE entries. + * The properties key for the URL to retrieve the "meta" data from about + * the CVE entries. */ public static final String CVE_META_URL = "cve.url.meta"; /** - * The properties key for the URL to retrieve the recently modified and added CVE entries (last 8 days) using the 2.0 - * schema. + * The properties key for the URL to retrieve the recently modified and + * added CVE entries (last 8 days) using the 2.0 schema. */ public static final String CVE_MODIFIED_20_URL = "cve.url-2.0.modified"; /** - * The properties key for the URL to retrieve the recently modified and added CVE entries (last 8 days) using the 1.2 - * schema. + * The properties key for the URL to retrieve the recently modified and + * added CVE entries (last 8 days) using the 1.2 schema. */ public static final String CVE_MODIFIED_12_URL = "cve.url-1.2.modified"; /** - * The properties key for the URL to retrieve the recently modified and added CVE entries (last 8 days). + * The properties key for the URL to retrieve the recently modified and + * added CVE entries (last 8 days). */ public static final String CVE_MODIFIED_VALID_FOR_DAYS = "cve.url.modified.validfordays"; /** - * The properties key to control the skipping of the check for CVE updates. + * The properties key to control the skipping of the check for CVE + * updates. */ public static final String CVE_CHECK_VALID_FOR_HOURS = "cve.check.validforhours"; /** - * The properties key for the telling us how many cve.url.* URLs exists. This is used in combination with CVE_BASE_URL to - * be able to retrieve the URLs for all of the files that make up the NVD CVE listing. + * The properties key for the telling us how many cve.url.* URLs exists. + * This is used in combination with CVE_BASE_URL to be able to retrieve + * the URLs for all of the files that make up the NVD CVE listing. */ public static final String CVE_START_YEAR = "cve.startyear"; /** @@ -142,7 +153,8 @@ public final class Settings { */ public static final String CVE_SCHEMA_2_0 = "cve.url-2.0.base"; /** - * The properties key that indicates how often the CPE data needs to be updated. + * The properties key that indicates how often the CPE data needs to be + * updated. */ public static final String CPE_MODIFIED_VALID_FOR_DAYS = "cpe.validfordays"; /** @@ -152,7 +164,9 @@ public final class Settings { /** * The properties key for the proxy server. * - * @deprecated use {@link org.owasp.dependencycheck.utils.Settings.KEYS#PROXY_SERVER} instead. + * @deprecated use + * {@link org.owasp.dependencycheck.utils.Settings.KEYS#PROXY_SERVER} + * instead. */ @Deprecated public static final String PROXY_URL = "proxy.server"; @@ -161,7 +175,8 @@ public final class Settings { */ public static final String PROXY_SERVER = "proxy.server"; /** - * The properties key for the proxy port - this must be an integer value. + * The properties key for the proxy port - this must be an integer + * value. */ public static final String PROXY_PORT = "proxy.port"; /** @@ -209,19 +224,23 @@ public final class Settings { */ public static final String ANALYZER_ARCHIVE_ENABLED = "analyzer.archive.enabled"; /** - * The properties key for whether the node.js package analyzer is enabled. + * The properties key for whether the node.js package analyzer is + * enabled. */ public static final String ANALYZER_NODE_PACKAGE_ENABLED = "analyzer.node.package.enabled"; /** - * The properties key for whether the composer lock file analyzer is enabled. + * The properties key for whether the composer lock file analyzer is + * enabled. */ public static final String ANALYZER_COMPOSER_LOCK_ENABLED = "analyzer.composer.lock.enabled"; /** - * The properties key for whether the Python Distribution analyzer is enabled. + * The properties key for whether the Python Distribution analyzer is + * enabled. */ public static final String ANALYZER_PYTHON_DISTRIBUTION_ENABLED = "analyzer.python.distribution.enabled"; /** - * The properties key for whether the Python Package analyzer is enabled. + * The properties key for whether the Python Package analyzer is + * enabled. */ public static final String ANALYZER_PYTHON_PACKAGE_ENABLED = "analyzer.python.package.enabled"; /** @@ -237,7 +256,8 @@ public final class Settings { */ public static final String ANALYZER_CMAKE_ENABLED = "analyzer.cmake.enabled"; /** - * The properties key for whether the Ruby Bundler Audit analyzer is enabled. + * The properties key for whether the Ruby Bundler Audit analyzer is + * enabled. */ public static final String ANALYZER_BUNDLE_AUDIT_ENABLED = "analyzer.bundle.audit.enabled"; /** @@ -331,7 +351,8 @@ public final class Settings { private Properties props = null; /** - * Private constructor for the Settings class. This class loads the properties files. + * Private constructor for the Settings class. This class loads the + * properties files. * * @param propertiesFilePath the path to the base properties file to load */ @@ -357,16 +378,18 @@ public final class Settings { } /** - * Initializes the thread local settings object. Note, to use the settings object you must call this method. However, you must - * also call Settings.cleanup() to properly release resources. + * Initializes the thread local settings object. Note, to use the settings + * object you must call this method. However, you must also call + * Settings.cleanup() to properly release resources. */ public static void initialize() { LOCAL_SETTINGS.set(new Settings(PROPERTIES_FILE)); } /** - * Initializes the thread local settings object. Note, to use the settings object you must call this method. However, you must - * also call Settings.cleanup() to properly release resources. + * Initializes the thread local settings object. Note, to use the settings + * object you must call this method. However, you must also call + * Settings.cleanup() to properly release resources. * * @param propertiesFilePath the path to the base properties file to load */ @@ -385,7 +408,8 @@ public final class Settings { /** * Cleans up resources to prevent memory leaks. * - * @param deleteTemporary flag indicating whether any temporary directories generated should be removed + * @param deleteTemporary flag indicating whether any temporary directories + * generated should be removed */ public static void cleanup(boolean deleteTemporary) { if (deleteTemporary && tempDirectory != null && tempDirectory.exists()) { @@ -425,7 +449,8 @@ public final class Settings { } /** - * Logs the properties. This will not log any properties that contain 'password' in the key. + * Logs the properties. This will not log any properties that contain + * 'password' in the key. * * @param header the header to print with the log message * @param properties the properties to log @@ -541,13 +566,16 @@ public final class Settings { } /** - * Merges a new properties file into the current properties. This method allows for the loading of a user provided properties - * file.

- * Note: even if using this method - system properties will be loaded before properties loaded from files. + * Merges a new properties file into the current properties. This method + * allows for the loading of a user provided properties file.

+ * Note: even if using this method - system properties will be loaded + * before properties loaded from files. * * @param filePath the path to the properties file to merge. - * @throws FileNotFoundException is thrown when the filePath points to a non-existent file - * @throws IOException is thrown when there is an exception loading/merging the properties + * @throws FileNotFoundException is thrown when the filePath points to a + * non-existent file + * @throws IOException is thrown when there is an exception loading/merging + * the properties */ public static void mergeProperties(File filePath) throws FileNotFoundException, IOException { FileInputStream fis = null; @@ -566,13 +594,16 @@ public final class Settings { } /** - * Merges a new properties file into the current properties. This method allows for the loading of a user provided properties - * file.

- * Note: even if using this method - system properties will be loaded before properties loaded from files. + * Merges a new properties file into the current properties. This method + * allows for the loading of a user provided properties file.

+ * Note: even if using this method - system properties will be loaded before + * properties loaded from files. * * @param filePath the path to the properties file to merge. - * @throws FileNotFoundException is thrown when the filePath points to a non-existent file - * @throws IOException is thrown when there is an exception loading/merging the properties + * @throws FileNotFoundException is thrown when the filePath points to a + * non-existent file + * @throws IOException is thrown when there is an exception loading/merging + * the properties */ public static void mergeProperties(String filePath) throws FileNotFoundException, IOException { FileInputStream fis = null; @@ -591,12 +622,14 @@ public final class Settings { } /** - * Merges a new properties file into the current properties. This method allows for the loading of a user provided properties - * file.

- * Note: even if using this method - system properties will be loaded before properties loaded from files. + * Merges a new properties file into the current properties. This method + * allows for the loading of a user provided properties file.

+ * Note: even if using this method - system properties will be loaded + * before properties loaded from files. * * @param stream an Input Stream pointing at a properties file to merge - * @throws IOException is thrown when there is an exception loading/merging the properties + * @throws IOException is thrown when there is an exception loading/merging + * the properties */ public static void mergeProperties(InputStream stream) throws IOException { LOCAL_SETTINGS.get().props.load(stream); @@ -604,9 +637,10 @@ public final class Settings { } /** - * Returns a value from the properties file as a File object. If the value was specified as a system property or passed in via - * the -Dprop=value argument - this method will return the value from the system properties before the values in the contained - * configuration file. + * Returns a value from the properties file as a File object. If the value + * was specified as a system property or passed in via the -Dprop=value + * argument - this method will return the value from the system properties + * before the values in the contained configuration file. * * @param key the key to lookup within the properties file * @return the property from the properties file converted to a File object @@ -620,13 +654,15 @@ public final class Settings { } /** - * Returns a value from the properties file as a File object. If the value was specified as a system property or passed in via - * the -Dprop=value argument - this method will return the value from the system properties before the values in the contained - * configuration file. + * Returns a value from the properties file as a File object. If the value + * was specified as a system property or passed in via the -Dprop=value + * argument - this method will return the value from the system properties + * before the values in the contained configuration file. * - * This method will check the configured base directory and will use this as the base of the file path. Additionally, if the - * base directory begins with a leading "[JAR]\" sequence with the path to the folder containing the JAR file containing this - * class. + * This method will check the configured base directory and will use this as + * the base of the file path. Additionally, if the base directory begins + * with a leading "[JAR]\" sequence with the path to the folder containing + * the JAR file containing this class. * * @param key the key to lookup within the properties file * @return the property from the properties file converted to a File object @@ -649,7 +685,8 @@ public final class Settings { } /** - * Attempts to retrieve the folder containing the Jar file containing the Settings class. + * Attempts to retrieve the folder containing the Jar file containing the + * Settings class. * * @return a File object */ @@ -671,9 +708,10 @@ public final class Settings { } /** - * Returns a value from the properties file. If the value was specified as a system property or passed in via the -Dprop=value - * argument - this method will return the value from the system properties before the values in the contained configuration - * file. + * Returns a value from the properties file. If the value was specified as a + * system property or passed in via the -Dprop=value argument - this method + * will return the value from the system properties before the values in the + * contained configuration file. * * @param key the key to lookup within the properties file * @param defaultValue the default value for the requested property @@ -685,7 +723,8 @@ public final class Settings { } /** - * A reference to the temporary directory; used incase it needs to be deleted during cleanup. + * A reference to the temporary directory; used incase it needs to be + * deleted during cleanup. */ private static File tempDirectory = null; @@ -693,7 +732,8 @@ public final class Settings { * Returns the temporary directory. * * @return the temporary directory - * @throws java.io.IOException thrown if the temporary directory does not exist and cannot be created + * @throws java.io.IOException thrown if the temporary directory does not + * exist and cannot be created */ public static File getTempDirectory() throws IOException { final File tmpDir = new File(Settings.getString(Settings.KEYS.TEMP_DIRECTORY, System.getProperty("java.io.tmpdir")), "dctemp"); @@ -706,9 +746,10 @@ public final class Settings { } /** - * Returns a value from the properties file. If the value was specified as a system property or passed in via the -Dprop=value - * argument - this method will return the value from the system properties before the values in the contained configuration - * file. + * Returns a value from the properties file. If the value was specified as a + * system property or passed in via the -Dprop=value argument - this method + * will return the value from the system properties before the values in the + * contained configuration file. * * @param key the key to lookup within the properties file * @return the property from the properties file @@ -718,7 +759,8 @@ public final class Settings { } /** - * Removes a property from the local properties collection. This is mainly used in test cases. + * Removes a property from the local properties collection. This is mainly + * used in test cases. * * @param key the property key to remove */ @@ -727,13 +769,15 @@ public final class Settings { } /** - * Returns an int value from the properties file. If the value was specified as a system property or passed in via the - * -Dprop=value argument - this method will return the value from the system properties before the values in the contained - * configuration file. + * Returns an int value from the properties file. If the value was specified + * as a system property or passed in via the -Dprop=value argument - this + * method will return the value from the system properties before the values + * in the contained configuration file. * * @param key the key to lookup within the properties file * @return the property from the properties file - * @throws InvalidSettingException is thrown if there is an error retrieving the setting + * @throws InvalidSettingException is thrown if there is an error retrieving + * the setting */ public static int getInt(String key) throws InvalidSettingException { try { @@ -744,14 +788,15 @@ public final class Settings { } /** - * Returns an int value from the properties file. If the value was specified as a system property or passed in via the - * -Dprop=value argument - this method will return the value from the system properties before the values in the contained - * configuration file. + * Returns an int value from the properties file. If the value was specified + * as a system property or passed in via the -Dprop=value argument - this + * method will return the value from the system properties before the values + * in the contained configuration file. * * @param key the key to lookup within the properties file * @param defaultValue the default value to return - * @return the property from the properties file or the defaultValue if the property does not exist or cannot be converted to - * an integer + * @return the property from the properties file or the defaultValue if the + * property does not exist or cannot be converted to an integer */ public static int getInt(String key, int defaultValue) { int value; @@ -767,13 +812,15 @@ public final class Settings { } /** - * Returns a long value from the properties file. If the value was specified as a system property or passed in via the - * -Dprop=value argument - this method will return the value from the system properties before the values in the contained - * configuration file. + * Returns a long value from the properties file. If the value was specified + * as a system property or passed in via the -Dprop=value argument - this + * method will return the value from the system properties before the values + * in the contained configuration file. * * @param key the key to lookup within the properties file * @return the property from the properties file - * @throws InvalidSettingException is thrown if there is an error retrieving the setting + * @throws InvalidSettingException is thrown if there is an error retrieving + * the setting */ public static long getLong(String key) throws InvalidSettingException { try { @@ -784,38 +831,47 @@ public final class Settings { } /** - * Returns a boolean value from the properties file. If the value was specified as a system property or passed in via the - * -Dprop=value argument this method will return the value from the system properties before the values in the - * contained configuration file. + * Returns a boolean value from the properties file. If the value was + * specified as a system property or passed in via the + * -Dprop=value argument this method will return the value from + * the system properties before the values in the contained configuration + * file. * * @param key the key to lookup within the properties file * @return the property from the properties file - * @throws InvalidSettingException is thrown if there is an error retrieving the setting + * @throws InvalidSettingException is thrown if there is an error retrieving + * the setting */ public static boolean getBoolean(String key) throws InvalidSettingException { return Boolean.parseBoolean(Settings.getString(key)); } /** - * Returns a boolean value from the properties file. If the value was specified as a system property or passed in via the - * -Dprop=value argument this method will return the value from the system properties before the values in the - * contained configuration file. + * Returns a boolean value from the properties file. If the value was + * specified as a system property or passed in via the + * -Dprop=value argument this method will return the value from + * the system properties before the values in the contained configuration + * file. * * @param key the key to lookup within the properties file - * @param defaultValue the default value to return if the setting does not exist + * @param defaultValue the default value to return if the setting does not + * exist * @return the property from the properties file - * @throws InvalidSettingException is thrown if there is an error retrieving the setting + * @throws InvalidSettingException is thrown if there is an error retrieving + * the setting */ public static boolean getBoolean(String key, boolean defaultValue) throws InvalidSettingException { return Boolean.parseBoolean(Settings.getString(key, Boolean.toString(defaultValue))); } /** - * Returns a connection string from the configured properties. If the connection string contains a %s, this method will - * determine the 'data' directory and replace the %s with the path to the data directory. If the data directory does not - * exists it will be created. + * Returns a connection string from the configured properties. If the + * connection string contains a %s, this method will determine the 'data' + * directory and replace the %s with the path to the data directory. If the + * data directory does not exists it will be created. * - * @param connectionStringKey the property file key for the connection string + * @param connectionStringKey the property file key for the connection + * string * @param dbFileNameKey the settings key for the db filename * @return the connection string * @throws IOException thrown the data directory cannot be created @@ -852,8 +908,9 @@ public final class Settings { } /** - * Retrieves the directory that the JAR file exists in so that we can ensure we always use a common data directory for the - * embedded H2 database. This is public solely for some unit tests; otherwise this should be private. + * Retrieves the directory that the JAR file exists in so that we can ensure + * we always use a common data directory for the embedded H2 database. This + * is public solely for some unit tests; otherwise this should be private. * * @return the data directory to store data files * @throws IOException is thrown if an IOException occurs of course... diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java index 84d6e18e6..bfbb52773 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java @@ -107,7 +107,7 @@ public final class URLConnectionFactory { } throw new URLConnectionFailureException("Error getting connection.", ex); } - ConfigureTLS(url, conn); + configureTLS(url, conn); return conn; } @@ -176,15 +176,23 @@ public final class URLConnectionFactory { } catch (IOException ioe) { throw new URLConnectionFailureException("Error getting connection.", ioe); } - ConfigureTLS(url, conn); + configureTLS(url, conn); return conn; } - private static void ConfigureTLS(URL url, HttpURLConnection conn) { + /** + * If the protocol is HTTPS, this will configure the cipher suites so that + * connections can be made to the NVD, and others, using older versions of + * Java. + * + * @param url the URL + * @param conn the connection + */ + private static void configureTLS(URL url, HttpURLConnection conn) { if ("https".equals(url.getProtocol())) { try { - HttpsURLConnection secCon = (HttpsURLConnection) conn; - SSLSocketFactoryEx factory = new SSLSocketFactoryEx(); + final HttpsURLConnection secCon = (HttpsURLConnection) conn; + final SSLSocketFactoryEx factory = new SSLSocketFactoryEx(); secCon.setSSLSocketFactory(factory); } catch (NoSuchAlgorithmException ex) { LOGGER.debug("Unsupported algorithm in SSLSocketFactoryEx", ex);