diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 12b562c94..c3504b6e2 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -288,7 +288,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
${reporting.pmd-plugin.version}
1.6
- true
+ true
utf-8
**/generated/*.java
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index 90052b41b..e62681f64 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -196,7 +196,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
${reporting.pmd-plugin.version}
1.6
- true
+ true
utf-8
**/generated/*.java
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index 8aadf06da..dc7590c6c 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -244,7 +244,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
${reporting.pmd-plugin.version}
1.6
- true
+ true
utf-8
**/generated/*.java
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
index 506341a0a..25d938d63 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -630,7 +630,7 @@ public class Engine implements FileFilter {
* @throws InitializationException thrown when there is a problem
* initializing the analyzer
*/
- protected Analyzer initializeAnalyzer(Analyzer analyzer) throws InitializationException {
+ protected void initializeAnalyzer(Analyzer analyzer) throws InitializationException {
try {
LOGGER.debug("Initializing {}", analyzer.getName());
analyzer.initialize();
@@ -653,7 +653,6 @@ public class Engine implements FileFilter {
}
throw new InitializationException("Unexpected Exception", ex);
}
- return analyzer;
}
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
index 001d80a8d..b0534be56 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -347,8 +347,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
* @return any dependencies that weren't known to the engine before
*/
private static List findMoreDependencies(Engine engine, File file) {
- final List added = engine.scan(file);
- return added;
+ return engine.scan(file);
}
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
index 8dff9242d..a462d554a 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
@@ -87,10 +87,6 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
*/
private static final String SUPPORTED_EXTENSIONS = "jar";
- /**
- * Whether or not the Nexus analyzer should use a proxy if configured.
- */
- private boolean useProxy;
/**
* The Nexus Search to be set up for this analyzer.
*/
@@ -148,7 +144,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
LOGGER.debug("Initializing Nexus Analyzer");
LOGGER.debug("Nexus Analyzer enabled: {}", isEnabled());
if (isEnabled()) {
- useProxy = useProxy();
+ boolean useProxy = useProxy();
final String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL);
LOGGER.debug("Nexus Analyzer URL: {}", searchUrl);
try {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java
index 43971bd30..eb0843e2a 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java
@@ -42,11 +42,6 @@ public class ComposerLockParser {
*/
private final JsonReader jsonReader;
- /**
- * The input stream we'll read
- */
- private final InputStream inputStream; // NOPMD - it gets set in the constructor, read later
-
/**
* The List of ComposerDependencies found
*/
@@ -58,13 +53,12 @@ public class ComposerLockParser {
private static final Logger LOGGER = LoggerFactory.getLogger(ComposerLockParser.class);
/**
- * Createas a ComposerLockParser from a JsonReader and an InputStream.
+ * Creates a ComposerLockParser from a JsonReader and an InputStream.
*
* @param inputStream the InputStream to parse
*/
public ComposerLockParser(InputStream inputStream) {
LOGGER.info("Creating a ComposerLockParser");
- this.inputStream = inputStream;
this.jsonReader = Json.createReader(inputStream);
this.composerDependencies = new ArrayList<>();
}
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index ac7b5116e..498bdcb94 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -155,7 +155,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
${reporting.pmd-plugin.version}
1.6
- true
+ true
utf-8
**/generated/**/*.java
diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index e97881e07..0860088fb 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -608,8 +608,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
final Object obj = current.getContextValue(getDataFileContextKey());
if (obj != null) {
if (obj instanceof String) {
- final File f = new File((String) obj);
- return f;
+ return new File((String) obj);
}
} else if (getLog().isDebugEnabled()) {
getLog().debug("Context value not found");
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 385f76203..da6abef71 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -120,7 +120,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
${reporting.pmd-plugin.version}
1.6
- true
+ true
utf-8
**/org/owasp/dependencycheck/org/apache/**/*.java
diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java
index 1fae30831..d5db918cc 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java
@@ -36,7 +36,7 @@ public class ExpectedOjectInputStream extends ObjectInputStream {
/**
* The list of fully qualified class names that are able to be deserialized.
*/
- private List expected = new ArrayList<>();
+ private final List expected = new ArrayList<>();
/**
* Constructs a new ExpectedOjectInputStream that can be used to securely deserialize an object by restricting the classes
diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
index 5293b0708..82013b694 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
@@ -784,8 +784,7 @@ public final class Settings {
* @return the property from the properties file
*/
public static String getString(String key, String defaultValue) {
- final String str = System.getProperty(key, LOCAL_SETTINGS.get().props.getProperty(key, defaultValue));
- return str;
+ return System.getProperty(key, LOCAL_SETTINGS.get().props.getProperty(key, defaultValue));
}
/**
diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java
index f7a975b34..9d81a2045 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java
@@ -120,8 +120,7 @@ public final class XmlUtils {
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
- final DocumentBuilder db = factory.newDocumentBuilder();
- return db;
+ return factory.newDocumentBuilder();
}
/**
diff --git a/src/site/markdown/general/internals.md b/src/site/markdown/general/internals.md
index 35433a5e5..91cdde7a3 100644
--- a/src/site/markdown/general/internals.md
+++ b/src/site/markdown/general/internals.md
@@ -15,6 +15,9 @@ a list of vulnerable software:
cpe:/a:vmware:springsource_spring_security:3.1.2
cpe:/a:vmware:springsource_spring_security:2.0.4
cpe:/a:vmware:springsource_spring_security:3.0.1
+
+ ...
+
```
These CPE entries are read "cpe:/[Entry Type]:[Vendor]:[Product]:[Version]:[Revision]:...". The CPE data is collected