From a61bba2f72313df7a74636f1682cacc26133b1f5 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 10 Mar 2017 16:40:22 -0500 Subject: [PATCH] code cleanup --- dependency-check-ant/pom.xml | 2 +- dependency-check-cli/pom.xml | 2 +- dependency-check-core/pom.xml | 2 +- .../src/main/java/org/owasp/dependencycheck/Engine.java | 3 +-- .../owasp/dependencycheck/analyzer/ArchiveAnalyzer.java | 3 +-- .../org/owasp/dependencycheck/analyzer/NexusAnalyzer.java | 6 +----- .../dependencycheck/data/composer/ComposerLockParser.java | 8 +------- dependency-check-maven/pom.xml | 2 +- .../dependencycheck/maven/BaseDependencyCheckMojo.java | 3 +-- dependency-check-utils/pom.xml | 2 +- .../dependencycheck/utils/ExpectedOjectInputStream.java | 2 +- .../java/org/owasp/dependencycheck/utils/Settings.java | 3 +-- .../java/org/owasp/dependencycheck/utils/XmlUtils.java | 3 +-- src/site/markdown/general/internals.md | 3 +++ 14 files changed, 16 insertions(+), 28 deletions(-) diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml index 12b562c94..c3504b6e2 100644 --- a/dependency-check-ant/pom.xml +++ b/dependency-check-ant/pom.xml @@ -288,7 +288,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved. ${reporting.pmd-plugin.version} 1.6 - true + true utf-8 **/generated/*.java diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml index 90052b41b..e62681f64 100644 --- a/dependency-check-cli/pom.xml +++ b/dependency-check-cli/pom.xml @@ -196,7 +196,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved. ${reporting.pmd-plugin.version} 1.6 - true + true utf-8 **/generated/*.java diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml index 8aadf06da..dc7590c6c 100644 --- a/dependency-check-core/pom.xml +++ b/dependency-check-core/pom.xml @@ -244,7 +244,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. ${reporting.pmd-plugin.version} 1.6 - true + true utf-8 **/generated/*.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index 506341a0a..25d938d63 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -630,7 +630,7 @@ public class Engine implements FileFilter { * @throws InitializationException thrown when there is a problem * initializing the analyzer */ - protected Analyzer initializeAnalyzer(Analyzer analyzer) throws InitializationException { + protected void initializeAnalyzer(Analyzer analyzer) throws InitializationException { try { LOGGER.debug("Initializing {}", analyzer.getName()); analyzer.initialize(); @@ -653,7 +653,6 @@ public class Engine implements FileFilter { } throw new InitializationException("Unexpected Exception", ex); } - return analyzer; } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index 001d80a8d..b0534be56 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -347,8 +347,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { * @return any dependencies that weren't known to the engine before */ private static List findMoreDependencies(Engine engine, File file) { - final List added = engine.scan(file); - return added; + return engine.scan(file); } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java index 8dff9242d..a462d554a 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java @@ -87,10 +87,6 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { */ private static final String SUPPORTED_EXTENSIONS = "jar"; - /** - * Whether or not the Nexus analyzer should use a proxy if configured. - */ - private boolean useProxy; /** * The Nexus Search to be set up for this analyzer. */ @@ -148,7 +144,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { LOGGER.debug("Initializing Nexus Analyzer"); LOGGER.debug("Nexus Analyzer enabled: {}", isEnabled()); if (isEnabled()) { - useProxy = useProxy(); + boolean useProxy = useProxy(); final String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL); LOGGER.debug("Nexus Analyzer URL: {}", searchUrl); try { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java index 43971bd30..eb0843e2a 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java @@ -42,11 +42,6 @@ public class ComposerLockParser { */ private final JsonReader jsonReader; - /** - * The input stream we'll read - */ - private final InputStream inputStream; // NOPMD - it gets set in the constructor, read later - /** * The List of ComposerDependencies found */ @@ -58,13 +53,12 @@ public class ComposerLockParser { private static final Logger LOGGER = LoggerFactory.getLogger(ComposerLockParser.class); /** - * Createas a ComposerLockParser from a JsonReader and an InputStream. + * Creates a ComposerLockParser from a JsonReader and an InputStream. * * @param inputStream the InputStream to parse */ public ComposerLockParser(InputStream inputStream) { LOGGER.info("Creating a ComposerLockParser"); - this.inputStream = inputStream; this.jsonReader = Json.createReader(inputStream); this.composerDependencies = new ArrayList<>(); } diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml index ac7b5116e..498bdcb94 100644 --- a/dependency-check-maven/pom.xml +++ b/dependency-check-maven/pom.xml @@ -155,7 +155,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. ${reporting.pmd-plugin.version} 1.6 - true + true utf-8 **/generated/**/*.java diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index e97881e07..0860088fb 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -608,8 +608,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma final Object obj = current.getContextValue(getDataFileContextKey()); if (obj != null) { if (obj instanceof String) { - final File f = new File((String) obj); - return f; + return new File((String) obj); } } else if (getLog().isDebugEnabled()) { getLog().debug("Context value not found"); diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml index 385f76203..da6abef71 100644 --- a/dependency-check-utils/pom.xml +++ b/dependency-check-utils/pom.xml @@ -120,7 +120,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved. ${reporting.pmd-plugin.version} 1.6 - true + true utf-8 **/org/owasp/dependencycheck/org/apache/**/*.java diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java index 1fae30831..d5db918cc 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java @@ -36,7 +36,7 @@ public class ExpectedOjectInputStream extends ObjectInputStream { /** * The list of fully qualified class names that are able to be deserialized. */ - private List expected = new ArrayList<>(); + private final List expected = new ArrayList<>(); /** * Constructs a new ExpectedOjectInputStream that can be used to securely deserialize an object by restricting the classes diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index 5293b0708..82013b694 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -784,8 +784,7 @@ public final class Settings { * @return the property from the properties file */ public static String getString(String key, String defaultValue) { - final String str = System.getProperty(key, LOCAL_SETTINGS.get().props.getProperty(key, defaultValue)); - return str; + return System.getProperty(key, LOCAL_SETTINGS.get().props.getProperty(key, defaultValue)); } /** diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java index f7a975b34..9d81a2045 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java @@ -120,8 +120,7 @@ public final class XmlUtils { factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - final DocumentBuilder db = factory.newDocumentBuilder(); - return db; + return factory.newDocumentBuilder(); } /** diff --git a/src/site/markdown/general/internals.md b/src/site/markdown/general/internals.md index 35433a5e5..91cdde7a3 100644 --- a/src/site/markdown/general/internals.md +++ b/src/site/markdown/general/internals.md @@ -15,6 +15,9 @@ a list of vulnerable software: cpe:/a:vmware:springsource_spring_security:3.1.2 cpe:/a:vmware:springsource_spring_security:2.0.4 cpe:/a:vmware:springsource_spring_security:3.0.1 + + ... + ``` These CPE entries are read "cpe:/[Entry Type]:[Vendor]:[Product]:[Version]:[Revision]:...". The CPE data is collected