github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-17 23:04:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

code cleanup

Browse Source
This commit is contained in:
Jeremy Long
2017-03-10 16:40:22 -05:00
parent 046f4605f9
commit a61bba2f72
14 changed files with 16 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dependency-check-ant/pom.xml
View File

@@ -288,7 +288,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
<version>${reporting.pmd-plugin.version}</version> <version>${reporting.pmd-plugin.version}</version>
<configuration> <configuration>
<targetJdk>1.6</targetJdk> <targetJdk>1.6</targetJdk>
<linkXref>true</linkXref> <linkXRef>true</linkXRef>
<sourceEncoding>utf-8</sourceEncoding> <sourceEncoding>utf-8</sourceEncoding>
<excludes> <excludes>
<exclude>**/generated/*.java</exclude> <exclude>**/generated/*.java</exclude>

2
dependency-check-cli/pom.xml
View File

@@ -196,7 +196,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
<version>${reporting.pmd-plugin.version}</version> <version>${reporting.pmd-plugin.version}</version>
<configuration> <configuration>
<targetJdk>1.6</targetJdk> <targetJdk>1.6</targetJdk>
<linkXref>true</linkXref> <linkXRef>true</linkXRef>
<sourceEncoding>utf-8</sourceEncoding> <sourceEncoding>utf-8</sourceEncoding>
<excludes> <excludes>
<exclude>**/generated/*.java</exclude> <exclude>**/generated/*.java</exclude>

2
dependency-check-core/pom.xml
View File

@@ -244,7 +244,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
<version>${reporting.pmd-plugin.version}</version> <version>${reporting.pmd-plugin.version}</version>
<configuration> <configuration>
<targetJdk>1.6</targetJdk> <targetJdk>1.6</targetJdk>
<linkXref>true</linkXref> <linkXRef>true</linkXRef>
<sourceEncoding>utf-8</sourceEncoding> <sourceEncoding>utf-8</sourceEncoding>
<excludes> <excludes>
<exclude>**/generated/*.java</exclude> <exclude>**/generated/*.java</exclude>

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -630,7 +630,7 @@ public class Engine implements FileFilter {
* @throws InitializationException thrown when there is a problem * @throws InitializationException thrown when there is a problem
* initializing the analyzer * initializing the analyzer
*/ */
protected Analyzer initializeAnalyzer(Analyzer analyzer) throws InitializationException { protected void initializeAnalyzer(Analyzer analyzer) throws InitializationException {
try { try {
LOGGER.debug("Initializing {}", analyzer.getName()); LOGGER.debug("Initializing {}", analyzer.getName());
analyzer.initialize(); analyzer.initialize();
@@ -653,7 +653,6 @@ public class Engine implements FileFilter {
} }
throw new InitializationException("Unexpected Exception", ex); throw new InitializationException("Unexpected Exception", ex);
} }
return analyzer;
} }
/** /**

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -347,8 +347,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
* @return any dependencies that weren't known to the engine before * @return any dependencies that weren't known to the engine before
*/ */
private static List<Dependency> findMoreDependencies(Engine engine, File file) { private static List<Dependency> findMoreDependencies(Engine engine, File file) {
final List<Dependency> added = engine.scan(file); return engine.scan(file);
return added;
} }
/** /**

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
View File

@@ -87,10 +87,6 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
*/ */
private static final String SUPPORTED_EXTENSIONS = "jar"; private static final String SUPPORTED_EXTENSIONS = "jar";
/**
* Whether or not the Nexus analyzer should use a proxy if configured.
*/
private boolean useProxy;
/** /**
* The Nexus Search to be set up for this analyzer. * The Nexus Search to be set up for this analyzer.
*/ */
@@ -148,7 +144,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
LOGGER.debug("Initializing Nexus Analyzer"); LOGGER.debug("Initializing Nexus Analyzer");
LOGGER.debug("Nexus Analyzer enabled: {}", isEnabled()); LOGGER.debug("Nexus Analyzer enabled: {}", isEnabled());
if (isEnabled()) { if (isEnabled()) {
useProxy = useProxy(); boolean useProxy = useProxy();
final String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL); final String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL);
LOGGER.debug("Nexus Analyzer URL: {}", searchUrl); LOGGER.debug("Nexus Analyzer URL: {}", searchUrl);
try { try {

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java
View File

@@ -42,11 +42,6 @@ public class ComposerLockParser {
*/ */
private final JsonReader jsonReader; private final JsonReader jsonReader;
/**
* The input stream we'll read
*/
private final InputStream inputStream; // NOPMD - it gets set in the constructor, read later
/** /**
* The List of ComposerDependencies found * The List of ComposerDependencies found
*/ */
@@ -58,13 +53,12 @@ public class ComposerLockParser {
private static final Logger LOGGER = LoggerFactory.getLogger(ComposerLockParser.class); private static final Logger LOGGER = LoggerFactory.getLogger(ComposerLockParser.class);
/** /**
* Createas a ComposerLockParser from a JsonReader and an InputStream. * Creates a ComposerLockParser from a JsonReader and an InputStream.
* *
* @param inputStream the InputStream to parse * @param inputStream the InputStream to parse
*/ */
public ComposerLockParser(InputStream inputStream) { public ComposerLockParser(InputStream inputStream) {
LOGGER.info("Creating a ComposerLockParser"); LOGGER.info("Creating a ComposerLockParser");
this.inputStream = inputStream;
this.jsonReader = Json.createReader(inputStream); this.jsonReader = Json.createReader(inputStream);
this.composerDependencies = new ArrayList<>(); this.composerDependencies = new ArrayList<>();
} }

2
dependency-check-maven/pom.xml
View File

@@ -155,7 +155,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
<version>${reporting.pmd-plugin.version}</version> <version>${reporting.pmd-plugin.version}</version>
<configuration> <configuration>
<targetJdk>1.6</targetJdk> <targetJdk>1.6</targetJdk>
<linkXref>true</linkXref> <linkXRef>true</linkXRef>
<sourceEncoding>utf-8</sourceEncoding> <sourceEncoding>utf-8</sourceEncoding>
<excludes> <excludes>
<exclude>**/generated/**/*.java</exclude> <exclude>**/generated/**/*.java</exclude>

3
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -608,8 +608,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
final Object obj = current.getContextValue(getDataFileContextKey()); final Object obj = current.getContextValue(getDataFileContextKey());
if (obj != null) { if (obj != null) {
if (obj instanceof String) { if (obj instanceof String) {
final File f = new File((String) obj); return new File((String) obj);
return f;
} }
} else if (getLog().isDebugEnabled()) { } else if (getLog().isDebugEnabled()) {
getLog().debug("Context value not found"); getLog().debug("Context value not found");

2
dependency-check-utils/pom.xml
View File

@@ -120,7 +120,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
<version>${reporting.pmd-plugin.version}</version> <version>${reporting.pmd-plugin.version}</version>
<configuration> <configuration>
<targetJdk>1.6</targetJdk> <targetJdk>1.6</targetJdk>
<linkXref>true</linkXref> <linkXRef>true</linkXRef>
<sourceEncoding>utf-8</sourceEncoding> <sourceEncoding>utf-8</sourceEncoding>
<excludes> <excludes>
<exclude>**/org/owasp/dependencycheck/org/apache/**/*.java</exclude> <exclude>**/org/owasp/dependencycheck/org/apache/**/*.java</exclude>

2
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java
View File

@@ -36,7 +36,7 @@ public class ExpectedOjectInputStream extends ObjectInputStream {
/** /**
* The list of fully qualified class names that are able to be deserialized. * The list of fully qualified class names that are able to be deserialized.
*/ */
private List<String> expected = new ArrayList<>(); private final List<String> expected = new ArrayList<>();
/** /**
* Constructs a new ExpectedOjectInputStream that can be used to securely deserialize an object by restricting the classes * Constructs a new ExpectedOjectInputStream that can be used to securely deserialize an object by restricting the classes

3
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
View File

@@ -784,8 +784,7 @@ public final class Settings {
* @return the property from the properties file * @return the property from the properties file
*/ */
public static String getString(String key, String defaultValue) { public static String getString(String key, String defaultValue) {
final String str = System.getProperty(key, LOCAL_SETTINGS.get().props.getProperty(key, defaultValue)); return System.getProperty(key, LOCAL_SETTINGS.get().props.getProperty(key, defaultValue));
return str;
} }
/** /**

3
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java
View File

@@ -120,8 +120,7 @@ public final class XmlUtils {
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
final DocumentBuilder db = factory.newDocumentBuilder(); return factory.newDocumentBuilder();
return db;
} }
/** /**

3
src/site/markdown/general/internals.md
View File

@@ -15,6 +15,9 @@ a list of vulnerable software:
<vuln:product>cpe:/a:vmware:springsource_spring_security:3.1.2</vuln:product> <vuln:product>cpe:/a:vmware:springsource_spring_security:3.1.2</vuln:product>
<vuln:product>cpe:/a:vmware:springsource_spring_security:2.0.4</vuln:product> <vuln:product>cpe:/a:vmware:springsource_spring_security:2.0.4</vuln:product>
<vuln:product>cpe:/a:vmware:springsource_spring_security:3.0.1</vuln:product> <vuln:product>cpe:/a:vmware:springsource_spring_security:3.0.1</vuln:product>
</vuln:vulnerable-software-list>
...
</entry>
``` ```
These CPE entries are read "cpe:/[Entry Type]:[Vendor]:[Product]:[Version]:[Revision]:...". The CPE data is collected These CPE entries are read "cpe:/[Entry Type]:[Vendor]:[Product]:[Version]:[Revision]:...". The CPE data is collected